FEATURE

paying by cash and non-cash being similarly

easy – would provide a substantial cost saving to
retailers. This would be realised immediately in
the reduced cost of settlement and a reduction in
the ‘set aside’ to cover payment delays and errors.
While biometrics has a long way to go before
a mainstream audience adopts it, it is cer-
tainly the future towards which we are headed.
Technological advancements in the sector and
the spoof-proof nature of palm vein technology
mean it will inevitably become the standard,
once again altering the relationship between the
retailer and the consumer and moving the retail
experience in to a new era.

About the author

David Lowrence is a retail consultant for Fujitsu
UK & Ireland. With over 20 years’ experience,
he is an expert in the field of retail technology
and trading solutions, with an emphasis on
in-store and customer-centric implementations.
Fujitsu is a Japanese information and commu- Acuity Market Intelligence, 2013.
nication technology company offering a range
of technology products, solutions and services. Fujitsu’s other operations in the UK bring its and product for customers in the private and
Approximately 170,000 Fujitsu people support total employee numbers to over 14,000 and its public sectors including retail, financial services,
customers in more than 100 countries. Fujitsu total revenues to £1.8bn. Its integrated product telecoms, government, defence and consumer
UK & Ireland employs over 10,100 people with and service portfolio includes consulting, appli- sectors. For more information, please see: http://
an annual revenue of £1.6bn. Additionally, cations, systems integration, managed services uk.fujitsu.com

Ending identity theft and

cyber crime
Chris Edwards, Primary-Net

Failure to authenticate equals cybercrime. This is the sole reason for the world’s
most prolific criminal activity and it is a byproduct of the creation of the
Internet and the ensuing ‘electronification’ of our world. Until we can solve the ing a database somewhere to carry out some
failures associated with authenticating people, cybercrime will not only persist, kind of transaction.
it will become systemically worse and the associated costs greater. The problem is compounded where unsuper-
vised (absence of human supervision) transac-
The fact that it is so remarkably easy to news stories published worldwide. Tokens as tions prevail – and these transaction types are
impersonate another person by obtaining we know them simply do not work. becoming more numerous daily offering new
their identification credentials has allowed identity theft opportunities with each one.
crooks to become professional thieves. As An easy problem to solve? It is true that there have been significant
there is little to no evidence left at the scene developments that set attackers back a step only
of a cyber crime, these crooks are largely Until now and despite all of the really groovy to see these new solutions conquered again –
invulnerable and thus extremely difficult to technology that surrounds us at virtually and generally faster each time. It is, and always
catch. every point of electronic contact with others, will be the case that attackers have the upper
It is easy to understand that the use of nobody has been able to solve what, theoreti- hand due to the elements of surprise and, in
tokens as a means of identification is inher- cally, should be an easy problem to solve. Let’s the case of cyber based attacks, anonymity.
ently flawed. And, we have plenty of proof to remember that we build highways thousands Is biometric technology the solution? For
underpin this theory as the runaway problem of miles long; through and around mountains, ages – we’ll call it since the advent of the
of identity theft, is, well, a few orders of mag- seas and other insurmountable obstacles – but digital age – we have looked long and hard at
nitude greater than virtually all other daily we can’t be sure that you are you when access- biometric technology as a likely solution for

