© 2007 realtime North America, Inc. 1 These are additional slides that can be added to the main Presentation on an individual basis: NOTE !!!! May 24, 2015

© 2007 realtime North America, Inc. 2May 24, 2015 to Protect Critical Data for SAP Customers with Biometrics to Prevent Fraud The bioLock Mission Statement bioLock’s mission is… In short: Data Loss Prevention for SAP – or bioLock protection goes far beyond the ability of single sign-on or access control!

© 2007 realtime North America, Inc. Actual Financial Losses in 2008 The so called “occupational fraud” (also known as internal theft) and abuse imposes enormous costs on organizations. The median loss caused by the occupational frauds in this 2008 ACFE study was $175,000. More than one-quarter of the cases caused at least $1 million in damages. U.S. organizations lose 7% of their annual revenues to fraud (up from 5% in 06). This is over $994 billion dollars a year! Read the full study at: (Source: 2008 Study - Association of Certified Fraud Examiners – Average single loss was $175,000 25% caused at least $1 million in losses US companies lose 7% of revenue to fraud This is over $994 billion in losses! Schemes continue for years before detected Mostly committed by upper management or accounting Many are first time offenders – especially due to economy 3May 24, 2015

© 2007 realtime North America, Inc. 4 Good guys versus bad guys “Things” are not always the way the look… This guy might cause $7,000 (Seven Thousand) In damages This guy caused over $7,000,000,000 (Seven Billon Dollars) In damages May 24, 2015

© 2007 realtime North America, Inc. 5 Largest fraud case in history – so far! French Trader Jerome Kerviel stole computer passwords that allowed him to enter his phony deals into various trading systems and to bypass security measures He misappropriated IT access controls belonging to operators Kerviel overstepped his authority and bet 50 billion Euros ($73 billion) - more than the bank's market value This practice costs his employer, France's Societe Generale, $7.2 billion in losses Judges have filed charges against Jerome for forgery, breach of trust and unauthorized computer activity Investigators questioned Societe Generale's chief executive who is ultimately responsible for his employees actions There are many rumors about the banks future / the industry is speculating, that it could be bought out or broken up Poor IT Security is blamed for the losses and a special committee has recommended to immediately introduce stronger security systems, including biometric authentication, to prevent a recurrence. Source SAP Info: Source SAP Info: May 24, 2015

© 2007 realtime North America, Inc. 6 Lawyers call it SODDI Biometrics is the only true protection since the user will be UNIQUELY identified!!! Smart Cards and Tokens can still be lost, stolen or passed on – and the user can not be identified or held responsible… Password are historically accepted to attempt protecting computer systems… They offer limited protection and no identity management at all !!! Lawyers love these 2 ways and call it: SODDI SOME OTHER DUDE DID IT – not my client of course…* *Like in the multi million dollar case of UBS Paine Webber May 24, 2015

© 2007 realtime North America, Inc. 7 bioLock – the SAP border control Let’s compare the SAP User Profile to a car crossing the border… Allowing “entry” based on a password is like looking at the license plate and assuming that only Joe could be in that car since it is registered to Joe! bioLock will be the border patrol for your SAP System and any function When crossing the border, the border patrol will compare the passport picture with the drivers face to uniquely identify the actual driver with biometrics (manual face recognition) before allowing access May 24, 2015

© 2007 realtime North America, Inc. Why invest in biometrics? Prevent expensive lawsuits, image loss and bad press Protect your company from monetary damages and espionage Comply with mandatory regulations such as: Biometric technology will prevent most attacks, log uniquely identified users and their activities, and ‘scare off’ potential attackers !!!  HIPAA  The California Act  Data Protection Act  FDA (Part 11-Electronic Records)  Sarbanes-Oxley Act – Section 404 8May 24, 2015

