Certified secure and seamless, SITA’s biometrics is being used to update 25 more touchpoints at Philadelphia International Airport.
Soon all departure customers will be processed at tech-enabled gates, which work more efficiently by comparing a live photo of a passenger to images submitted to the government and stored in the CBP database. 10 gates in a three phase process have been installed. Passengers biometrics will be collected and stored for the next journey that a passenger takes. The plan to biometrically screen and record all passengers travelling through airports kicked in following 9/11 terror attacks with the U.S. Customs and Border Protection creating a long-term biometrics strategy in 2003.
It was mandatory from 2004 that non US-citizens provide their face and fingerprint biometric data.
PHL’s Chief Information Officer, Allen Mehta said it was important to “spend a significant amount of time on finding the best solution for (Philadelphia) airport” while CBP has widely deployed the biometric matching service at most key ports of entry in the U.S.
Airlines and the Transportation Security Administration have access to verify passengers throughout the customers’ journey.
CBP estimates it has processed 249 million travellers and intercepted 1,650 impostors since 2003. On entry to PHL, CBP also introduced the Simplified Arrival process.
“Our goal was to find a viable solution that not only met the basic requirements from the Department of Homeland Security but also to have partners with experience in airports and biometrics solutions around the world”.
U.S. citizens are omitted from the process, Heather Redfern, a spokeswoman for PHL confirmed. Pilot testing at Philadelphia occurred three years ago in association with the US Customs and Border Patrol and initially tested three machines over a 45 day period.
SITA’s Smart Path solution was selected with NEC providing its Delight digital ID management platform in the refurbishment of terminal A-East and A-West.
Matthys Serfontein, President, Americas at SITA, said, “We are pleased to bring our biometric solution to PHL and help the airport meet the CBP’s mandate for biometric US exit checks. With Smart Path, the process is fast, efficient and eliminates the need to fumble for your passport or boarding card.”
What started as a crisis for Uruguay over alleged fake passports getting into the wrong hands of Putin’s spies, has spiralled into a web of accusations reckoning national corruption.
A trusted bodyguard of Uruguay’s President, Luis Lacalle Pou, was arrested on 26 September on charges of allowing the false passports to be obtained by suspicious Russians.The scandal, which the President flatly denied having any knowledge about, was certainly bad publicity when the rest of the world has been united on condemning Russia’s invasion of Ukraine and cut political support as well as alliances on trade.
Astesiano’s assistance was providing false birth certificates that stated Russian citizens had Uruguayan parents, which could be used to obtain Uruguayan passport.
The suggestion was that Russian spies and/or citizens had an anterior motive for obtaining a fraudulent passport to travel freely to Europe and the Unites States and not all of the attempts to get one could be attributed to Russian citizens wanting to escape the corruption to reside elsewhere.
Reportedly a Russian citizen, Alexey Silivaev and his wife, paid for a false passport which recorded relatives that were unrelated, deceased Uruguayans.
Around 20 cases of Russian citizens trying to obtain a passport came to light after it warranted an investigation.
The serious allegations suggest Uruguay’s political corruption – even though integrity of the government is high in polls – in facilitating fake security documents and maintaining a relationship with Russia when the rest of the West has cut ties.
The Financial Times reported the interior and foreign ministry spoke out to claim Astesiano was “very dangerous” and questioned how the passports were approved.
Despite the bad reflection, a steady score of 73/100 shows Uruguay is not considered as corrupt as much of the U.S. and countries scoring below 50, according to the Corruption Perceptions Index (CPI). It ranked first in Latin America and held 18th place worldwide.
The controversial voter ID system, which is proposed for next May’s local elections, seems to have met another obstacle after reports by the Guardian that the government has been warned over delays to voter ID legislation.
In response, the judgement from Britain’s election watchdog appears to have been brushed off, despite the view that implementing a new ID system without any concrete framework is an “unworkable” solution and will compromise security.
Conservative ministers and the Electoral Commission have indicated they will use the upcoming May election as a “learning exercise”. Potential setbacks have already been highlighted; of the main concerns is a proposal to allow photo ID cards which may not be fully secure, accessible or workable.
A second iteration of ID legislation was due to be completed over the summer however another draft was only released by the government on Monday, causing more delays to a strict timeline.
In an interview with the Financial Times, Ailsa Irvine, Director of Electoral Administration at the Electoral Commission, admitted that “important considerations may not be fully met when the new policy is (eventually) implemented”.
The trial of new voter ID rules will only go ahead in some areas of the UK. Surveys have indicated that some council ballot workers are bracing themselves to have to turn people away after concerns that people will not be prepared with the correct ID.
The requirement to provide a photo ID at polling stations is being strongly opposed because it could affect the ballot count if voters are “suppressed” and turned away.