9
February 2014 Biometric Technology Today
 FEATURE
2012 Norton Cybercrime Report by Norton Online.
some of the more challenging and security-
based applications. It makes sense, after all. If
we could use something intrinsic and unique
to each of us; something that is part of our
anatomy to identify us, then we would have
the answers to the identity theft question.
Human biometry is, therefore, the Holy Grail
of authentication solutions. Or is it?
Until now, nobody has made the technology
foolproof. Is biometric technology inherently
flawed? Or has nobody developed the right
process yet? The fact is, cyber crimes persist and
the problem only more pervasive as time passes.
How do consumers feel about biometrics?
The most recent evidence of consumer inter-
est in biometrics was made most abundantly
clear with the release of Apple’s iPhone 5S in
October 2013. It has followed with massive
sales despite the prompt hack of its biometric
sensor (the biometric sensor is construed to
have been the major selling point of this new
smartphone).
The fact that the iPhone was hacked through
the biometric sensor underscores the notion
that biometrics are (still) valuable as a gimmick
or for straight convenience-based applications,
but the technology continues to fail to add real
security value.
The truth is that humans have long been
enamoured with the notion of using their body
parts to do stuff that we still do with things
like cards and pin codes. The obvious applica-
tions are mostly authentication related, but
the technology has systemically failed here,
otherwise cyber crime would be a thing we’d
be reading about in the history books. Instead,
we read about these electronic attacks in the
newspapers. And still, despite repeated authen-
tication failures, we’re still deeply intrigued
with the technology, albeit most of us don’t see
10
Biometric Technology Today
biometrics as technology and instead something
closer to science fiction.
The bottom line is conventional biometrics
have not worked for applications where security
is a critical requirement. The evidence of this is
that cybercrime remains one of the most pub-
lished news topics on earth, day in and day out.
Why the proliferation of
cyber crimes?
Why the proliferation of cyber crimes?
According to the United Nations Office on
Drugs and Crimes (UNODC) February 2013
Comprehensive Study on Cybercrime, the pri-
mary reasons for the ascent of digital crimes are
the result of “global connectivity, the automa-
tion of data processing, and the development of
non-face-to- face transactions…”1
With population on earth still increasing at
an exponential rate, people becoming more
tech savvy and the developing world coming
online at a far greater rate than the developed
world that is now well connected, means a
future full of e-crimes ahead, barring a legiti-
mate solution.
How big is the problem? McAfee, although
criticized for its reports on the global financial
scale of cybercrimes by some observers, con-
tinue to report that annual losses are in the
hundreds of billions. The most recent report
commissioned by McAfee pegs the cost in 2012
to have been in the range of $500bn2. This
figure is nearly equal to the estimated cost of
drugs trafficking worldwide. And, frankly, this
loss estimate is almost certainly understated as
we have no clue about a large proportion of
attacks, either because people don’t report them
or they don’t even know they’ve been hacked.
Another astonishing statistic according to
the UNODC is that there are approximately
one million victims of cyber crime every single
day. This is a massive figure that would be
impossible for anyone group or association to
catalogue, analyse and manage in one central
location, hence the vast disparity of data avail-
able on the subject matter.
Further evidence to support the scale of the
cybercrime problem is the incredible myriad of
statistical data that exists for the projections of
everything cyber crime; universal financial cost,
cost by country, cost by type, average cost per
hack, number of hacks, etc – the list is long.
Additionally, the difference between data,
even by credible sources, is significant. And,
the sheer number of news stories chronicling
attacks can only be tracked by supercomputers.
All of this underscores the depth and breadth
of the problem. The fact that nobody knows with
any reasonable accuracy what the real implication
of cybercrimes is, only serves to prove that it is
likely far greater than any of us imagines.
First cyber war
Let’s remember that the first engagement of
cyber war was successfully carried out against
Iran in 2010 at its Bushehr Nuclear Plant
whereby an attacker caused real physical dam-
age through electronic commands between
computers controlling centrifuge management
within its extremely high security network.
Never before had a cyber attack caused physical
damage to another using computers.
What this means is that the game has
changed considerably. Due to the relative ease
of identity manipulation, cyber warfare is a new
phrase that has made its way to Wikipedia.
Designing a solution
Any real solution to cyber crime – and there are
solutions – must eliminate any third party docu-
ments entirely. Until we divest ourselves of easy-
to-lose, non personal identifiers, cyber crimes
will continue their proliferation. Plastic cards,
pin codes – manufactured tokens of any kind –
cannot be a part of the electronic transaction.
If we wish to put a stop to e-crimes, the solu-
tion has to involve some form of human biom-
etry – or something that is inherently unique
to each of us; something that cannot be stolen
from us and that requires us to be present for
any desired transaction.
If we could accurately identify every person
wishing to make an electronic transaction through
the gateway of the Internet, the problem would
have its solution. This seems simple goal in terms
of the simplicity of the premise. Given all of
the available technologies today, we should look
February 2014
 FEATURE

to create a guardianship with an un-spoofable

authentication process and we all go home know-
ing the crooks will have to either get jobs or find
new places beyond the digital realm to thieve.
This solution should be created around a uni-
versal online authentication centre. Eventually, it
would need to be capable of having the identities
of every human enrolled in it. This centre would
have the following requirements:

