HMRC scandal prompts calls for using biometrics to secure data
A U.K. government agency lost discs carrying the personal information of 25 million Britons; voice-recognition specialist says that if we were to rely on biometrics rather than on other means of identifications — such as those on the lost discs — we could make the storing of such information unnecessary
The HMRC scandal in the United Kingdom last month, in which discs carrying the personal information, including banking information, of about 25 million U.K. citizens were lost, has brought new worries to the fore about Big Brother: This time it is not about whether he can collect information about people, but whether he can keep that information. The mishap prompted many industry pundits to speak out. VeCommerce’s general manager for one has spoken up about reducing the reliance on sensitive data as a means to eradicate fraud. VeCommerce is a voice recognition and verification specialist, and it claims that when the HMRC (Her Majesty’s Revenue and Customers) office lost the two discs containing the personal details of 25 million U.K. citizens, there would have been far less cause for concern if there was not such a heavy emphasis on storing personal data for verification purposes. The firm’s general manager for EMEA, Brett Feldon, claims that the HMRC incident is just the tip of the iceberg and a manifestation of what is happening on a smaller scale, every single day. “Unfortunately it has taken a larger breach such as this, to bring the issue to a wider audience. Yes, there were certainly shortfalls in HMRC’s security procedures, but the risks come from the fact that individuals have access to sensitive information,” says Feldon. “These can include a large range of groups including professional hackers organized crime or even a call centre operative. The question is less about ‘how secure is our data’ but why are we relying so heavily on this data for verification purposes. If we didn’t this whole incident would have been a non issue.”
Feldon says that what should be scrutinized is not necessarily the actions of the employee or department that lost the discs, but rather how it might be possible to nullify the effects of personal data falling into the wrong hands. “At present, this type of information, that it is assumed only the legitimate individual has access to, is used to verify someone’s identity and subsequently gives them the power to open bank accounts, make purchases, transfer funds or even apply for a passport under someone else’s name,” he says. Feldon nominates biometrics as one way identity issues could be attacked, with individual voice prints used to by-pass the need for sensitive data to be stored in, as we see from the HMRC scandal, potentially insecure databases. Privacy advocates may still have objections on this front, but Feldon claims that if a biometrics system is in place, losing this data would be embarrassing for the organization concerned, but not dangerous.
U.K. financial institutions are currently looking into voice biometrics as a means of verification, while some insurance firms in Australia are already using these authentication systems. Feldon adds that access to data should be granted to a few trained IT technicians, rather than to employees en masse. “Isn’t it far more secure and more cost-effective in the long-run to allow just a few trained IT personnel access to this sensitive data, rather than try and train and control literally thousands of call centre staff and administrators, distributed around the world?”