Biometrics – You can’t change them if they’re stolen

There has been a lot of discussion about “improving” security of financial and other transactions by moving to a bio-metric solution. The logic is that if you authenticate a transaction with a fingerprint, stored camera image of your face, a voice print or other means, then you will have a higher level of security than having a card, which can be stolen or copied, and a PIN which can be compromised if discovered.

This sounds OK on the surface but it has a major flaw. If a card is stolen or a PIN is discovered then the card can be replaced and the PIN changed. This can result is a short-term inconvenience but the security breech can be recovered from. However, currently some bio-metric authentication methods can be compromised and if so, the fingerprint, voice print or facial image cannot be changed to remedy the situation. Once your bio-metric signature is stolen, the thief has it forever.

An alternative simple solution for improved security, that is common in some parts of Europe, is for the bank to send an SMS for all transactions. For this to be compromised, a person would need to have the card, PIN, mobile phone and mobile phone access code to carry out a fraudulent transaction in a face to face situation. For internet transactions, they would need to know the card details and CVV. This SMS solution offers a very high level of security and in the unlikely situation where it is compromised, the security breech can be quickly remedied.

As an added precaution, I recommend removing the CVV from all cards. The banks don’t like you doing this but the CVV is effectively a PIN for internet transactions. The CVV is needed for internet transactions, so if your card including the CVV is copied, it can be used for online purchases. It’s no different from having your PIN written on your card. Removing the CVV will not affect any legitimate face to face transaction as it is not needed in this instance.

Another measure to increase card security is not to sign the card but to write “Ask for ID” in the signature space on the card. Although signatures are being phased out, it is still useful.

Bio-metrics have their place, in electronic access control systems for example, but they are a bad idea for use in financial transactions. You can’t cancel your fingerprints and order new ones.

Our first web page – 1998!!!

The site is a great resource. You can change and delete web pages, but they remain on the web forever. Have a look at our first beta attempt at a web page from 1998 :



Consistency in security risk assessments

If you ask two security consultants to provide a security risk assessment of your premises, then most likely you will receive two different results. A main cause of this is that it is common for security risk assessors to take the approach of identifying risks as being simply extreme, high, medium or low. This is done by assessing the likelihood of a risk as rare through to certain and rating the consequences as insignificant through to catastrophic.  This approach provides a quick result but the results will vary between individuals.

A significant problem with this approach is that any risk with a catastrophic potential consequence is invariably rated as being an extreme or high risk no matter how unlikely the risk is. An example of this is the risk of terrorism.  This risk is often rated as the highest risk to a site, even if it is inconceivable that this risk would occur. The other obvious problem is that different risk assessors will view the likelihood of risks occurring differently, so the level of risk the assessment says that you are exposed to will depend on who carried out the assessment. This is a particular problem if the client has a number of properties that they need assessed.

Another approach, and one that we use in our consultancy practice, is to quantify the risks as far as possible. Instead of rating the risk of burglary, for example, as being medium or high, this approach looks at the local crime statistics and identifies the number of times per annum that the client can expect a burglary attempt. The method then looks at the security measures, either that are in place or proposed, and through a standard spreadsheet, identifies the likelihood of an attempted burglary succeeding. This then provides the number of expected successful burglaries per annum. All the potential consequences of burglary are then applied to this risk, e.g. value of losses, property damage, interruption to operations etc. to determine a consequence value. From all this data, a relative risk score is provided through a spreadsheet. As consequences will vary between clients and the attractiveness to a burglar vary also, spreadsheets need to be developed for each type of client. In this approach, using standardised spreadsheets, different risk assessors will provide identical results.