A place designed to attract all eligible voters, polling stations could face a downturn in voters exercising their right to vote in the local elections.
45% of councils say they are not confident to train staff sufficiently in time on the new voter ID requirements.
The election changes will be the “most significant” in over a century, according to author Dr John Ault, and could make the process less seamless in triggering millions of requests for a free form of ID as well as asking people with religious headwear to remove these items to be identified.
The Conservative party is pushing the move to “restore the integrity” of elections and tackle voter fraud, however, Labour deputy leader, Angela Rayner, took an opposing stand citing the nation’s top priority is the Cost-of-Living crisis.
The election is expected to enforce the new ID requirements. The forms of ID which will be allowed include passports, driving licences, biometric immigration documents and the “Voter Authority Certificate” if no other ID can be produced. This unique document can be requested up to “six working days ahead of the poll”.
Northern Ireland has seen voter ID rules implemented successfully since 2003. Proposals to legislate voter ID requirements and conduct a series of pilot trials began in 2017.
A partnership between Standard Chartered Bank and FairPrice Group has launched new digital bank, Trust Bank, in Singapore with an investment of £400 million going towards a range of news products for customers including credit cards, savings account and personal accident insurance cover.
The investment has been provided by Standard Chartered Bank, FairPrice Group and NTUC Enterprise in a bid to further expand financial inclusion and digital economic prosperity in the APAC region.
Consumer rewards and security are some of the incentivising qualities of the business model. Consumers of the Trust Bank can access their account through the digital interface only, an app which incorporated with a robust technology platform provides a secure banking user experience.
Users can also have constant 24-hour communication with the Trust with integrated voice and messaging customer service bots.
Announced in January 2021, Standard Chartered also established a strategic partnership with commerce platform, Bukalapak to strengthen Indonesia’s digital banking landscape, since launching the a digibank-ing platform called BukaTabungan.
Victor Lesmana, President, Commerce & Fintech at Bukalapak commented: “BukaTabungan will be an interesting product because now, everyone in Indonesia within all levels of society will be able to access world-class digital banking services seamlessly and securely”.
BukaTabungan uses automation and security technologies leveraging AI, biometric facial recognition and E-KTP (Indonesia’s biometrics ID programme) validation.
Celebrus has released the world’s first no-party data technology. Celebrus CX Vault will allow customers to keep their information private and brands to deliver the relevant messages that customers expect in real-time.
No-party data is defined as information gathering that does not use tracking, sharing, or cookies of any kind. It allows users to remain anonymous. Celebrus’ patent-pending no-party data solution is unlike anything on the market. The user stays anonymous throughout an entire session and no information is ever shared or sent to a server.
“Many vendors talk about ‘cookieless solutions,’ but don’t have an answer for it. In studies around the globe, there are two competing forces: consumers demand privacy, but they also demand a personalised experience. Brands up until this moment have struggled with how to balance an approach to that, particularly with the increasing rate of opt-outs on devices. Celebrus CX Vault provides the industry’s only solution for putting the consumer back in control while ensuring brands can help build positive experiences along the way,” says Bill Bruno, CEO of D4t4 Solutions, the parent company of Celebrus.
Celebrus CX Vault solves a challenge both consumers and businesses face in trying to find common ground in their expectations. Celebrus CX Vault recognises the context of a browsing session in real time and then applies machine learning to further determine and interpret user interest. It is an ethical innovation that meets privacy regulations and respects consumers who opt-out of cookie usage. A Pew report found 79% of Americans are concerned about the way companies use their data, while McKinsey research shows that 71% of consumers expect companies to deliver personalised interactions. This solution satisfies both and is a win-win for businesses and consumers.
Greenway’s appointment to lead the Commercial division adds executive airline experience as Pangiam continues rapid growth
Pangiam today announced the appointment of Steven Greenway as President, Pangiam Commercial. In this role, Greenway will focus his more than two decades of commercial airline leadership experience on continuing Pangiam’s expansive growth in the secure movement of people and goods.
“Steven is among the world leaders in solving the unique business challenges in global commercial aviation and digital customer experiences,” said Kevin McAleenan, Pangiam’s Chief Executive Officer. “Pangiam is thrilled to bring the insight he has gained making airlines successful around the world to our customers and clients.”
Founded by a team of global trade, travel, aviation, and homeland security leaders, Pangiam is driving change across the aviation sector by applying innovation, emerging technologies, and the power of data to solve operational, facilitation and security challenges facing airlines and airports today.
