Case Studies

In the Era of Cloud Computing, Three Important Maxims for Brands to Follow.

In the era of cloud computing, any incident pertaining to privacy or security — even a minor one — is the fastest way to erode brand equity and consumer trust. Botching the communications around these events or, worse, not being proactive ahead of time to think the unthinkable, could clinch that your brand may never be able to stage a comeback.

Sound ominous? It is. Yet few companies outside the tech world have strategies to think through how potential privacy and security issues could impact their brand equity as more data migrates to the cloud.

Technology Matters: Security on the Cloud

In terms of security, all your data is held in triplicate within the data centre so if one of the servers holding your data crashes, there are still another two versions of it available and a third copy will be reproduced instantly. The entire data centre is then backed-up to a disaster recovery centre meaning that if the primary centre is compromised (either by power failure or online attack) it is immediately shut down, but you will be switched over seamlessly to the back-up centre meaning no loss of service or revenue.

Committee Aims to Boost E-Commerce Biometrics

Biometric authentication could play a role in e-commerce arenas that require higher security, such as prescription medication, GartnerG2′s Behrens said.

E-business standards consortium OASIS on Thursday announced it has formed a committee to specify a standard way to use XML (extensible markup language) in biometrics for e-commerce and other applications.

Biometrics Meets E-Commerce
Personal traits such as vocal or typing patterns could soon serve as powerful fraud-prevention tools for online shoppers.

In an e-commerce arena with such flimsy defenses, fraud is inevitable. It raises costs for the industry and scares away consumers. Falls, whose five-year-old company booked revenues last year of $1.6 million, says his outfit and the industry would be far bigger if they could just verify who their customers are.

OUTSIDE THE BOX. This hope has led him to biometrics — the machines and programs that identify people from their fingerprints, voices, facial contours, even the gait of their walk. Since the terrorist attacks in 2001, the government has rushed to biometric technology, putting various scanners in airports, defense installations, and border crossings.

Financial and Transactional Biometrics – The ID Theft Solution You Can Bank On!

Biometrics technology can be integrated with banks, ATM machines, into USB keys that can be hooked into computers, at retail locations to be used with credit cards and ATM cards, and anywhere you may make a financial transaction. It will act on its own or in conjunction with your PIN to securely identify you as the owner of the card and the person who has access to the money being exchanged.

Identity theft is a huge and growing problem in this world of electronic money. So many of our financial transactions now have no physical cash involved. It’s all done via computers. This is convenient, but opens up a whole new world to anyone who has the skills and will to steal.

Financial Institutions Evaluate Biometrics

In a bid to boost security in the financial services industry, ISO, the world’s largest developer of international standards, recently issued a new biometrics standard for financial firms. Citing the trillions of dollars in daily transactions that “expose the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data,” ISO pointed to “a strong need for an ironclad authentication method” as a driver behind the new biometrics standard.

Biometrics offers a particularly secure authentication method because — unlike passwords, token and smart cards — biometric patterns cannot be shared, lost, stolen or forgotten, therefore minimizing the risk of identity theft. Biometric techniques, however, have been perceived as somewhat intrusive. As a result, new biometric methods that require less-intrusive examination, such as measuring a user’s keystroke rhythm, have become increasingly popular recently.


As Records Go Digital, Biometrics Integrates into Healthcare Sector

“The National Healthcare Anti-Fraud Association estimated that in the United States alone, at least $51 billion — which is about 3 percent of the nation’s healthcare outlay for calendar year 2003 — was lost to outright fraud,” explained Lee, who added that the 3 percent number may be conservative, and that some put the number closer to 10 percent.

From issues of phantom billing and “upcoding”, Lee says fraud can come from the providers themselves. Audit data that is stamped with a biometric approval, he says, makes this process much more secure, and links the different parties involved with the submission so there’s less a chance of fraudulent claims and billing.

Lee noted that in Texas, the Medicaid Integrity Pilot (MIP) was put in place in 2004. The pilot program uses both smart cards and biometric authentication, and was designed for “recipient verification at the point of service.” The program has since transformed out of the pilot stage and into the so-called “MAC” program, a mandatory program of a similar design which requires healthcare users to check in with smart card or biometrics when they sign in at some providers. To meet concerns of privacy, the program uses a match-on-card approach where the fingerprint scan was matched to the data on the card, not to a provider-housed fingerprint database.

How Does Biometrics Fit into HIPAA Compliance?

Biometric verification of identity is a component part of the Technical Security Services to Guard Data Integrity, Confidentiality, and Availability and is one of the required and most easily implemented Unique User Identification methods (including Secure Password, Biometric, PIN, Token and Telephone Call Back)

Each organization would be required to implement entity authentication, which is the corroboration that an entity is who it claims to be. Authentication (Verification) would be important to prevent the improper identification of an entity who is accessing secure data. The following implementation features would be used:

In addition, at least one of the following implementation features would be used:

  • A biometric identification system.
  • A password system.
  • A personal identification number (PIN). (Weak Authentication)
  • Telephone callback. (Staffing and maintenance verification)
  • A token system which uses a physical device for user identification. (Smart Card, PKI, or other Certificate)