IDG Contributor Network: Biometrics can provide better data provenance


Imagine these scenarios:

  • Insiders at a financial institution place transactions using e-execution and then deny involvement when trades lose money.
  • Regulated individuals share secrets and collude to fix pricing via messaging services.
  • Fraud occurs through re-diverted funds within Treasury departments.
  • Funds are embezzled or re-directed for personal gain.
  • Confidential data is accessed for market price fixing, front running or gaining market advantage
  • Executives request staff members to access confidential or highly secure content to create a more simplistic briefing process.
  • Data is accessed and leaked for personal benefit.

The common denominator to every one of these scenarios is individuals denying their involvement or abdicating responsibility in a transaction. These types of acts are happening every day across virtually every industry — pharma, finance, the public sector — costing companies incredible amounts of money to investigate and putting operating licenses at risk.

Each of these scenarios also illustrate how critical legal non-repudiation is for organizations that want to provide end-to-end transparency — and the important role that authentication plays in all transactions.

A robust authentication system should provide at least three MFA (multi-factor authentication) options: what you know (e.g., passwords), what you have (e.g., tokens), and what you are (e.g., biometrics). Passwords and tokens are insufficient by themselves because they cannot authenticate who requested authorization and record the associated identity of the requestor.  If the trader in the scenario had authenticated the trade with his fingerprint, there would be no question about its ownership.

that “data subjects receive limited information (Articles 13-15) about the logic involved, as well as the significance and the envisaged consequences of automated decision-making systems.” Extensive data provenance facilities will be necessary to support GDPR requirements including authentication decisions regarding who or what entities where involved in transactions such as money transfers, currency exchanges, fraud alerts, and loan approvals.

Historically, there have been three issues with capturing and storing the whole provenance of any and all data elements:

  1. The storage requirements and costs of data and associated metadata was prohibitive
  2. The lack of software and computing power to mine the data for insights
  3. No reliable security infrastructure to securely record data lineage

We are overcoming all of these issues. First, storage is cheaper and more available on a global scale. The advent of the cloud makes it easier than ever before. Second, data mining is so commonplace these days it’s practically textbook; and the clear benefits of analyzing data for insights means businesses are seeking out ever-more opportunities to add value to their organization.