Greenway has more than 20 years of global experience as an airline executive. His focus was often on digital leadership, loyalty, and rapid sustainable growth, with emphasis on guiding Low Coast Carriers (LCC). Steven was a founding member and Chief Commercial Officer for Peach, All Nippon Airways successful LCC; and Scoot, Singapore Airlines’ mid to long-haul LCC; plus, CEO of reward-U, the pioneering LCC loyalty/everyday program of HK Express. Most recently, he was President of Swoop, Canada’s first Ultra Low-Cost Carrier, and a subsidiary of the WestJet Group.
“Throughout my career, I have often focused on building ‘something from nothing,’ which is much like Pangiam’s mission to innovate around the art of what’s possible. I’m excited to be an integral part of guiding visionary solutions that promise to not only transform aviation and global travel, but many other industries as well,” said Greenway.
In recent months, a biometric entry-exit program led the Customs and Border Protection has got progressively underway using photo-matching technology to verify travellers across various ports of entry in the U.S.
According to reviews by the U.S. Government Accountability Office, more is needed to check and verify the credentials of solution providers that supply biometrics to U.S. border protection agencies in streamlining effective border systems.
The U.S. Government Accountability Office comments that partners, contractors and vendors should expect to prove their trust credentials in the tender process, as well as passengers having to comply with updated airport verification systems.
During a Homeland Security subcommittee hearing, Rebecca Gambler, Director of GAO’s Homeland Security and Justice team, revealed the CBP has conducted out 5 audit assessments of partners to ensure their technology can be approved in line with security and privacy policies. Three more audits are in process.
Gambler noted that while facial recognition technology is being deployed to at least one gate at 32 popular U.S. airports, matching live passenger images against a photographic database, a past GAO report from 2020 presents a juxtaposition with trust systems to audit partners. Only 1 of 27 of its then-partners were audited against the CBP’s privacy and security frameworks despite biometric technology coming onto the market in 2017.
In exchange for trust from travellers, audits must be carried out on biometric suppliers to earn public trust.
In 2019, a data breach involving a CBP contractor exposed the data of 184,000 travellers from a pilot biometric entry-exit scheme.
Today, Sony has today announced the availability of its in-camera forgery proof photo technology for corporate business users. Using digital signatures processed at capture, Sony technology supports to detect any modification to an image thus protecting it from fraudulent usage.
Following widespread issues with unauthorised editing and misconduct around digital photo data, Sony has developed forgery-proof technology, based on standard cryptography, for corporate users to safeguard images against future misuse.
With Sony’s in-camera signing mode activated, images are immediately cryptographically signed by the camera processor upon capture. Following this, any pixel modification, tampering or potential forgery will cancel the image signature, as the image manipulation will be detected by the customer’s own certificate server during examination.
Available on the Alpha 7 IV camera, with expansion to other models to be considered in sequence, this new functionality streamlines the lengthy process required from image submission through to verification, all with the addition of extra security.
The Alpha 7 IV also combines a 33.0MP full-frame back-illuminated Exmor R™ CMOS image sensor with BIONZ XR™ imaging engine to deliver high-speed processing and outstanding resolution.
Sony’s new forgery-proof signing mode ensures the secure creation and transmission of images based on cryptographic methods, as the fundamental need for certifying unmodified and secure images grows in many applications, across multiple industries.
This technology is particularly applicable for passports and ID verification but goes further in tackling image manipulation in the media, medical and law enforcement fields. For the insurance and construction sectors, this technology will offer a secure foundation for inspection and recording of damage.
Yasuo Baba, Director of Digital Imaging and European Product Marketing at Sony, commented:
“It is Sony’s missions to strengthen business solutions with cutting-edge imagery technology and our in-camera digital signing is a real game changer for combatting image manipulation and forgery across multiple industries. Whilst appropriate adaptations for each industry need to be made, the digital signature is multilingual and can be used internationally, enabling organisations worldwide to streamline mandatory image signing with Sony technology.”
Currently compatible with the Alpha 7 IV, and subject to receipt of a license to enable Sony’s signing mode, this facility will be available for business users with plans for further model expansion to follow. In tandem, Sony will continue to examine how we can utilise our industry-leading imaging technology to further support enhanced security across multiple industries, with plans to expand the line-up of supported cameras hereafter.
All of our exhibitors and sponsors are ready for day 2! There are over 250 identity solution providers, associations and press to meet. Tomorrow will be your LAST opportunity to make those valuable connections.
Author: Maria Pihlström, Director, Global Marketing and Comms at Fingerprints
In mid-May Fingerprints was jointly exhibiting alongside Freevolt Technologies at IFSEC 2022, in London, one of the leading security events in Europe. Attendees at the show learnt how the two companies are combining their innovative tech to develop S-Key, Freevolt’s flagship biometric access card. To learn more, Fingerprints’ Marketing Director, Maria Pihlström sat down with Gonzalo de Gisbert, Freevolt’s Head of Product and Business Development.
