The Financial Services Sector Opportunity

Slides:

Advertisements

Similar presentations

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Advertisements

Chapter 6 E-commerce Payment Systems. Traditional Payment Systems Cash Checking Transfers Credit Card Accounts Stored Value Accounts Accumulating Balance.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

European Electronic Identity Practices Country Update of …………… Speaker: Date:

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

1.7.2.G1 Electronic/Online Banking & Bill Pay Take Charge of Your Finances.

Security Controls – What Works

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

European Electronic Identity Practices Country Update of Austria Peter F Brown Office of the CIO, Austrian Federal Chancellery Chair, CEN eGov Focus Group.

Mobile Identity and Mobile Authentication (mobile e-signature) Valdis Janovs Sales Director Lattelecom Technology SIA.

Electronic Payment Systems

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Account Authority Digital Signature AADS Lynn Wheeler First Data Corporation

Electronic Payment Systems. How do we make an electronic payment? Credit and debit cards Smart cards Electronic cash (digital cash) Electronic wallets.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 29 July 2004.

» Jun 9, 2003 Speaker Verification Secure AND Efficient, Deployments in Finance and Banking Jonathan Moav Director of Marketing

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

2/16/001 E-commerce Systems Electronic Payment Systems.

Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Biometrics Applications - III October 26, 2005.

Banking and E-Commerce Group ‘A’ April 23 rd 2003.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

Electronic Banking & Security Electronic Banking & Security.

Biometric ATM Created by:. Introduction Biometrics refers to the automatic identification of a person based on his physiological/behavioral characteristics.

Commercial Card Expense Reporting (CCER) The Trustees of Roanoke College An internet solution Accessed via Wells Fargo’s secure Commercial Electronic Office.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Biometrics in the Banking Industry

TAG Presentation 18th May 2004 Paul Butler

ELECTRONIC PAYMENT SYSTEM

Mastercard Identity Check Mobile

Identity and Access Management

Smart Money Concept.

ESign Aashutosh.

Take Charge of Your Finances

Take Charge of Your Finances

Electronic/Online Banking & Bill Pay

TAG Presentation 18th May 2004 Paul Butler

Authentication.

Radius, LDAP, Radius used in Authenticating Users

Discover the Boom in Electronic Banking!

Biometric Security Fujitsu Palm Vein Technology

Biometrics Reg: AMP/HNDIT/F/F/E/2013/067.

State of e-Authentication in Higher Education Bernie Gleason

JP Morgan spends $500 million per year on cyber security

Depository Institution Essentials

Anna Cottone, Scott Covington, Emma Pham, Tailai Zhang

Depository Institution Essentials

Welcome To Money pad November 23, 2018 Sample footer.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Secure Electronic Transaction (SET) University of Windsor

E-Commerce for Developing Countries (EC-DC)

HIMSS National Conference New Orleans Convention Center

Take Charge of Your Finances

Depository Institution Essentials

WorldWidePIN Corporation

e-Security Solutions Penki Kontinentai Vladas Lapinskas

E-identities (and e-signatures)

Take Charge of Your Finances

Smart Business for eGeneration Companies

Take Charge of Your Finances

Presentation transcript:

The Financial Services Sector Opportunity François Lasnier VP Banking & Retail, NAM Schlumberger Smart Cards & Terminals 11/11/2018

Agenda Technical Overview – Three Models The Smart Card Advantage Type of Biometrics in the Financial Space Benefits Applications Users – Pilots Main Barriers to Adoption Some Stats Legislations & Regulations Industry Outlook – Trends & Opportunities 11/11/2018

Technical Overview (#1) Link to an individual / access rights One-to-one Database model ISSUES: Security Future liability (no legisl. yet) Privacy / Social acceptance Passive (no proof of transact.) Enrollment Potential for customer fear Database Service Provider Bio-authentication (user authentication) By Service Provider online 11/11/2018

Technical Overview (#2) Cert. Validation thru Chain of Trust Online & offline Many-to-many (distributed) Active (e.g., e-sign) Wider acceptance (multi-channel) Better privacy control PKI Authorization Server Service Provider User authentication 010011 001101 101101 Cert. embeds ID data Smart Card 010011 001101 101101 Public/Private Keys Digital Certificate Transfer of identity attributes Digital Certificate  Biometrics Biometrics to unlock the Smart Card 11/11/2018

Technical Overview (#3) Best privacy control Smart Card verifies Identity Service Provider authenticates Smart Card Identity only used to unlock SC Authorization Server Service Provider SC authentication SC linked to an account No Identity data beyond this point Card ID Card ID Public/Private Keys Card ID No transfer of identity attributes Identity linked to SC at issuance but never released Biometrics to unlock the Smart Card 11/11/2018

