Biometric authentication will augment current EMV chip card - "I see" series

I DECIDED TO PUBLISH WHAT “I see” IN THE TECHNOLOGY SOLVING OUR CRITICAL ISSUES. SOME OF THEM MAY BE ALREADY IN THE LAB AND SOME ARE NOT. THIS IS THE FIRST ARTICLE IN THIS SERIES

I see…

We will see biometric authentication integrated into today’s EMV chip as next step of evolution in – credit card payment system security.

I see an opportunity to further secure existing payment system by adding another layer of security. If we integrate biometric authentication (Fingerprint) technology with the current Chip Card (EMV - Chip and Pin) then Debit / Credit /ATM card will be more secure. Current EMV – chip and PIN card protects identity theft only. There is no security at card owner level. Anyone can use the physical card because there is no security at card owner level. The biometric authentication (fingerprint) technology is now very matured, so it can eliminate this security gap by adding an additional layer of security to the current EMV (Chip and Pin) cards. If we integrate the capabilities of both technologies in the future debit/credit/ATM card, we will be able to protect our card from the wrong person or agent. Addition of biometric/fingerprint to EMV – PIN and CHIP card will give us an extra protection. Integrated chip solution will allow only the right owner to use his/her card. It will eliminate many business processes that providers, merchants, and card holders currently going through. The new chip card will also reduce operational expenditure.

This is just my thought. I assume this thought may be already in some OEM’s Lab and they are developing the new authentication chip, new process flow, and creating a prototype.

Making IT system highly secured and resilient

Recent news – Oracle systems hacked, Delta system down, Amazon system outage are becoming very common news. We have all the technology and solution to avoid these situations.

IT security and business continuity has always been a concern for IT professionals. Worldwide political events, privacy concern, regulatory demands, external attacks, corporate financial crises, and identity theft have contributed to making security management and systems resiliency a boardroom level priority. Enterprises want to make their IT Infrastructure resilient and they also understand the need to maintain service levels to satisfy today’s dynamic business. Maintaining a secured and highly resilient system needs innovative thinking.

We will notice Business continuity of most enterprises focus upon a defensive resilience posture, it consist of three building blocks – Recovery, Hardening and Redundancy – these are widely recognized as vital ingredient for successful business continuity plans. A defensive posture is useful in protecting the organization and its revenue streams but it does not directly help the bottom line.

An offensive resilience posture also consists of three building blocks, which are focused upon improving the organization’s competitive position – Accessibility, Diversification and Autonomic computing. In practice these building blocks can be used all together or in various combinations depending upon need. For example diversifying operations might allow hardening to be limited other than at sites where critical applications and data reside. The resiliency building blocks are illustrated diagrammatically bellow.

.

I consider business resilience encompasses business as well as IT and it can be thought of as spanning six discrete layers: Strategy, Organization, Process, data/application, technology and facilities/security.

Strategy includes:

1.     Governance Strategy

2.     Financial strategy

3.     Continuity strategy

4.     Communications strategy

5.     New product/services strategy

6.     Risk management.

Organization includes:

1.     Roles

2.     Responsibilities

3.     Structures

4.     Skills

5.     Cross-organizational cooperation

Process Includes:

1.     IT Process

§  Change management

§  Problem management

§  Incident management

§  Availability management

2.     Business Process

§  Sales Order

§  Financial

§  CRM

§  Claims processing

§  Business controls and System Management Process (IT  Infrastructure Library)

3.     Cross-Functional Process

§  Business Continuity

§  Quality Management

§  R&D

§  ERP

Applications and Data include:

1.     Data security

2.     Data storage

3.     Application architecture and design

4.     Backup and recovery

Technology Includes:

1.     Hardware architectures

2.     System software

3.     Middleware

4.     Networks

5.     Delivery channel

6.     Disruptive technology

Facilities and Security include:

1.     Physical and logical security

2.     Safeguard access

3.     Power protection

4.     Environmental considerations

5.     Security Architecture of the Systems / IT Infrastructure

This model itself is scalable and can be applied to an enterprise, to an individual location, a key business process or IT system. Clearly, a number of lower level considerations embedded in each layer. For example, the Facility/Security layer should consider various aspects of physical and logical security, power protection and environmental consideration.  Business Resilience achieve by implementing continuity, availability, security, recovery and scalability spanning and supporting six discrete layers outlined above combine to deliver Business resilience.

Developing technology strategy to support today's dynamic business environment

Developing technology strategy for an enterprise become more and more complex. Today’s dynamic nature of the business, rapid change of technology, frequently evolving new technology solution making strategy development an on-going effort. Enterprises are monitoring and revisiting strategy and technology road map periodically and modifying accordingly. Even strategy development for next couple of years is a big challenge for enterprises. Architecture thinking and decisions are playing a pivotal role. As always business drivers are the fundamental driving force behind all Architectural Principles, Policies, and Decisions. Innovative thinking is essential for all architecture decision, well thought-out principal and policy can help the enterprise to protect their IT investment. Architect needs to take a holistic look while validating the motivation and implication of all decisions.

If we take a simplistic approach in developing strategy for today’s environment, we will find Market trend, Global Technology Outlook, Customer centric design, and innovative ideas – use cases are major influence factors when we establish a business vision. Similarly we see business needs to consider business innovation, new product, new business model, and business processes to augment current or adapt a new business line. Following self-explanatory picture depicts a strategy development approach in today’s environment.

Infrastructure architecture is the paramount issue for all business leaders to accommodate disruptive technology such as Mobile, Cloud, Internet, and Analytics.  These technologies need robust infrastructure and well thought out underpinning hardware, software, and right technology solution. Digital business imperatives are pushing enterprises to modernize their infrastructure and new architecture for applications. New generation mobile application, Internet of things (IoT), network-speed computing, and high performance enterprise will require maximum efficiency, agility, and speed.  Innovation across the entire stack can only help to capture the business growth opportunities created by the new technologies. Therefore business will be transformed by these system improvements, like transition from reactive to predictive analytics, from static to streaming data, from real to virtual prototypes, from batch to interactive computing. Aggregation of compute intensive, application-specific appliances and storage sub-systems, optimized network, along with middleware and system software will provide compelling differentiation in the new paradigm. 

Anticipating those changes strategy development process need to go beyond traditional development process. Enterprise can be in advantage position by utilizing wealth of information, capturing opportunities created by moving from fragmented global footprints towards true global integration. Enterprises need to think, how they should adapt to the expectations of its new clients and the ever faster pace of change that it brings? 

NOTE:  For detail method and technical paper please contact me.