Please can you provide a brief overview of Freevolt and its flagship product, S-Key?
Innovation and R&D are a core part of Freevolt’s fabric thanks to its academic roots. It was first established as a spin-off from research completed at one of the world’s leading universities, Imperial College London, that was investigating technologies that can harvest radiofrequency (RF) energy from common networks (NFC, cellular, Wi-Fi). We are taking this ground-breaking research and using it to develop the next generation of biometric smartcards, which is seen in our flagship product: S-Key.
S-Key is a battery-less biometric smartcard providing stronger authentication for the access control industry. Because it is battery-less, drawing its power using Freevolt’s RF harvesting system, it requires no special software or changes of existing smartcard infrastructure, enabling it to work seamlessly with 3rd party systems e.g., HID, Salto etc. Another benefit of it being battery-less is that it comes with significantly lower costs. Once a card is deployed, it requires no charging or battery swaps. It also means no costly disposal processes or cell recycling.
Using Fingerprints’ solution, it offers all the benefits of biometrics from one of the world’s leading experts: enhanced security without sacrificing convenience, supporting worryless access.
Having built a smart card from the ground up, using our Freevolt energy harvesting technology, our company now has the opportunity to build on this platform for other use cases such as cryptocurrency, healthcare, payments etc.
What do you think are the key issues facing the access control industry today?
Over the past couple of years, physical and logical access control strategies have had to respond to many new challenges. Flexible and distributed workplaces mean businesses have had to extend their enterprise cybersecurity settings to protect digital estates wherever and whenever employees are working. But it’s not just with cybersecurity where organizations need to rethink access control, as there are new physical security threats to tackle.
Lower footfall in offices means that it’s harder to know if someone you see should or shouldn’t be there. Pre-COVID if you saw an unfamiliar face in the office, you would be inclined to challenge that individual. After two years of remote and flexible working patterns, and with no sign that they will go away, new faces might be more common, and people may become more complacent. What’s preventing this ‘new face in the office’ from using a lost/stolen/borrowed/skimmed non-biometric access card or compromised credentials such as PINs and passwords?
Furthermore, access control strategies now must respond to hygiene worries around shared surfaces such as PINs and touchpads, urging the need for touchless solutions. Granting access through fingerprint verification on your card is a great way to unlock contactless 2-factor security measures without sacrificing convenience or hygiene.
As a solution provider, what drove you to consider integrating biometric tech in S-Key?
We turned towards biometric tech as it is becoming increasingly common in our daily lives as consumers are attracted to the convenience and security embedded in their smartphones, PCs, and even smart locks. Also, given today’s security challenges, many are using biometrics to avoid relying solely on PINs, passwords and traditional access cards, which can be cumbersome and vulnerable, not to mention that they can also be stolen/hacked.
What key criteria were on your list when you were searching for a biometric partner?
When we were searching for a biometric partner, we were looking not just at expertise, but also those that can also help us meet the unique objectives with S-Key.
We wanted a partner that was not only a general expert in sensors and biometric solutions, but someone who had experience in being a market leader across other verticals. We landed on Fingerprint Cards as they are exactly that, having a market leading position in the mobile phone market with a rich history in biometrics since the tech first started coming onto the scene. As such, we are able to channel Fingerprints’ expertise and innovative skills directly into our product, and also work closely with them taking into account the unique design challenges when integrating biometric sensors.
Traditionally, biometric solutions present a challenge with data protection, especially for regulations such as the UK and European GDPR. Yet with the S-Key, this is not an issue as we use the on-device approach championed by Fingerprints, where the biometric data is enrolled, securely stored, matched and authenticated on the card itself. That means no databases of data in the cloud. This supports S-Key’s ability to work seamlessly with existing infrastructure without the need for costly retrofits or software updates to handle biometric data. It also reflects our belief in privacy and that individuals should retain full control of their data. Being able to leverage Fingerprints’ software libraries alongside its sensors was key to developing a secure, privacy-first product that we would be happy to trust our own biometric data with.
Beyond access control, what other potential use cases are possible with biometric cards and what’s on the horizon for Freevolt and the S-Key?
Our vision for S-Key is to bridge the gap between physical and logical access. You might come to work, using your card to get into the building, log onto your machine, release a secure printing job, etc. etc. We really see this unified solution as a key value proposition for widespread adoption.
We also have several other projects in the healthcare and cryptocurrency spaces whereby Freevolt really provides an edge, thanks to its ability to work with just about any RF power source using NFC. Think powering a card with your mobile phone to validate a transaction, or clocking in and out of work, etc.