© 2007 realtime North America, Inc. The California State University uncovers… Even if your company is compliant, it is still exposed to fraud DuPont was 100% compliant and all auditors signed off They had a $400 Million internal fraud case Companies blame and “sue” external auditors Insurances reject policies and payments More than the minimum requirements by mandatory regulations have to be done to protect assets and investors Without biometrics there is no true compliance!!! As a result biometrics is now taught in classes Download the complete research paper at: This study was published around the world from different sources: A Research Study by Harvard Educated Professor and Accounting Expert, Paul Foote, uncovers: 9May 24, 2015

© 2007 realtime North America, Inc. 10 Where else is biometrics in use?  US Visit program – Tourist have to enroll a picture of their face as well as two fingerprints at immigration  Fun Parks (Disney, Busch Garden, MGM, Adventure Island etc.) for multiple day visitors  Pay by Touch to pay with your finger in grocery stores, gas stations, beer gardens or in the school cafeteria  Door locks, garage door openers, mice, weapon safes, smart drives (as seen in the “sky mall magazine”)  Membership Clubs, Dealerships, Government Buildings  Watches, Suitcases, Purses, Cars, Guns, Keys, Remote Controls, Phones, Vending Machines and more: May 24, 2015

© 2007 realtime North America, Inc. 11 Why biometrics for your SAP System  Biometric security for system, transaction and field level data  Biometric security for user logon with convenient single sign on to multiple systems  Enhanced user/transaction audit trail  Easy 4-eyes principle and supervisor approval functionality  Secure and convenient “Fast User Switching “  Proof, who did what and when in the SAP System with a biometric log file May 24, 2015

© 2007 realtime North America, Inc. 12 Verification versus Identification Old Verification: SAP User/ Password Smart card or Logon / Biometrics Advanced Identification: Searches Database of 100’s or 1000’s of biometric templates Uniquely identifies Thomas and launches Thomas System Might identify and reject Thomas based on authorization Thomas Tasks or Attempts will be logged in an auditing log file May 24, 2015

© 2007 realtime North America, Inc. Customers Demand Biometric Devices 23% of all corporate laptops shipped in 2007 had a build in fingerprint sensor! Laptops with finger print sensors Top two request from corporations for laptop manufacturers in 2007 were factory hard drive encryption and a biometric fingerprint reader Over 100 different laptop models have build in fingerprint sensors (compatible with bioLock) Fingerprint leads biometric technologies among security-conscious as it is the most accepted technology and the cheapest for mass roll-out. Many USB devices like mice, keyboards or other are being sold for $80-$250 13May 24, 2015

© 2007 realtime North America, Inc. 14 Many Devices can protect 5 Security Levels Level I SECURITY Level II Level III Protect The King *Quote Keynote Speech RSA 2007 with Bill Gates - Not The Castle!* Level IV Dual Signature Level IV Exceeding Values May 24, 2015

© 2007 realtime North America, Inc. 15 Pain Point – Fast User Switching Challenge: 5 employees use 3 different computers and don’t have the time to log in and out when switching places SAP User Profile bioLock User Teller PC1Thomas Teller PC1Amanda Teller PC1April Teller PC1James Teller PC1Peter Teller PC2Thomas Teller PC2Amanda Teller PC2April Teller PC2James Teller PC2Peter Teller PC3Thomas Teller PC3Amanda Teller PC3April Teller PC3James Teller PC3Peter The Solution: Critical functions on all 3 computers are protected with bioLock The biometric templates of all 5 users are assigned to all 3 computers so the 5 authorized users can switch between computers and execute protected functions Unauthorized colleagues or customer can not execute the functions even if the computer is logged on since the template is not assigned Example: Bank, Hospital, Warehouse, Customer Service, Call Center etc. May 24, 2015

© 2007 realtime North America, Inc. 16 Pain Point – unlocked computer Customer goes over personal data with adviser on advisors computer The customer or any unauthorized user could take over the computer for unauthorized task, wire transfers or to change data The solution could be to protect critical functions with bioLock to prevent that anybody, except the computer owner, can execute those functions Advisor prints documents and leaves the office to make copies in the back room May 24, 2015

