Let The Finger Do The Talking
Retailers need to understand how access control can be integrated into identity management systems
Visualize this: You walk into a men’s store, approach the “personal shopper” stand and place your finger onto a designated spot. A personalized greeting appears on the monitor: “Good day, Mr. santhosh. The last time you visited, you bought a blue pinstripe suit. To thank you for your business, for any tie you buy today, pick another at the same price or less for free. Your discount will appear at checkout.” With a biometrically enabled loyalty system like that, past customers will want to return to the store over and over again. 
Today, retail decision makers can be less concerned about whether technology works—with the introduction of multispectral imaging, even biometrics have become reliable—and more interested in how access control can be integrated into identity management systems for goals beyond the simple transaction of opening a door. Also today, they can use biometrics in “customer-facing” applications like loyalty programs. With the advent of the latest technologies, biometrics have been successfully deployed at major theme parks and ATMs. Why shouldn’t the retail industry take advantage of new biometrics technologies as well?
Can biometrics allow workflow to be streamlined by a single authentication solution across an organization? Can user authentication be tied into safety systems, as required by regulators or insurance providers? Can business patrons’ experiences be enhanced by expanding the touch points that know who they are? The answers to these questions are being asked today by retail CIOs who are demanding seamless and holistic solutions to IAM challenges that revolve around the question, “Who?”
The challenge has always been how to establish the “who” in transactions. Who is accessing the warehouse? Who is punching the time clock? Who is the customer standing in front of me? The question is always, “Who?”
Until now, the industry response to this question of “who” has been to use the best available tools to approximate identity. Thus, cutomers can present a credential— something they know like a password or something they have like a swipe card—to authenticate their identity. However, credentials alone simply cannot substantiate identity.
CIOs understand that others can know the password—it may have been shared, found or observed. Cards and tokens show what somebody has, but possession alone does not ensure identity; somebody else could have access to that card or token via sharing or theft. Thus, while access and authorization have always been granted to individuals, knowing a password or having a key is only superficially related to the authorized person, and neither can establish who. Only a biometric can do that.
Here’s an example of why it’s important to know who. Today, NFC-enabled smartphones are starting to get a lot of press. It is now possible to replace cards with virtual credentials on a smartphone. These credentials, when linked to one’s unique identity, provide an easier, simpler way to pay for merchandise. The customer just has to tap his or her smartphone to the cash register. NFC-enabled smartphones also could provide better access to buildings, data or devices.
Nonetheless, virtual credentials still verify only that somebody has the phone. Add a biometric to the phone and you know that the person using the phone is the person who is authorized to use it.
Instead of a smartphone, retailers could implement finger biometrics and actually understand who. After all, not all customers fit the phone-carrying demographic. And what about customers who forget to bring their cellphone? They didn’t leave their finger at home! Let’s look at some retail applications and how biometrics can help take retailers to the next level.
Eliminating the High Cost of Buddy Punching
Increasingly, retailers are discovering that time and attendance technologies, such as barcode ID cards, proximity cards, PINs and manual punch clocks, are inexpensive short-term fixes but, in the long run, they can be exploited and are susceptible to fraud, rendering them a poor long-term solution. Biometrics solves this problem by eliminating sharing, swapping, stealing and loss of PINs, passwords and ID cards. This is especially true for big-box environments
Creating an Enterprise Single Sign-On (ESSO) System
After considering these examples, all of which are in use today, ask yourself: Would a retail organization like to have a system that offers authorized users quick, easy access to specific information or use of particular data sets and enforces document compliance with its policies and procedures? Of course, it would. But in today’s complex world, authorized users are sometimes forced to carry different forms of credentials for various applications and, at a minimum, remember multiple passwords.
An ESSO system, used in concert with the latest generation of biometric sensors, provides a better, more convenient and secure solution. Retailers realize that security is a must, but security solutions cannot interfere with employees doing their jobs effectively, efficiently and safely. With a biometrically enabled ESSO, one simple enrollment allows for multiple uses across the whole enterprise— from entering the employee-only area to going into the warehouse to using the POS system or entering time and attendance data. This holistic view of enterprise security is vital and provides an integrated identity management system that is much more reliable and cost-effective because it eliminates the problems of having multiple identities tracked over an ever-increasing number of disconnected access points.
A biometrically enabled ESSO eliminates end-user frustrations of keeping up with multiple passwords and lost tokens. Investing in an ESSO with a biometric completes a retailer’s enterprise security by merging all authentication needs to a single finger and providing an irrefutable audit trail.
Multispectral Imaging Assists Biometric Verification
For many years, retailers and other organizations did not realize the lower cost and smaller footprint of fingerprint biometrics because legitimate, authorized employees were rejected by the fingerprint scanning system. The optical and electronic technologies used by conventional fingerprint scanners had error rates from 5 to 20 percent, depending on the environment. With the number of people employed in retail chains, those error rates are just too high.
The core problem is that conventional technologies rely on unobstructed and complete contact between the fingerprint and the sensor. This contact is hard to achieve if the user’s hands are wet, dry or dirty.
To read a fingerprint, these units, whether optical or electrically based, need the employee to lay a fingertip directly on the platen, and they need the fingerprint ridges to make good electrical or optical contact with the device. In addition, they also need the valleys between the fingerprints to fill with air. Dirt, water or any other contaminant could fill those valleys or not allow the ridges to make good contact with the platen. The result was bad images that lead to bad reads.
Are your employees meticulously clean? Consider that dry fingertips are common— caused by anything from climate conditions and natural skin characteristics to frequent hand washing and air travel. For instance, a high desert climate, like Las Vegas, causes dry fingers. In a more humid environment, such as Miami, moisture creates problems.
Most optical sensors are configured to look for the presence or absence of total internal reflectance (TIR), which is the phenomenon in which the interface between glass and air acts as a mirror at certain angles. The contact between the skin and the platen defeats the TIR, allowing those points of contact between the finger and the sensor to be imaged. Thus, those points of contact must be complete and unobscured to enable the conventional sensor to collect a fingerprint image. Establishing firm and complete contact with the sensor is difficult with dry fingers because there is not enough moisture in the skin and the skin is not pliable enough to facilitate the contact necessary for TIR imaging.
Thanks to http://www.security-today.com/home.aspx
No comments:
Post a Comment