The smart card advantage Smart cards are secure identification portable devices Tamper resistant hardware Certified software access control Secure private key storage Cryptographic algorithms Digital ID storage Personal data Graphical personalization Universally accepted format Your virtual identity stays with you You can use your virtual identity where you are You provide your credentials only when you want, protecting your privacy

Type of Biometrics Fingerprint Most relevant to payment (esp. physical) Convenient, less obtrusive/invasive, stable, reliable Voice verification Relevant to login or phone identification (mono channel) Has to prove as reliable as fingerprint Iris or Facial recognition ATM transactions 11/11/2018

Benefits Biometrics only: Positive identification/identity verification Reduced risk of ID theft for consumers You always have your ID with you ! Biometrics + Smart Card: No centralized database (better privacy) – Consumer in control Active technology (encryption, signature, etc.) Decoupling of Identity and authentication attributes Card form factor allows for branding Multi-channel acceptance 11/11/2018

Applications Login (account access, SSO, ATMs, etc.) Secure online payment (authentication, confidentiality, non-repudiation) Self-service account administration (e.g., unlock PIN) Intranet/corporate security – Data protection & access control Account aggregation – Account referencing Check cashing or check payment (incl. ACH transactions) Branch automation / Teller window authentication Background checks 11/11/2018

Users - Pilots U.S. Grocery Stores for payment: Falley’s Food 4 Less in Kansas and Missouri, Thriftway Grocery in West Seattle, Kroger in Texas, etc. Check cashing and check payment at merchant locations in 31 states – Fast & Easy Stores, CA Bank Leumi Contact Center, Israel: Voice verification solution International Finance Corporation / World Bank – Feasibility analysis Wells Fargo / Innoventry: Facial recognition technology instead of PINs at ATMs Bank of America: Fingerprint access to online banking (w/ smart card) – Pilot in 1999 11/11/2018

Main Barriers to Adoption Fear of consumer backlash (social acceptance, inconvenience) Fear of low consumer adoption rate / low transactions CSR to support technology deployment Training & education Implementation costs (incl. integration w/ legacy) Standards Pain (fraud & legislation) is still bearable – Liability is still manageable For how long ? 11/11/2018

Some Stats U.S. consumers say the financial industry needs to do a better job of verifying the identity of customers who open bank account (66%) and credit card accounts (72%) 5.6% of consumers victim of ID theft (12m people) – 15.9% of consumers victim of credit/debit card fraud or ID theft Credit card fraud = $2.5B in 2003 – Total ID theft = $8B In 2003, 42% of large F.I.’s will spend between $500k and $2.5m on IT for risk management (= 9.2% of total IT spending) Biometric revenues in the Financial sector is projected to reach $672m by 2007 Source: Star Systems – Apr 2003 (survey of 2,000 people) Source: GartnerGroup Source: International Biometric Group 11/11/2018

Legislations & Regulations USA Patriot Act – Customer Identification Program (CIP) – Deadline = Oct 1st, 2003 – Risk based identification of all new customers SEC Rule 17a-4 – May 2003 - Logging and retention of electronic communications by financial services firms The Sarbanes-Oxley Act of 2002 – Deadline = June 2004 - Accuracy and integrity of corporate financial management California Senate bill 1386 (Civil Code 1798.82) – Operative July 1st, 2003 - Notifying California residents of security breaches to their non-encrypted information Basel II – Deadline 2006 – Capital charge associated with operational risk Gramm-Leach-Bliley Act (1999) - How banks can share a customer’s personal information with other companies Privacy Act of 2003 (Bill S. 228 & S. 745) introduced on March 31st, 2003 – Federal std regulating the use of sensitive information and establishing a comprehensive national system for privacy protection 11/11/2018

Industry Outlook – Trends & Opportunities State and Federal rules and regulations are putting pressure on Financial Institutions to improve customer identification, increase consumer data protection, restrict traditional ID models (e.g., SSN)  Increased liability exposure  Incentive to act & implement new security frameworks based on Identity Management Fight against Cyber-Terrorism – Need to strengthen the security of networks and applications Increased level of e-Transactions will call for better ways of authentication people online (2 and 3-factor auth) Username & Passwords are outdated, Pass-phrases are a short-term fix, remote access points are untrusted New security models require new policies + disruptive technologies, and will emerge as pain becomes less bearable 11/11/2018

Thank You François Lasnier VP Banking & Retail, NAM Schlumberger Smart Cards & Terminals Austin, TX Tel: 512-257-3890 Email: flasnier1@slb.com 11/11/2018