It’s an exciting time for us here at Freevolt as we continue to invest in our core technology to keep it ahead of the market competition and explore new opportunities in the access control space. We’re glad to be working with Fingerprints as part of our journey.
INTERESTED?
Grab your Identity Week Europe Conference Pass for just £795 now before prices go up! Or bring a team of 3+ to get a further discount with our Group ticket option.
IRIS Corporation, an MSC-status technology innovator and leading provider of Trusted Identification (ID) products and solutions announced today that it has successfully inked a contract addendum worth US$39.70 million or approximately RM167.61 million from Tanzania’s National Identification Authority (“NIDA”).
The contract addendum signed between IRIS and NIDA entails the delivery of Tanzania e Identification (“eID”) cards and services for a period of 18 months, which is expected to provide IRIS with earnings visibility over the contract delivery period.
“I am very delighted with the contract to continue our services of delivering reliable and secure national eID cards and services for the Tanzanian citizens. IRIS was first awarded with a contract by NIDA to supply Tanzanian national eID cards and services in April 2011. Essentially, this addendum reflects highly on IRIS’ capabilities within the global Trusted Identification industry and is a testament of confidence from international governments towards our expertise. Moving forward, we will continue to make a conscious effort to grow our business both locally and internationally while working towards delivering on our existing projects at hand. These projects will drive our continued growth as we continue to pursue new opportunities in our targeted regions to help IRIS maximize shareholders’ value,” said Shaiful Subhan, the Group Chief Executive Officer of IRIS.
Seamless access to services, trustworthy transactions protected from fraud and great user experience – These are just some of the reasons why a strong Digital ID framework is critical for enabling the digital economy.
Leading FranceConnect, a service that enables easy access to online services through the power of public-private sector partnerships, Christine Balian will share her learnings and insights into how they plan to grow their user base from 35 million to 50 million in the coming years.
Christine Balian
Directrice du programme FranceConnect – Cheffe de mission IDNUM
France Government – Direction interministérielle du numérique (DINUM)
Identity Week Asia is back in person at the Suntec Convention Centre this year with 2,500 senior Identity professionals over two exciting days, under one roof.
The organisers said “Every day our industry is rapidly evolving and expanding into new verticals, new sectors, developing new threats and opportunities… NOW is the time to share your insights, experience and ideas with the wider Identity community and firmly establish your brand at the forefront of innovation”.
Photo: Identity Week Asia 2019 – Pam Dixon, Executive Director, World Privacy Forum
With panel discussions, round-tables and keynote slots still available, share YOUR knowledge with the industry this September. Call for speakers applications close 25 February 2022,submit an enquiry now.
KEY THEMES THIS YEAR:
> Document Security Innovations > ID in Financial Services > Fighting Document Fraud > Identity and Access Management > Security Document Manufacture > Digital Onboarding > National Identity Initiatives > Decentralised ID and Blockchain > Digital ID and Biometrics in Travel > ID in Payments and Ecommerce > ID for Citizens > Contactless Biometrics
To enquire about speaking or find out more information, you can submit your details here or contact the Conference Director, Hassan.
INTERESTED IN BEING INVOLVED, BUT NOT AS A SPEAKER?
Alongside our world-renowned conference is our exhibition, where you’ll be able to exhibit your products and solutions to an audience of highly engaged Identity buyers. Why not go further and truly maximise your return by sponsoring the event? Download the event prospectus here or make an enquiry below.
Due to high demand, digital vaccine passports are rushed out worldwide. However, they often have serious data security and validity issues. Let’s see what some of these vulnerabilities are and how ID readers can help in spotting criminals exploiting vaccine passport apps with fake COVID certificates.
Keeping a document on you that proves you received the necessary doses of a COVID-19 vaccine can be a nuisance. However, more and more people accept it as the price of returning to normalcy.
As countries are reopening their borders, there is a justifiable demand for digital versions of our vaccine passports. And states are answering that demand as fast as they can. But due to rushing out these apps, many of them come with severe vulnerability issues.
In this article, we collected the most notorious cases. We also propose a viable option for spotting convincing but forged analog and digital vaccine passports.
Why Is Vaccine Passport Vulnerability a Risk?
We all know that there is no such thing as a perfect mobile application. In many cases, a bug is nothing more than a nuisance. However, vulnerability becomes a priority for apps that store sensitive data, such as the vaccine passport.
New York Times correspondent Ceylan Yeğinsu writes that the main problem is that a passport is a government-issued document for certifying personal data. So “many people fear […] handing over personal and sensitive health information that data controllers can easily abuse.” And unlike medical facilities where laws strictly regulate how such information must be handled, businesses outside the health industry can do whatever they want with our health data.