© 2007 realtime North America, Inc. The Challenge: Groups of people had access to many parts of the finance system The client needed to uniquely identify the “actual user” and log activities Management requested that 2 individuals would authorize certain tasks The oldest central bank in the world had multiple critical tasks in their financial application including opening balance sheets, approving budgets and issuing wire transfers The Solution: bioLock with the dual confirmation group was installed 2 people have to authorize tasks Both will be uniquely identified… …and logged in the log file Case Study: Banking / Finance System 17May 24, 2015

© 2007 realtime North America, Inc. The Challenge: A secretary used the principals user profile to approve herself overtime It could not be uniquely identified who logged on and who approved overtime The school had significant financial damages but had a hard time to prove it In addition - Password are written down and posted near computers at alarming rate The Solution: Protect logon to principals user id with bioLock Uniquely identify if principal or secretary is logging onto the system Only allow the principals biometric template to approve overtime and prevent that secretary can execute that function Case Study: School District At the Polk County School District, a secretary legally had access to her superiors SAP User Profile to do his work but abused her privilege and approved herself overtime 18May 24, 2015

© 2007 realtime North America, Inc. The Challenge: Logging into the SAP System Approving certain workflows within the system – Electronic Signature! Authorizing purchase orders over certain amounts The Solution: 1000 active users were equipped with bioLock The workflow and PO’s were protected A log file can proof, who did ‘what’ and ‘when ’ EnBW - One of Europe’s largest Energy companies had the requirement to uniquely identify users for certain workflows Case Study: Energy Company 19May 24, 2015

© 2007 realtime North America, Inc. The Challenge: Brevard County Government, home to NASA and the Kennedy Space Center is running SAP including HR Multiple employees had access to extremely critical HR data Misuse of the data by employees and others was easily possible Brevard needed to protect and uniquely identify the actual SAP USER The Solution: Rick Meshberger (left) installed biometrics Access and changes are limited to uniquely identified users A log file can proof, who did ‘what’ and ‘when’ Case Study: Government HR / HIPAA 20May 24, 2015

© 2007 realtime North America, Inc. The Challenge: Purdue Pharma L.P., a pharmaceutical company focused on meeting the needs of healthcare providers and the patients in their care Financial workflow approval within SAP guaranteeing only executives can approve bioLock was required to work within a web based system (browser based) An send to s supervisor had to trigger biometric approval in a web browser The Solution: Purdue is using bioLock for workflow payment approval An automated workflow sends an with a link to approver Approver clicks the link and bioLock pops up a window bioLock asks the user to authenticate themselves bioLock approves the transaction in the web browser Once done, the payment is immediately approved within SAP. Case Study: Pharmaceutical Company 21May 24, 2015

© 2007 realtime North America, Inc Prevent Jail Time for your Corporate Executives 2. Stop Identity Theft, Financial Damages and Espionage 3. Avoid Expensive Lawsuits, Bad Press and Perception Damage 4. Enhance and Complete your Sarbanes-Oxley Compliance Efforts 5. Comply with Other Mandatory Regulations such as Data Protection Act 6. Protect your IT System, Recover Monies and Send a Clear Message to Employees 7. KEEP YOUR COMPANIES HONEST PEOPLE HONEST! 7 Reasons why to get bioLock Please see our “Value Proposition Document” at for detailswww.bioLock.us May 24, 2015

© 2007 realtime North America, Inc. 7 Key Points to share with the team SAP Security and ALL compliance efforts (SoD’s) are solely based on password protected USER Profiles Passwords are not secure and offer very limited protection and no accountability at all Damages include severe financial losses, espionage, bad press, image loss, lawsuits, compliance violations, etc. Experts agree - Biometrics is the only solution approach to increase security, convenience and establish clear accountability A study confirms how a company can be compliant, but not secure bioLock is the only certified biometric technology available for SAP Fasten your "System’s Seatbelt" NOW – DON’T wait until your organization gets “HIT” with fraud first May 24, 2015