Sabric's deal with the Department of Home Affairs to allow banks to conduct online fingerprint verifications of its clients has moved on to its third phase.
This agreement means banks will have access to the Home Affairs National Identification System (Hanis) to verify the identity of current and prospective clients, since Hanis is a database of South African citizens' ID numbers, fingerprints and photos.
The project has not been given an implementation date as yet, but has progressed into its third phase, according to Sabric CEO Kalyani Pillay.
“Estimating an implementation date is extremely difficult, given the magnitude of the project. The project is, however, a high priority within the banking industry and all efforts are being made to progress the project as speedily as possible.”
Phasing in
The first phase of this ID and fraud prevention project was completed last year, and proved the feasibility of online fingerprint verification of banking clients, says Sabric.
The second phase looked at the prerequisites for formally implementing and rolling out access by banks.
Pillay had previously said the cost of the project is nominal and will be determined when the rollout is being planned.
She explains that the third phase has been tasked with this duty. “This phase will be focusing on costs and will provide the necessary data for all stakeholders to complete their internal business cases.” This is a prerequisite for rollout.
“It is expected that another phase during which IT specific issues will be addressed, will be necessary before rollout,” adds Pillay.
Risky business
“We are very excited about the prospects of this unique project, as we anticipate that it will assist the banks in reducing application fraud and identity theft. Banks have a challenge regarding the authentication of the identity of clients given the scale of fraudulent documents in the country.
“We anticipate that the project will help with the prevention of crimes such as falsified facility applications and account takeover fraud,” says Pillay.
However, managing partner of IT advisory at KPMG Frank Rizzo expresses some concern about this system, since the information attached to one's fingerprint is personal, and is now being distributed to a wider system.
“The information is very sensitive, so we have to see that the proper security measures are in place. What are the security measures and the destruction methods?”
Rizzo questions what a bank will do with the information of individuals if they are no longer with that specific bank. He says deleting the information will be the ideal destruction method, because customers cannot change their fingerprints as they do their pins or passwords.
Pillay says: “The integrity and security of the system and data will not be compromised at all. All the parties concerned with this initiative will take the necessary steps to ensure this.”
Rizzo sees the value in this system, but insists that the appropriate security measures be taken. “The advantages are huge. It's a very strong method for the proof of authentication. I think the initiative is great, but I'd like to see the proper security measures in place.”
Share