Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chair Roger Clarke, Xamax Consultancy, Australia Panellists Milena Head, McMaster Uni, Canada Khaled Hassanein, McMaster Uni, Canada Roger Bons, (Ing),

Published byJames Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Chair Roger Clarke, Xamax Consultancy, Australia Panellists Milena Head, McMaster Uni, Canada Khaled Hassanein, McMaster Uni, Canada Roger Bons, (Ing),"— Presentation transcript:

1 1 Chair Roger Clarke, Xamax Consultancy, Australia Panellists Milena Head, McMaster Uni, Canada Khaled Hassanein, McMaster Uni, Canada Roger Bons, (Ing), The Netherlands Do the eyes have it? Consumer Acceptance of Potentially Intrusive Identity Authentication Mechanisms

2 2 Acceptability of Biometrics in Financial Transactions AGENDA Underlying Concepts Consumer Financial Transactions (Id)entification Authentication Introduction to the Panellists Panellists’ Statements Discussion Intra-Panel Open

3 3 Consumer Financial Transactions

4 4 Account No. Card No. Customer No. Account Customer Identity and Identifier

5 5 Identification The process of associating data with a particular Identity Achieved by acquiring an Identifier for the Identity A recording medium for an Identifier Token

6 6 The Entity/ies underlying an Identity

7 7 Entity and Entifier

8 8 Authentication A process that establishes confidence in an Assertion Assertion: a proposition relating to... Assertion Types: a fact a quality of a Data-item a characteristic of an Entity, e.g. condition, value the Location of an Entity an Attribute of an Entity or an Identity appropriate use of a particular Identity performance of an act by a particular Entity Authenticator: evidence useful for authentication Credential: a physical or digital Authenticator

9 9 Identity Authentication – Traditional What you knowPassword, PIN What you haveCredential, 1-time Password

10 10 Identity Authentication – Traditional What you knowPassword, PIN What you haveCredential, 1-time Password Risk of Fraud, because: the Identifier is easily known the Authenticator is easily acquired

11 11 Identity Authentication – Traditional What you knowPassword, PIN What you haveCredential, 1-time Password Risk of Fraud, because: the Identifier is easily known the Authenticator is easily acquired Fraud Countermeasures: Change of Authenticator Two-factor Authentication (provided the factors are independent)

12 12 Identity Authentication – Traditional What you knowPassword, PIN What you haveCredential, 1-time Password Risk of Fraud, because: the Identifier is easily known the Authenticator is easily acquired Fraud Countermeasures: Change of Authenticator Two-factor Authentication (provided the factors are independent) Risks remain, and new Threats arise

13 13 (Id)Entity Authentication using Biometrics What you doPerformative Biometrics, e.g. - Signature dynamics - Password-input dynamics What you areStatic Biometrics, e.g. - Voice, Face, Iris - Thumb/Fingerprint(s)

14 14 (Id)Entity Authentication using Biometrics What you doPerformative Biometrics, e.g. - Signature dynamics - Password-input dynamics What you areStatic Biometrics, e.g. - Voice, Face, Iris - Thumb/Fingerprint(s) Potential security improvements Biometrics can be acquired ==> security isssues Biometrics relate to the entity ==> privacy issues

15 15 Panellist 1 Milena Head Associate Prof. of IS, DeGroote School of Business, McMaster Uni, Ontario & Associate Dean eBusiness and Human Computer Interaction (HCI) Trust, Privacy, Adoption, Identity Theft Research on consumer acceptability of biometrics in the context of financial transactions

16 16 Panellist 2 Khaled Hassanein Associate Prof. of IS, DeGroote School of Business, McMaster Uni, Ontario & Chair of IS Area eBusiness (Director of Research Centre MeRC), Mobile commerce, eHealth, online trust, online usability, human-centric DSS Previously a software engineer with NCR in the financial services sector Research on consumer acceptability of biometrics in the context of financial transactions

17 17 Panellist 3 Roger Bons Product Manager Cards/Cash, previously a strategic consultant, in a major financial institution But speaking as himself A Bled community member in earlier years from an academic perspective, while doing a PhD at Erasmus Financial services industry perspective on biometrics in consumer payments

