Thursday, 10 April 2008

Biometrics Redefined

A critical milestone for the widespread adoption of any new technology is the establishment of standards! The ISO has released a standard for financial services for biometric applications - ISO 19092:2008

This would, I hope assist financial institutions in adopting and developing applications on a common platform for biometric end uses.

Biometrics enables accurate authentication and the end benefits include reduced risk and fraud alongwith customer convenience

Biometrics is also finding new use applications in a wide array of industries including loyalty systems......

An extract from the ISO website

"ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application. ISO 19092:2008 also describes the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner.

The following are within the scope of ISO 19092:2008:

  • usage of biometrics for the authentication of employees and persons seeking financial services by:
    • verification of a claimed identity;
    • identification of an individual;
  • validation of credentials presented at enrolment to support authentication as required by risk management;
  • management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes;
  • security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality;
  • application of biometrics for logical and physical access control;
  • surveillance to protect the financial institution and its customers;
  • security of the physical hardware used throughout the biometric information life cycle.

ISO 19092:2008 provides the mandatory means whereby biometric information may be encrypted for data confidentiality or other reasons."

1 comment:

naresh said...

I guess Andhra Bank are the first in India to use the biometric system in their mobile ATM centers.