The Business Need for Strong Authentication

In today’s digital world, enterprises and organizations depend on advanced and automated systems to streamline their business operations. Consumers also benefit from the convenience of ATMs and electronic airline tickets. However, at the same time, the digitization of our lives has made it easier to gain unauthorized access to our bank account or otherwise compromise our digital identity.

The rising costs of fraud and identity theft, privacy concerns, regulatory compliance and security are the main business drivers for strong authentication solutions. The ease with which traditional authentication systems can be compromised, together with the heightened security awareness and threats of terrorism, have resulted in a surge in demand for stronger authentication methods. This is illustrated by the fact that the United States and many Eurpean countries have upgraded their immigration and passport control processes to incorporate biometric authentication.

Fraud and identity theft is a global problem. In the UK, plastic card fraud losses in 2006 totaled 428 million pounds (Fraud – The Facts 2007, APACS). These losses are attributed to lost or stolen cards, card ID theft, counterfeit cards, online transactions, etc. The card fraud landscape in the UK is changing due to the success of chip and PIN as a replacement to magnetic stripe cards that can be easily duplicated. As a result, fraudsters are focusing their efforts on the Internet and countries that have not yet upgraded to chip and PIN. In any event, using smart cards will not help if your wallet is stolen and you keep your PIN together with your card.

In Japan, there have been hundreds of recent bank card forgery cases involving dozens of financial institutions and hundreds of millions of yen. Victims are usually unaware their money is being stolen until it’s too late. Financial institutions around the world are being urged to take a greater role in preventing bank card fraud by improving card security. Japan’s Financial Services Agency, for instance, has called on banks to implement added security measures such as introducing biometric identification systems.

Another key driver for strong authentication is the need to comply with stringent government requirements related to data privacy. In the area of healthcare, for example, the Health Insurance Portability and Accountability Act (HIPAA) mandates that all healthcare organizations need to effectively meet a set of administrative, technical and physical safeguards in order to protect the privacy of patient information. Violating HIPAA carry severe civil and criminal penalties including fines up to $250K and/or imprisonment up to 10 years for knowingly misuse of individually identifiable health information.