IT Management - eWeek



IT Management and Project Management News

How Wall Street Can Mitigate Financial Fraud Using Biometric Authentication


By: Paul Foote and Reena Hora
2008-10-06
Article Rating:starstarstarstarstar / 14


There are  user comments on this IT Management story.



  Table of Contents:
  1. How Wall Street Can Mitigate Financial Fraud Using Biometric Authentication
  2. Passwords Fail
  3. Technologies Used by Societe Generale Bank
  4. IT Security Must Be Strengthened

Risk control procedures are not enough to mitigate fraud on Wall Street. The current financial meltdown provides evidence that many banks and financial institutions have failed to change systems and people in order to mitigate fraud and to comply with regulations and standards. Biometric authentication is a reliable solution for preventing security breaches. Knowledge Center contributors Paul Foote and Reena Hora explain why the financial industry needs to supplement its internal controls compliance with biometric authentication.

Print Version Sponsored By
How Wall Street Can Mitigate Financial Fraud Using Biometric Authentication - IT Security Must Be Strengthened
( Page 4 of 4 )

To prevent a recurrence of a fraud like this, financial institutions can improve security by adding biometric systems to their ERP systems, or by replacing their legacy systems with SAP and bioLock. Most biometric systems are used for access control. Realtime North America’s bioLock is the only biometric system which goes beyond access control and is even able to  control a field, function or value within the ERP system--such as the amount of an outgoing wire transfer.

The technology offers control for changes to transactions within SAP R/3 and will prevent unauthorized changes. The special committee for investigating Societe Generale’s fraud recommended that, to prevent traders from using one another’s accounts, the bank should use a stronger biometric authentication system. A system like bioLock could have prevented Societe Generale’s Kerviel problem for the following five reasons:

1. When Jerome Kerviel was promoted from middle office to front office, bioLock could have been used to change his role and deny him access to the backend systems in SAP R/3.

2. An SAP system requiring biometric identification using bioLock would not have allowed Kerviel to use others’ log-in credentials to post his fraudulent trades in their name.

3. bioLock would have also restricted access to Kerviel from deleting records of his trade transactions from the system before reconciliation.

4. There would have been high accountability, as the system would have shown that Kerviel tried to use others’ passwords to enter his trades in their name.

5. As a result, a technology such as bioLock would deter fraudster’s from trying to commit fraud since they would be uniquely identified.

Thus, a biometric system such as bioLock can protect SAP R/3 by restricting access and controlling who can make changes to transactions within SAP R/3. If SAP interacts with a trading system, and only SAP users can link to the trade system from SAP, then bioLock can be used to control that only authorized users log on to the user profile that connects to the trading system. The connection to the trade system would be established and ask for biometric authentication again. The bioLock log file will give a log of who connected to the trading system, and also prevent unauthorized users from connecting.

Conclusion

In today’s world, banks are required to comply with regulations and standards to protect the banks and financial institutions from fraud. To mitigate fraud, these banks and financial institutions need to supplement their internal controls compliance with biometric authentication. Biometrics will prevent data breaches of security. Fraudsters will not limit their fraudulent activities trying to perpetrate frauds using only an ERP system. Users of ERP systems must also secure e-mail systems and any trading systems interfacing with an ERP system. This would tighten security and improve accountability.

 Paul Foote, Ph.D., is a Professor of Accounting at California State University, Fullerton. His courses and publications cover accounting information systems, auditing, forecasting, accounting standards, and the use of SAP R/3 and of bioLock. Paul can be reached at pfoote@exchange.fullerton.edu.

 Reena Hora is a graduate of California State University, Fullerton’s Master of Science in Information Technology (MSIT) program, and works as an IT professional for a software company. Reena can be reached at reenahora@csu.fullerton.edu.


References:

  1. http://www.ifrs.com/
  2. http://www.sap.com/solutions/business-suite/erp/financials/ifrs.epx
  3. http://www.bis.org/bcbs/history.htm
  4. https://www.pcisecuritystandards.org/
  5. http://www.sdcexec.com/online/article.jsp?id=8371
  6. http://www.iso.org/iso/pressrelease.htm?refid=Ref1111
  7. http://www.finextra.co.uk/fullstory.asp?id=18068
  8. http://www.unisys.com/about__unisys/news_a_events/04268651.htm
  9. http://www.wallstreetandtech.com/blog/archives/2008/01/why_did_the_soc.html?cid=nl_wallstreettech_week 
  10. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063680
  11. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063680
  12. http://www.ciozone.com/index.php/Case-Studies/What-SocGen-Says-About-Its-Risk-Management/How-Kerviel-Created-False-E-Mails.html
  13. http://infoproc.blogspot.com/2008/02/soldier-monks-of-societe-generale.html
  14. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/02-22-2008/0004760593&EDATE
  15. http://it.toolbox.com/blogs/sap-landscape/sap-for-banks-25565







 
 
>>> More IT Management Articles          >>> More By Paul Foote and Reena Hora
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 7
 
Close this advertisement