Australian police recommend biometrics

Pushing the case for biometrics security, Australia’s police forces demonstrated the ease of creating false documentation at a conference in Sydney last week.

NSW Fraud Squad detective superintendent Megan McGowan, at the Macquarie Bank Lecture Series on Fraud, presented documentation which, she claimed, could allow Macquarie Bank’s director to assume the identity of his Aussie Home Loans counterpart via any financial institution. The NSW fraud squad and Macquarie Bank have jointly developed a dos and don'ts identity fraud guide.

By obtaining personal information such as medical details, and using modern scanners and laser printers, thieves have created documents that pass the 100-point checklist, according to McGowan. The 100-point checklist is a standard used by banks to verify the authenticity of a customer.

Obtaining these personal details does not require the crime of the century either, said Brett Warfield, senior manager at KPMG Forensics.

Medicare cards, rate cards, car break-ins to find confidential information, stolen mail; all can lead to identity theft, Warfield said.

“Think of the amount of people accessing commercially sensitive information every day,” Warfield said. “These can be marketing plans, pricing, contact details and the like.

“This crime is being perpetrated on financial institutions via external organisations, but they’re getting insiders to help. Anyone with a large database is at risk.”

Conference speakers also said employees were likely suspects to be involved and Tony Roulston, solutions director for positive identifications at Unisys, said biometrics security was still immature, but viable.

However, Roulston said business had to consider the legal implications of implementing such security, and would need to rewrite existing documentation.

“If you’re going to use biometrics, you’ve got to comply with international standards, privacy legislation, social impacts, consent, and encryption standards.”

Before using biometrics security, businesses should conduct a defensible threat and risk assessment, which is a type of financial analysis, Roulston said.

If a business goes ahead with biometric security, it should also extend staff guidelines for entering and cancelling information, enact audit controls, and ensure backup data is protected, he said.

Unisys has no agreements with vendors or manufacturers, and Roulston said the most accurate biometrics solution was the eye-scanning camera technology from Iris Technologies. Iris developed the technology and is its only vendor.

The black-and-white Iris cameras are about 10cm by 3 to 4cm, and can plug into USB ports for desktop password protection. One camera costs $450, but can accommodate six users, said John Grimes from distributor Argus Solutions.

“There will never be one biometric solution that’s all pervasive however,” Roulston said. “You’ll find there will be blind people who can’t use iris scans; people whose fingerprints aren’t defined enough for scans, so biometrics will be used as combinations in businesses.”

A representative of the Australian Federal Police was also on hand to endorse the [“Dos and Don’ts for Identity Fraud” guide], co-developed by the NSW fraud squad and Macquarie Bank.