Security may be a concern in a biometrics deal signed between the South African Banking Risk Information Centre (Sabric) and the Department of Home Affairs (DHA).
Sabric, on behalf of South African banks, signed the deal with the DHA, which allows banks to conduct online fingerprint verification of bank clients.
The agreement means banks will have access to the Home Affairs National Identification System (Hanis) in order to verify the identity of current and prospective clients, since Hanis is a database of citizens' ID numbers, fingerprints and photos.
However, Frank Rizzo, MD of IT advisory at KPMG, has expressed some concerns about this system, since the information attached to a person's fingerprints is personal and would now be distributed to a wider system.
“The information is very sensitive, so we have to see that the proper security measures are in place. What are the security measures and the destruction methods?”
Rizzo questions what a bank will do with the information of individuals if they are no longer with that specific bank. He says deleting the information will be the ideal destruction method.
He explains that, if someone fraudulently accesses the information of an individual in this case, banks can't simply change their fingerprint like they would a PIN code. He feels this makes the system and the information within it even more sensitive.
Rizzo sees the value in this system, but insists the proper security measures must be in place. “The advantages are huge. It's a very strong method for the proof of authentication. I think the initiative is great, but I'd like to see the proper security measures in place.”
However, Sabric CEO Kalyani Pillay says: “The integrity and security of the system and data will not be compromised at all. All the parties concerned with this initiative will take the necessary steps to ensure this.” She also adds that the system has no negative implications that have been identified emanating from the Privacy Bill, in its current form.
DHA director-general Mavuso Msimang says: “The project symbolises the public-private sector collaboration in combating potential identity crime. For us, this project signifies our stance, as custodians of South African citizens' identity, that all necessary steps will be taken to ensure the integrity of a person's identity is protected and maintained.”
The first phase of this ID and fraud prevention project was completed last year and proved the feasibility of online fingerprint verification of banking clients, says Sabric.
The current phase looks at the prerequisites for formally implementing and rolling out access by banks. Pillay says that, once this phase is over, which will be in a few months, the project will be implemented.
“Currently, the cost [of the project] is nominal. The full cost will be determined when the roll-out is being planned,” notes Pillay.
Related story:
Banks to access Home Affairs data
Share