Risk control procedures are not enough to mitigate fraud on Wall Street. The current financial meltdown provides evidence that many banks and financial institutions have failed to change systems and people in order to mitigate fraud and to comply with regulations and standards. Biometric authentication is a reliable solution for preventing security breaches. Knowledge Center contributors Paul Foote and Reena Hora explain why the financial industry needs to supplement its internal controls compliance with biometric authentication.
Daily, trillions of dollars are transferred worldwide in funds and securities through financial systems. The magnitude of this exposes the financial institutions and their customers to a very high risk of deliberate and accidental fraud. Many government and industry regulations and standards such as the IFRS (International Financial Reporting Standards), Basel II, Basel III, PCI and Sarbanes-Oxley require compliance by these financial institutions to take steps to mitigate risks and protect them from fraud. These strict regulations were unable to prevent the big slide in the stock markets in September. Future solutions to the financial meltdown must include raising security standards in the financial industry, such as the use of biometric systems.
A brief look at regulations and standards
International Financial Reporting Standards (IFRS): These standards
are becoming global standards for preparing companies' financial documents. They are developed by the IASB (International Accounting Standards Board) and are adopted by more than 12,000 companies in more than 100 countries globally. (Reference 1)
ERP systems such as SAP ERP financials
provide compliance solutions for IFRS. (Reference 2)
Basel II & III:
These are issued by the Basel Committee on Banking Supervision
, which is composed of representatives and senior authorities from the central banks of the G-10 countries. These accords are recommendations on banking laws and regulations. (Reference 3)
This is a security standard
developed to facilitate adoption of data security measures on a global basis and mitigate payment security risks. It includes requirements for security management, software design, network architecture, policies, procedures and other critical protective measures. (Reference 4)
Sarbanes-Oxley Act (SOX):
The Sarbanes-Oxley Act became law in 2002 in response to major corporate and accounting scandals. Congress created SOX to increase transparency in financial accounting and to mitigate fraud. Originally, its focus was on issues surrounding accounting and finance. In 2005, its focus expanded to include human resources, supply chain management and information technology. (Reference 5)
Banks and financial institutions may have risk control procedures in place that comply with the above regulations, but they are still exposed to fraud. This vulnerability is due to dependence on passwords for security and negligence in carrying out the security procedures diligently. According to an April 2008 survey of 185 IT professionals ("IT Departments on Data Security: A Research Concepts Survey"), one out of four organizations surveyed had a data breach in the past year. Most of these companies viewed security as a high priority. Even so, according to this survey, only one in every 100 employees consistently follows security policy.
New ISO security standard published
To increase security, biometrics is now being increasingly recognized as a method for authentication and a reliable identification method. The ISO (International Organization for Standardization) has published a new standard: the ISO 19092:2008 (Financial services - Biometrics -- Security framework).
"This standard establishes the security requirements for the implementation and management of state-of-the-art biometric identification technology within the financial industry." This standard will make transactions more secure in the electronic era for the financial sector. (References 6 and 7)
According to a Unisys survey, 66 percent of worldwide consumers preferred that banks, credit card companies, health-care companies and government organizations use biometric identification over passwords, smart cards and security tokens. Most consumers surveyed found biometric solutions extremely convenient and secure, as they would not have to remember passwords and also not have to deal with password misuse. (Reference 8)