The development of computer-based technologies has brought about a revolution resulting in a proliferation of electronic transactions. This has produced a phenomenal reduction in costs and improved efficiency within the financial industry. Trillions of dollars in funds and securities are transferred daily on payment and other financial systems through telephone, wire services and other electronic communication mechanisms.
According to ISO 19092:2008, the sheer volume and value of such transactions exposes the financial community and its customers to severe risks from accidental or deliberate alteration, substitution or destruction of data. There is therefore a strong need for an ironclad authentication method.
Biometrics is increasingly considered as a reliable means of identification. It includes technologies such as finger image, voice identification, eye scan and facial image. Its advantage and appeal lies in its convenience and ease of use, its level of apparent security, performance and non-invasiveness.
ISO 19092:2008 describes the security framework for using biometrics for authentication of individuals in financial services. It introduces the types of biometric technologies and addresses issues concerning their application.
The standard presents the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations suitable for use by a professional practitioner. It promotes the integration of biometrics into the financial industry and the management of biometric information as part of the overall information security management programme of the organization.
ISO 19092:2008 also addresses the following topics
- usage of biometrics for the authentication of employees and persons seeking financial services by:
- verification of a claimed identity
- identification of an individual
- validation of credentials presented at enrolment to support authentication as required by risk management
- management of biometric information across its life cycle comprised of the enrolment, transmission and storage, verification, identification and termination processes
- security of biometric information during its life cycle, encompassing data integrity, origin authentication and confidentiality
- application of biometrics for logical and physical access control
- surveillance to protect the financial institution and its customers
- security of the physical hardware used throughout the biometric information life cycle.
“ISO 19092 offers a valuable international consensus-based tool to the financial industry that will encourage the secure implementation of biometrics as an authentication method within this sector. This standard is one step ahead, paving the way for the next generation of safer and more reliable financial transactions, increasingly important in today’s electronic era,” commented Mr. Mark Lundin, Chair of the ISO subcommittee who developed the standard (subcommittee SC 2, Security management and general banking operations from ISO technical committee ISO/TC 68, Financial services).
ISO 19092:2008, Financial services – Biometrics – Security framework costs 176 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store or by contacting the Marketing & Communication department (see right-hand column).