Michael Henderson, XDS Credit Bureau

Most organisations are good at automating, authorising and auditing identity, but they fall short when it comes to authentication.

This was according to Mark Eardley, Independent Consultant and AIC advocate at SuperVision Biometric Systems, in his address at the ITWeb IDentity Indaba.

Eardley said the conventional methods of authenticating identity – cards, PINs and passwords – are inherently insecure.

“There are fundamental failures in user authentication among these methods, which are fuelling modern cyber crime,” Eardley said. “They are not secure because cards, PINs and passwords are routinely lost and forgotten, as well as shared and stolen.”

He suggested that organisations must adopt the latest identity and access management solutions, like biometrics.

“Biometric technology cuts losses and risks caused by the loopholes in cards, PINs and passwords,” he concluded.

GHOST IDS

Biometrics would help companies overcome authentication issues, but it may also help SA battle identity fraud, which is rampant. South Africa has close to 20 million ghost identity books, said Michael Henderson, CFO of XDS Credit Bureau.

“Stats SA reckons there are 28 million people aged over 21. The IEC [Independent Electoral Commission] has 23 million registered voters. However, the credit bureaus have 38 million people registered, meaning they have 38 million identities. Bear in mind that they might be over the age of 18, eligible to vote, and old enough to feature in the Stats SA data of those over 16.

“So that doesn’t seem to tie up. The results for the census will be out this year. Stats SA reckons there are about 52 million people in SA. With our demographics, you would expect 35% to 40% of our population would be under the age of 16,” Henderson explained.

Therefore, he added, one would expect 30 million to 33 million to be over the age of 16, and according to Stats SA, there are about 34 million people over 16 – that seems to tie up.

“But Home Affairs – bear in mind one is eligible to get an ID book aged 16 and above – has issued 54 million ID books, which are currently in circulation. However, the department is a bit behind in knocking off the deceased. “There are about 12 million to 15 million people more on the credit bureaus than should be,” said Henderson.

Also speaking at the event, Marius Coetzee, MD of Ideco Biometric Security Solutions, agreed that the Department of Home Affairs is battling to control identity fraud.

“The biggest cases that were discovered was that one individual was in possession of nine different names, while another individual had 26 ID books, and one lady was said to have 3 046 children,” said Coetzee.

Coetzee added that the smart IDs that Home Affairs plans to roll out will improve identification processes through the use of biometrics, but they cannot solve the identity fraud problem on their own.

FRAUD LOSSES

Jaco de Jager, CEO of the Association of Certified Fraud Examiners (ACFE) – SA Chapter, said an average organisation loses 5% of its revenue annually to fraud, as today’s corporate culture and technology make it much more conducive to commit fraud.

In a recent ACFE study, De Jager added, more than half (55.4%) of respondents said the level of fraud in their companies has increased significantly in the past 12 months. In addition, 49% observed an increase in the amount lost to fraud.

Daniella Kafouris, manager for Deloitte Legal – technology and privacy practice, said SA is fertile ground for cyber criminals.

Kafouris made the remarks in reference to a study published in September by security software vendor Norton.

According to Norton, Kafouris noted, 92% of the respondents in Russia revealed they have been victims of cyber crime; in China, 84% have been affected; and 80% have been targeted in SA.