Panda Security, a manufacturer of antivirus solutions conducted non-representative research regarding vaccine passports, It turned out that 56% of the people worry about the security of their data. Unfortunately, they have every reason to fear falling victim to data theft. In the early stages of the COVID-19 pandemic, four U.S. states suffered from cyberattacks targeting unemployment benefits applicants.
Courtesy of Panda Security
As such, digital COVID certificates should be bulletproof from the get-go. However, these apps had to be developed rapidly to lift travel and social restrictions as soon as possible This resulted in flaws of varying degrees of concern.
Examples of Known Digital Vaccine Passport Vulnerabilities
NYC Safe: One Photo to Fool Them All
It’s hard to tell from a printed vaccine passport whether it’s fake or not, let alone from a photo of the document. This was the case with New York’s NYC Safe application. Heavily criticized for being nothing more than photo storage for paper-based COVID passports, the application allowed individuals to upload any document, legitimate or forged. The weakness of the system became all too evident when it accepted a portrait of Mickey Mouse as proof of vaccination.
NYC Excelsior Pass Wallet: Fake Credentials
The infamous case of this U.S. digital vaccine passport for the citizens of New York State highlighted another type of risk. As discovered by the NCC Group, the NYC Excelsior Pass Wallet application allowed individuals to create and store fake vaccine credentials by simply scanning a phony document. Users could easily exploit the fact that the COVID certificate wasn’t appropriately verified.
Australia’s Express Plus Medicare: Replicating the Animated Validator
Ten minutes. This is all it took for Richard Nelson, a software engineer in Sydney, to expose the vulnerability of Australia’s Express Plus Medicare COVID-19 application. He also proved why QR codes are a must for vaccine passports. The main issue with the Australian COVID certificate is that aside from basic data, it features a supposedly unique animation to demonstrate the passport’s validity. Nelson could easily replicate this animation, allowing him to create as many fake digital vaccine passports as he liked.
Québec’s VaxiCode Verif: Forged Digital Signatures
Like many COVID certificate apps used worldwide, the digital vaccine passport issued by Québec, Canada, uses QR codes containing the necessary vaccination data combined with digital signatures. The digital signature features asymmetric cryptography, using two keys. Theoretically, this guarantees that the validator app doesn’t identify fake credentials as legit.
A cybersecurity expert still managed to fool VaxiCode Verif relatively easily. He generated a key pair and made the public key available at a given website. Then he created two QR codes. One was posing as a valid digital vaccine passport containing the public key and a plain fake COVID certificate. Then he presented the QR code with the public key to the app. It correctly rejected it as a valid COVID certificate but, simultaneously, forcefully downloaded the public key. After that, the app verified the other fake digital vaccine passport as being valid.
We should add that the app’s developers reacted quickly. Soon after the incident, they released a new version that eliminated the problem.
EU Digital COVID Certificate: Vaccinating the Dead
When it comes to the European vaccine passport, called the EU digital COVID certificate, experts usually praise it for implementing the strict privacy rules of the GDPR, especially from overseas. In fact, allowing member states of the EU to develop their own versions of the COVID certificate was a risk, which eventually paid off. That doesn’t mean there were no flaws, however.
Tim Berghoff of GData, a German computer security company, pointed out many issues with the EU certificate’s German version. We’ll highlight two:
In the case of paper-based COVID certificates issued by a pharmacy or a doctor’s office, the accuracy of the data transferred into the app wasn’t verified if the original. Cybersecurity experts managed to validate an EU vaccine passport even though it showed the same date for the test subject’s first and second vaccination.
Berghoff and his team could create a vaccine passport for Robert Koch, a German microbiologist from the 19th century. The EU COVID certificate had no problem validating the vaccination of a long-gone person.
Are Paper-Based Vaccine Passports the Answer?
Not quite. Granted, it seems like a logical step to forget digital vaccine passports and have our vaccination certificates in our pockets.
Like their digital counterparts, paper-based certificates were also rushed out. This led to analog vaccine passports being easily forgeable. In the U.S., the Centers for Disease Control and Prevention (CDC) issued a certificate with data written in ink. It isn’t surprising that scammers took their chance and flooded the black market with fake vaccine passports.
Consequentially, these fake certificates could quickly end up in COVID apps with minimal or no authenticity validation features. This allows unvaccinated people to enter places that require individuals to be vaccinated.
Verifying Vaccination Status
Application bugs and issues will always be discovered and eliminated sooner or later. This is what happened in the case the apps of Québec and the State of New York. Furthermore, virtual COVID certificates – at least those implementing digital signatures – are still more resistant to forgery than their paper-based counterparts. In any case, those who trust analog vaccine passports more should make sure they store them in a secure location.
