| Using
Biometrics for Fraud Mitigation: Biometrics
offers much more than just simple password replacement. With unique, innovative
technology, biometrics can protect not only the logon,
but any part within the powerful SAP application, to prevent costly
incidents within the system.
bioLock
- First System to Protect
and Identify:
bioLock
– Extra Security for All Critical Areas:
The bioLock system adds a second
layer of protection (a biometric "door lock")
on any critical area or function of your SAP system. In
addition to the SAP User authorization users need a
"special invitation" from the bioLock
system to execute protected functions.
Common
Areas that receive bioLock Protection:
-
User
Logon
-
Finance
-
Human
Resources
-
Purchasing
-
Research
Once a transaction or
function is requested, such as displaying a balance
sheet, creating a purchase order or issuing a wire
transfer, the bioLock system will pop up a window
requesting a biometric verification. A person's finger
has to be placed on the sensor in order to proceed.
bioLock
Verification Process:
-
The
user's finger is placed on the sensor
-
Immediately
bioLock scrolls through the database templates to
find if the finger is registered
-
If
the template is not found: the task will always be rejected, even if
executed by an administrator with all access rights!
-
If
the template is recognized:
the system will then check the bioLock settings with
pre-defined special permission settings that
indicate the user has authorization from bioLock and
will then accept or reject the request
-
Executed
and rejected tasks will be logged in the log file for
auditing purposes
| The
Purpose of the bioLock Verification Process:
This process
ensures that even authorized users cannot commit
fraud using other people's user profiles.
For
example: If
an authorized user, John, tries to make a wire
transfer using Peter's SAP user id, his attempt
will be rejected, but it will clearly state in the
log file that John - uniquely identified with
biometrics - tried to attempt fraud with another
person's user profile. Thus the fraud attempt was
successfully prevented.
|
Biometric
verification is required to continue
|
|
Identification
and Conviction is Finally Possible! |
bioLock
is a Unique Verification Process for Fraud Prevention:
For
the first time, fraud can be identified,
prevented, and the attacker can be questioned or
even arrested in "real time" since
biometrics has uniquely identified the individual
within the SAP system. Of course, all
critical tasks that John does while being logged
in as John will be recorded in the user profile as
well. Auditors always have proof of who did what
and when in the system and this can help your
company to identify, prevent, and deter fraud.
|
Approximately
25% of Internal Frauds caused at least $1 Million in
Losses:
-
Median
loss for first, single incident was $159,000
-
One
quarter
caused at least $1Million in losses
-
9
cases caused losses of $1Billion or more
The
so called “occupational fraud” (also known as
internal theft) and abuse imposes enormous costs on
organizations. Participants in the study estimate
U.S. organizations lose 5% of their annual revenues to
fraud. The
study also points out that currently it is nearly
impossible to detect fraud. Most fraud is detected by
"whistle blowers" who accidentally see illegal
activities and are responsible enough to report it. It
takes an average of 18 months to detect fraudulent
activities! Link to study: (pdf)
(Source:
2006 Study - Association of Certified Fraud Examiners
– www.acfe.com)
Innovative
Biometric Technology can help Correct and Secure many
Typical Problem Areas:
w
SAP Logon: Unauthorized users use or share SAP User ID’s, even at different locations at the same time
w
HR: Protect and secure HR information including health insurance, salaries and social security
info
w
Finance: Prevent tampering of payment releases, salaries, wire
transfers, requesting or changing budgets
w
Balance Sheets: Access to any internal company information
w
Research Data: Research data that is stolen or changed
w
Purchasing: Unauthorized users purchase unauthorized items
w
Workflow Approval: People use supervisors password's
with or without them knowing about it
w
Fast User Switching: Users are supposed to log in and out for minimum tasks
(bank, hospital, warehouse)
w
Convenience: Remember multiple passwords that could require up to 15 characters
w
Compliance: Passwords offer NO True Identity
Management (SOX, Section 404, Internal Controls)
20
Ways to get Passwords to any SAP User Profile:
-
82%
of all passwords are written down
-
40%
of all users share passwords frequently
-
Password
crackers crack 80% in 30 seconds
-
Passwords
are not encrypted between computer and SAP system
The California State University, Fullerton has researched 20 ways to get somebody else's password. Paul
Sheldon Foote, Ph.D., Professor of Accounting at the
University is leading the research project and has been
featured in an SAP TV movie about Sarbanes-Oxley and
Pete Gunn in a movie about bioLock at NASA (Link
to movie).
|
Paul Sheldon Foote
Professor of Accounting, California
State University
|
Kenneth
"Pete"
Gunn
Director Safety and Security, Florida Space
Authority
|
|
Prof.
Paul Sheldon Foote about Passwords:
|
Kenneth
"Pete" Gunn about Passwords:
|
|
"Finding
passwords on a person's desk, telephoning to ask for a
password, packet sniffing, phishing, spoofed
(fraudulent) websites, phone phishing, pharming, and
vishing are only some of the successful techniques for
password fraud. The end of an era of corporate
contributory negligence will arrive when corporate
leaders accept the responsibility of implementing
multiple biometric authentication protocols."
|
"Seize
the moment and go forward with biometric
technology. That is the way of the future, because
current systems where you have to develop a pin or
a password - that is too expensive and too cumbersome
and it is a major weak spot in the security
makeup."
|
|
Download
the Fishing for Password document to learn how dangerous passwords really are
(pdf).
|
View
other security comments from Pete Gunn, Paul Foote
and other industry experts in a 2 minute movie
clip (wmv).
|
|
|
View
a Demo of our Fraud Mitigation Approach in the SAP
system:
Learn how biometrics can overcome the
limitations of passwords
and help you to prevent
costly fraud within your SAP System.
w
Streaming
Video (wmv)
- wired high-speed access required for best quality
w
Download
Video (zip)
- recommended for better viewing experience and to share
w
Power
Point Demo (ppt)
- view the demo via slides with screen shoots and
detailed explanations
Act
Now and Fasten Your System’s Seatbelt:
When
we get into our cars most of us automatically
fasten our seatbelts!
Accident
statistics, as well as daily news stories, prove
that using seatbelts prevents damages. In the industry
news, we see companies
"being hit" with fraud and
the resulting major financial damages on a daily basis.
Fraud statistics confirm the dramatic increase! Fasten
your "System’s Seatbelt"
NOW and act, BEFORE your
organization gets "hit"
with major financial damages and bad press! Our
innovative security measures can help your company to
avoid the loss of significant amounts of time and money,
and to also avoid negative impacts on your professional
reputation.
Fact
is: Most companies spend more
on
coffee than on security!
Allow
us to educate your team further:
Please
contact us for any questions and to schedule a personalized, educational
demonstration of our biometric identity management
solution, bioLock,
for your team.
Contact
us: Intl. +1-813-283-0070, Toll Free 1-877-bioLock
or Email:
Info@bioLock.us
Download
this information as PDF and share it with your
auditors,
compliance, security and business teams (pdf)
|
