(ISO: Geneva) -- The International Organization for Standardization recently published a standard to increase the security of financial transactions over electronic media. ISO 19092:2008—“Financial services—Biometrics—Security framework,” establishes security requirements for implementing and managing biometric identification technology in the financial industry.

The development of computer-based technologies has brought about a revolution resulting in a proliferation of electronic transactions. This has produced a phenomenal reduction in costs and improved efficiency within the financial industry. Trillions of dollars in funds and securities are transferred daily through electronic communication.

Biometrics is increasingly considered a reliable means of identification. It includes technologies such as finger imaging, voice identification, eye scanning, and facial imaging. Its advantage and appeal lie in its convenience, ease of use, level of apparent security, performance, and noninvasiveness.

ISO 19092 describes the security framework for using biometrics to authenticate individuals in financial services. It introduces the types of biometric technologies, addresses issues concerning their application, presents the architectures for implementation, specifies the minimum security requirements for effective management, and provides control objectives and recommendations. It also promotes the integration of biometrics into the financial industry and the management of biometric information as part of the overall information security-management program of the organization.

ISO 19092 addresses the following topics:

• Usage of biometrics for the authentication of employees and persons seeking financial services by verification of a claimed identity and identification of an individual
  
• Validation of credentials presented at enrollment to support authentication as required by risk management
  
• Management of biometric information across its life cycle comprising the enrollment, transmission and storage, verification, identification, and termination processes
  
• Security of biometric information during its life cycle, encompassing data integrity, origin authentication, and confidentiality
  
• Application of biometrics for logical and physical access control
  
• Surveillance to protect the financial institution and its customers
  
• Security of the physical hardware used throughout the biometric information life cycle.
  

“ISO 19092 offers a valuable international consensus-based tool to the financial industry that will encourage the secure implementation of biometrics as an authentication method within this sector. This standard is one step ahead, paving the way for the next generation of safer and more reliable financial transactions, increasingly important in today’s electronic era,” comments Mark Lundin, chair of the ISO subcommittee that developed the standard (subcommittee SC 2—“Security management and general banking operations” of ISO technical committee ISO/TC 68—“Financial services”).

For more information, visit http://www.iso.org/iso/pressrelease.htm?refid=Ref1111.