If you are part of a business and have to verify the validity of digital vaccine certificates, there are two things you should consider. First, check, and double-check the document in front of you. Although some national and international vaccine passports do not feature advanced security solutions like digital signature, they are in the minority. The number of states requiring vaccine passports is rising. Many of them are likely not to accept vulnerable certificates as valid travel documents.
One way to verify that an individual isn’t presenting a fake COVID certificate is by cross-checking it with another ID document. An advanced automated ID reader like Osmond can verify a travel passport’s authenticity while also obtaining virtually all data from travel passports via optical character recognition technology, including the traveler’s name, country of origin, and many more.
About the Author
Balázs Molnár
Hungary
As an International Sales Manager at Adaptive Recognition, I am responsible for the business development in several countries all over the world. We are market leaders in the OCR based technologies industry, and my task is to help our partners, customers find the most suitable solution for their needs in the ID reading & verification technology.
Sensory Inc., a Silicon Valley innovator of machine learning solutions for speech recognition and biometric identification, announces the beta release of SensoryCloud.ai, a complete AI as a Service platform designed for processing voice and vision AI workloads in the cloud. Leveraging Sensory’s decades of experience with voice and vision AI, the SensoryCloud platform is launched with AI services such as Speech to Text, Sound Identification, Wake Word Verification, Face Verification, and Speaker Identification. Additional services and updates will be offered throughout the year.
With SensoryCloud, customers are offered a cloud AI platform that puts them in full control with a focus on flexibility and accuracy. Customers get complete control of how their AI solutions are deployed and how the data is managed and accessed. SensoryCloud delivers a language- and platform-agnostic AI inference engine wrapped in a highly-developed API. Further, the AI experts at Sensory leverage both open-source and proprietary solutions to ensure best-in-class performance and is delivered in containers through an API or light-weight SDKs.
SensoryCloud AI as a Service Includes:
SensoryCloud Speech to Text (STT) – A world-class GPU-accelerated speech recognition engine that can be quickly customized to process application-specific jargon. Ideal for either streaming or batch-mode operations with typical word error rates within trained domains of less than 5%.
SensoryCloud Wake Word Revalidation – Leveraging the experience of Sensory’s expertise in wake word detection, the cloud-based verification of custom, branded wake words enable up to a 90% reduction in false alarm events.
SensoryCloud Sound Identification – Offers an extensive library of sounds with a multi-stage approach optimized for speed, efficiency, and accuracy. Developers can quickly train and learn custom sounds, in addition to the standard sounds like alarms, sirens, breaking glass, crying babies, coughs, sneezes, doorbells, and more.
Sensory historically focused on AI on the edge. However, many embedded clients indicated a strong desire for cloud solutions with degrees of freedom not available from the typical cloud service providers. “We have a history of building fast and accurate AI models, and we paired this capability with some of the brightest and freshest minds in the cloud industry,” states Todd Mozer, Sensory CEO. “The result is a hybrid cloud platform that uses state-of-the-art AI to address customers unique needs for control, flexibility, cost, accuracy, reliability, features, latency, and privacy.”
Identity is at the heart of the financial services industry. Everything from applying for a credit card to closing an account is underpined by the idea of identity; it serves as the conduit to building trust between banks and consumers, while maintaining security of accounts and transactions.
In every financial interaction, banks must be confident that they can correctly establish a customer’s identity without error. Yet, in an increasingly digital world, this is becoming both difficult and expensive to achieve. Managing digital identities in a way that ticks all the boxes requires compliance with regulatory standards, robust fraud prevention, and a smooth end-user experience.
Let’s get digital
To realise the value of digital identities, it’s important to understand the digital backdrop of financial services. Recently, there has been a significant shift towards bringing financial interactions online-first, which for financial services, can be traced to three defining reasons.
Firstly, digitally-led banks have kept traditional institutions on their toes, forcing them to adapt. These industry disruptors have reported over 40% user growth during the pandemic alone, growing to 29 million users in the US alone. Naturally, to maintain the share of the market that legacy banks have, they must look to review, revise, and enhance the experience they provide.
Adding to that, the Covid-19 pandemic has rapidly accelerated the digital banking movement. Recent research shows that in 2020, 82% of all financial deposits were made digitally, largely due to the closure of physical branches and the safety and convenience of online services.
Finally, the vast competition from non-financial actors has made this market incredibly tight. Fintech and payment providers, as well as the entry of big tech, can now offer frictionless self-service, mobile, and 24/7 banking. This is a good indication the digitisation of the financial services industry is here to stay.
Traditional banks are incompatible with modern life
Despite this confidence and interest in digital banking, banks are falling down when it comes to the identity experience. How many leverage customer identities today is unfit for the digital age; the process is often slow, inconvenient, and at times unsecure. Fundamentally, this prevents them from building customer trust and loyalty in the long-term. Critically, Gen Z and millennials are aware of this incompatibility. More than a quarter of millennials have never visited a physical bank branch, and this figure is not set to change. As a primary demographic target, financial services, including banks, cannot afford to lose their
trust by implementing identity checks that could be found in a physical branch over a decade ago.