1 It should belong to everyone in the world

2 It should be available to everyone in the
world
3 At no time should it contain any sensitive
personal data
4 It should only contain ‘mirrors’ of each per-
son enrolled; first name, last name, nation- Human biometry.
ality, gender at birth and date of birth
5 Addresses, telephone numbers, bank Logically, a successful authentication system a digital society. Let’s tighten the screws and
accounts, email addresses, credit card num- solution should have the following criteria: make this a safe and convenient place to exist.
bers, or any other information can never be UÊ
œ˜Ûi˜ˆi˜ViÊqʈÌʓÕÃÌÊLiÊi>ÃÞÊ̜ÊÕÃi
in the database
6 The centre must be totally inaccessible and
the stored identities must be too
7 The users’ data must not be accessible by
system administrators
8 It would also need to devise a secure means
of enrolling the users, storing their data
and accessing it - meaning login credentials
with plastic cards, pin codes and other tra-
ditional tokens would not be acceptable
9 It would need to use human biometry to
distinguish each person
10 It must be fail-proof in its ability to con-
nect a live, known user to the database in
real-time
The concept of limiting user data to non-
sensitive is that it renders that data useless to
anyone seeking to use it for any kind of mali-
cious purpose.
Today, for reasons of cost, acceptability,
mathematical uniqueness and neutrality, it is
commonly believed the human fingerprint is
the best biometric option. However, using the
fingerprint in its traditional form is flawed. The
solution requires a means to be certain that the
‘fingerprint’ is genuine, something more akin to
today’s finger scan, and this data must be able
to be encrypted in such a way that it cannot
ever be recreated. Today’s technology allows us
to do these things.
February 2014
UÊ iۈViÊ ÃˆâiÊ qÊ ˆÌÊ “ÕÃÌÊ LiÊ Ã“>ÆÊ i>ȏÞÊ «œÀÌ-
able if desired
UÊ -iVÕÀˆÌÞÊ qÊ ˆÌÊ “ÕÃÌÊ LiÊ iÝÌÀi“iÞÊ `ˆvvˆVՏÌÊ ÌœÊ
attack
UÊ ,œLÕÃ̘iÃÃÊqʈÌʓÕÃÌÊLiÊiÝÌÀi“iÞÊ>VVÕÀ>Ìi
UÊ
vvœÀ`>LˆˆÌÞÊqʈÌʓÕÃÌÊLiʏiÃÃÊiÝ«i˜ÃˆÛiÊ̅>˜Ê
other high security solutions; even those of
inferior technology
The endgame
With an effective solution, there would be no
need for digital evidence preservation, restric-
tions on specific IP address connections, or
other conventional attack firewalls. Neither
would any measures be required to prevent
copyright/trademark infringement, decryp-
tion of encrypted material or employment of
measures against computer misuse – they are all
unnecessary.
The solution must be simple to use and
designed for use in unsupervised environments,
meaning hackers will have a new challenge that
never before existed. It will not be biometric
technology as we know it – rather a new pro-
cess using human biometry.
Eliminating cyber crime is such as big issue
that when we succeed, it will change the world
as we knew it. Achieving this is bigger than
any energy concern, any armed conflict or any
natural resource depletion for we have become
References
1 United Nations Office on Drugs and
Crime, Comprehensive Study on
Cybercrime, February 2013. http://
www.unodc.org/documents/organized-
crime/UNODC_CCPCJ_EG.4_2013/
CYBERCRIME_STUDY_210213.pdf.
Accessed January 2014.
2 Egan, M. ‘Report: Cyber Crime Cost
Global Economy Up to $500B a Year’.
22 July 2013. Fox Business. http://www.
foxbusiness.com/technology/2013/07/22/
report-cyber-crime-costs-global-economy-
up-to-1-trillion-year/. Accessed January
2014.
About the author
Chris Edwards is the director of Business
Development for Primary-Net, a Dutch based
authentication technology developer with R&D
operations in Madrid, Spain. He has been with
the company since July 2011. For the previous
five years, he worked as lead analyst for a Nice,
France-based consultancy who provided advisory
services for political candidates in eastern Europe
and Asia on campaign strategies. Primary-Net is
the developer of a patented innovative informa-
tion security technology called Biocryptology www.
biocryptology.net.
11
Biometric Technology Today