Once upon a time, physical security could be as simple as a friendly security guard with sign-in sheet and a knack for remembering faces, locks on doors and desks, and a fire alarm. These days, access management is much more complicated, and central to securing both physical and virtual assets. As machine, infrastructure, business, government, and social interconnections proliferate at blinding speed, security threats are increasingly difficult to distill, in part because cybercriminals are leveraging them in innovative combinations.
Often, numerous vectors are employed to carry off an attack, including both physical and cyber means of gaining access to valuable data and infrastructure. As we come to better understand the blended and multi-layered nature of most attacks, we realize we must counter with more holistic defenses. The more obstacles we can erect between bad actors and valuable assets, the more likely it is we will stop, minimize, or discourage attacks. Defenses must address physical and virtual threats from external and internal origins. It follows that the more collaborative and converged security measures are, the harder they will be to penetrate.
Thanks to a growing list of safety issues, physical security checks are fairly common, whether you’re opening an account, visiting a client’s office, or catching a flight. It’s not only important to check the identity of visitors and authenticate access, but to keep records of these checks for compliance, reporting, and investigative purposes. But without intelligent verification, the effectiveness of the identification process is unacceptably limited. Just because a visitor has an ID to hand you, doesn’t confirm he is who he claims to be. Conversely, most people expect their ID to be proof enough; no one wants to be treated like a criminal.
There are ample reasons to question the authenticity of IDs, badges, and drivers’ licenses. Given the state of digital imaging and printing technology, fakes are relatively easy to create. Even more concerning is the widespread incidence of identity theft, one of the fastest growing crimes in the US. The Bureau of Justice Statistics estimates 17.6 million Americans were victims of identity theft in 2014.
Crimes related to identify fraud cost US consumers $16 billion that year. Many of those stolen IDs are used to open accounts or make purchases, but they are also leveraged to commit larger scale cyber attacks.
Assuming you have a protocol for checking visitors’ IDs, how do you verify the IDs themselves? There is a key first step that all types of organizations should take to ensure that their visitor management, access control, and customer onboarding processes are efficiently and accurately verified. Advanced scanning solutions, including mobile and kiosk-based options, can scan IDs and badges, digitize the information contained therein, populate it to databases, and automatically connect to backend data sources (e.g., DMV and credit bureaus) for cross referencing. The transaction takes place seamlessly and can be completed anywhere you can use a mobile device. The scanning technology removes the tedious and error-prone task of manual data entry. Instead of staring at a keyboard and screen, security guards, bankers, sales reps, and front desk staff can focus on personal interactions and watch for red-flag behaviors.
Maintaining physical and cyber security is more feasible when bad actors are caught at the perimeter, before they can enter a system (building or network) and begin criminal activity: stealing laptops, smartphones, thumb drives; casing a location; opening a fraudulent account; stealing a car during a test drive; even picking up a child outside of permitted custody arrangements.
Many institutions operate under regulations that require collection and verification of customer data, but must create an appealing customer experience. If the onboarding process feels like an interrogation, it’s hard to make customers feel welcome. Automated scanning and verification solutions help account managers complete their compliance and fraud prevention tasks without alienating the prospective client. The information entered into their systems is accurate and verified from the first step, so all the back end processes relying on that information are secure as well.
In the past, different departments have managed physical and cyber security systems, but experts argue that a holistic approach to enterprise security calls for greater convergence. For example, access to corporate equipment would be tied to identity scans in the lobby, so anyone bypassing the security checkpoint without being scanned would be unable to login to any terminals or access control points. Enterprise-wide security alerts could be sent and received by all security staff, whether physical or cyber, in a more efficient and collaborative manner. This approach dovetails with the trend toward identity-based security measures.
In any organization, the web of security relies on many factors, from human intuition and observation to hidden associations discovered by cross-referencing databases. As our personal, professional, and economic lives become increasingly digitized and interconnected, the convergence of physical and cyber security becomes more imperative. Security experts know that gaps between systems represent vulnerability and risk. Smart scanning and identity verification solutions seamlessly connect people and processes at crucial access points, enhancing both safety and service.
Yossi Zekri is President & CEO of Acuant, the leading provider of identity solutions. The company’s patented technologies have been transforming unstructured customer data into useful and insightful information through a technology-driven process that automates intake, increases accuracy and adds value to its partners’ applications.