For instance, those identity checks conducted in person or via a database check with authentication heavily rely on usernames and passwords, KBAs or call centres, which is not synonymous with modern financial services. These ‘all or nothing’ approaches to data comparability is vastly different to the technology available – and expected – in services today. With one in three customers now opting to open bank accounts digitally, banks must reflect these behaviours if they want to remain relevant.
Reshaping the culture around identity in banking
Forward-thinking banks are adopting a digitally-forward approach to identity that allows for a frictionless onboarding experience. Immutably tying identity documents to a real-life human ensures the validity of an individual’s identity and creates a robust and secure onboarding process. Biometrics are one of the key methods to verify customer identities quickly and accurately. It’s also favoured by customers too with as many as 52% of customers suggesting they would rather use biometric checks when opening a bank account.
Ultimately, banks sare staking their reputation on building digital identities into the onboarding process to:
● Improve the experience for the user: digital identity verification is simply faster, safer, and more accurate than traditional means of identification. It is also particularly useful for time-poor and accessibility challenged customers who cannot always reach a physical bank branch before closing time.
● Acts as a buffer against fraud: unlike database checks, digital identity verification can ensure users are who they say they are, through a combination of biometrics and artificial intelligence (AI) checks, making them extremely difficult to breach.
● Relieve pressure on manual checks: banks that leverage digital identities can verify customers using rapid automated checks that do not require manual input. This allows organisations to provide certainty to their customers that their personal details are safe and secure.
A digital approach to identity verification is not only scalable, but also secure, intuitive and device-agnostic. For those banks that are looking to build trust with their customers, and appeal to the Gen Z / Millennial segment, it demonstrates a commitment to security and convenience in the digital world, and ultimately a better delivery of financial services.
Demand for banknotes, personal ID, stamps, payment cards, cheques, and brand protection packaging will continue to grow over the next five years, even as the sector adjusts to a commercial landscape reshaped by the experience of the Covid pandemic.
A dedicated new expert study of the sector from Smithers – The Future of Global Security Printing to 2026 shows total value will increase to $28.89 billion in 2021, up from $28.47 billion in 2020. This positive performance over the worst of the pandemic period was led by increased sales for banknotes, payment cards and brand protection packaging features. Although other segments have seen major falls.
Smithers’ analysis tracks the influence of multiple market drivers that will contribute to pushing total sales in the industry to $35.02 billion in 2026, equivalent to a 3.2% compound annual growth rate.
As the market reorientates to new commercial realities it will create a varied and dynamic situation, which will reward innovation. Smithers’ analysis forecasts the following major changes:
Banknotes, have seen a surge in demand over the pandemic period, this has deflected the broader trend for wider use of electronic payments in the short term. Growth demand will slow over the five-year Smithers forecast period, and central banks and security printers will refocus on alternative payment options, with new contracts largely confined to developing markets
The need for contactless payment and ongoing efforts to integrate the world’s large unbanked population into the modern economy will make payment cards one of the fastest expanding market segments over the same period
Personal ID sales stalled in 2020, but the imperative to develop integrated electronic IDs to manage Covid-19 and wider use of biometrics will support a return of sales as international travel restrictions are relaxed
One segment that has a continuing negative outlook is ticketing. Drops in sales across 2020-2021 will not be recovered. Reduced commuting, more homeworking and the implementation of touchless travel systems, will all lead to further declines in the future
A similar negative outlook is forecast for cheques. Already restricted to a few key national markets – US, India, France – investment in remote or automated payments has damaged demand, and further declines are forecast to 2026 as consumers and organisations transition to more modern alternatives
A more positive outlook is given for brand protection packaging. The twin drivers of greater e-commerce trade and the implementation of traceability mandates will make this the fastest growing segment over the next five years, creating a major diversification opportunities for established security technology suppliers
While mail volumes will continue to decline, new measures to control counterfeiting of goods like cigarettes will see demand for stamp printing increase – with the market refocussed on tax stamps.
This varied outlook – and the need to develop new digital service lines – is driving a reorganisation of many private-sector organisations. It will also be reflected in the outlook for different security components.
Security substrates and print processes will continue to be the two largest components of the market, representing 50.1% by value in 2021. Across 2021-2026 the need for greater supply chain scrutiny and both overt and covert verification technologies will manifest in greater demand for RFID and coding, security inks and taggants. Simultaneously the interest in automated borders, and secure physical and online identity will push a wider use of biometric solutions.