18 18 Panellist 4 Roger Clarke eBusiness consultant, academic, advocate, incl. chip-cards generally chip-cards in financial services identity and entity, (id)entification, authentication, biometrics privacy, consumer protection Involved with consumer financial transactions sporadically over the last 20 years Sceptism about biometrics in consumer payments

19 19 Effectiveness of Biometric Authentication There are many sources of difficulty, e.g. Lack of control over equipment, capture environment, capture practices Inherently fuzzy measurement, and hence test for closeness of fit rather than equality These difficulties result in error-rates: Failure to EnrolFTE Failure to AcquireFTA False Match RateFMR False Non-Match RateFNMR

20 20 Error-Rates In Theory: Even the best (iris) has problems At FMR 1 in 1,000 FNMR 1-4% plus FTE 0.5-1%? FTA0.5-1%? Hence 2-6% exceptions, resulting in: Cost to organisations Inconvenience to people In Practice: Appears to be a lot worse

21 21 Imposters (and Avoiders) The statistics come from tests that assume no attempt to subvert the system Some ‘zero-effort imposters’ get through Biometrics are not a secret, can be acquired, and can be used to contrive an ‘artefact’ ‘Liveness testing’ to detect artefacts is difficult, expensive, and subject to counter-measures A ‘> zero-effort imposter’, who has knowledge and who invests effort, can get through The few imposters are the problem that we were trying to address in the first place

22 22 Security Issues Many organisations acquire a copy of the biometric (but the scheme can be designed to avoid it) Some organisations retain a copy of the biometric Many organisations retain a copy of the ‘template’ Some templates are not one-way hashes Reversible templates enable creation of an artefact and therefore support masquerade

23 23 Privacy Issues Biometrics are associated with the underlying entity Biometrics strike through identities Biometrics undermine identity silos, and encourage consolidation of personal data into one pool Identity silos are the primary privacy protection, which data protection laws have sought to sustain Templates have potential use as a common entifier (Almost all iris schemes use the same algorithm, and hence produce the same template. For all biometrics, industry concentration is likely in any case)

Download ppt "1 Chair Roger Clarke, Xamax Consultancy, Australia Panellists Milena Head, McMaster Uni, Canada Khaled Hassanein, McMaster Uni, Canada Roger Bons, (Ing),"

Similar presentations

Copyright 1987-2009 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and at the ANU and the Uni. of.

Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and at the ANU and the Uni. of.
© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.

© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: 020 8275 0102 Mobile: 07771 765789.

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: Mobile:
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Copyright, 1995-2007 1 Can Mobile Payments be 'Secure Enough'? Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in eCommerce at Uni of Hong.

Copyright, Can Mobile Payments be 'Secure Enough'? Roger Clarke, Xamax Consultancy, Canberra Visiting Professor in eCommerce at Uni of Hong.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
1 Suzanne Lockhart M.A. Criminology thesis University of Melbourne, 2005 Current: PhD candidate University of S.A Identity Fraud – Displacement effects.

1 Suzanne Lockhart M.A. Criminology thesis University of Melbourne, 2005 Current: PhD candidate University of S.A Identity Fraud – Displacement effects.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.

Introduction to Biometrics Dr. Pushkin Kachroo. New Field Face recognition from computer vision Speaker recognition from signal processing Finger prints.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
Biometrics and Authentication Shivani Kirubanandan.

Biometrics and Authentication Shivani Kirubanandan.
Biometrics: Identity Verification in a Networked World

Biometrics: Identity Verification in a Networked World
Biometrics: Voice Recognition

Biometrics: Voice Recognition
Security-Authentication

Security-Authentication
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.
1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.

1J. M. Kizza - Ethical And Social Issues Module 16: Biometrics Introduction and Definitions Introduction and Definitions The Biometrics Authentication.
Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.

Module 14: Biometrics Introduction and Definitions The Biometrics Authentication Process Biometric System Components The Future of Biometrics J. M. Kizza.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google