Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Fingering Transactional Strong Authentication

By Gregg LaRoche
March 1, 2008
By simplifying application workflows, providing clear audit trails and minimizing risk of errors, unauthorized access and system abuse can also be minimized.


Sensitivities surrounding electronic transactions, identities and authorization are running high.  On one side, the business case is hugely appealing as authenticated electronic transactions promise a far more efficient -- and theoretically, accountable -- order system.  On the other side, those who are tasked with managing risk via government regulations or internal policy see the rapid uptake of electronic systems as fraught with known and unknown weaknesses that must be accounted for as a prerequisite for any green light.  

As a result, independent software vendors and technology advocates at organizations are pushing to create better policy with sensible, as well as efficient, automation.  Software vendors now seek to insert transactional strong authentication into an application’s workflow in order to help customers address increasing policy and regulatory compliance requirements mandated in numerous industries, states and countries. 

TWO-FACTOR AUTHENTICATION

By closing down the gaps between authentication (who you are), transaction (what you are doing) and authorization (what you may do) to absolute zero, organizations can ensure transactions are properly and traceably authenticated.  Thus, eliminating compliance and policy risks including unauthorized data transfers, complicated workflows and illegitimate or erroneous transactions.   It is up to the technology solution to ease concerns on both sides of the electronic transaction discussion.

As identity-based regulations become more common and stringent across many industries, transaction-level authentication will be the norm in any situation where a person’s identity is an important element of the transaction.  An early example of this is in Ohio where its Board of Pharmacy has instituted a requirement for two-factor authentication for controlled drug prescription orders.  The authentication requirements may include countersigning, multifactor authentication or strong passwords to bolster policy enforcement and compliance where these efforts are most important – immediately prior to completing the transaction.

By simplifying application workflows, providing clear audit trails and minimizing risk of errors, unauthorized access and system abuse can also be minimized.  And Ohio’s “Positive Identification” electronic pharmacy authentication requirement is just the beginning of these types of regulations -- more will emerge across states and industry sectors such as those that include sensitive human resource tasks, drug ordering and handling, tracking transactions in retail or institutional banking and warehouse inventory management.

REGULATIONS GET INVOLVED

In addition, other industries are keenly exploring transaction-level security.  Wherever there is a need for an absolute audit trail, wherever there is strict regulation like GLBA, HIPAA and PCI -- whether government-driven or industry-driven -- transaction level security is becoming a crucial element that both companies and software vendors must take into consideration as organizational processes shift toward paperless transactions. Here is a snapshot of notable industries and the activities that are sparking interest in transaction-level security.
  • Healthcare: electronic pharmacy transactions involving either high-value or high-volume purchases of prescription drugs.

  • Banking: electronic funds transfers where cash is moved in and out of accounts.

  • Legal: document and transaction tracking is key to ensuring a deal is legitimate and authorized.

  • Pharmaceutical: adding or updating testing data.

  • Manufacturing/logistics: controlling inventory.


WHAT DOES THIS ALL MEAN FOR THE SECURITY ENTERPRISE?

What is needed is a closer connection between the application and the actual transaction.  Authentication at the point of transaction ensures the transaction is made confidently and securely.  The use of strong authentication options, including fingerprint biometrics, one-time password tokens and smart cards ensures tight security while providing optimal user convenience.  

Software vendors in virtually every sector are beginning to explore how to address the growing issue of positive identification for these sensitive transactions.  It will be important for those software companies to seamlessly connect their transaction systems with the identity management systems in use, or being considered by their customers, that maintain credentials and authorizations for employees to ensure security and efficiency.  This will become a central part of an identity management strategy for any company dealing with sensitive electronic transactions in the era of positive identification and paperless work environments.

In an increasingly compliance-driven enterprise, accountability and transparency are integral in promoting efficiencies, eliminating fraud and resource misuse, and ensuring proper reporting.  The ease with which electronic transactions can be made underscores the need for a company today to be confident and comfortable with who is making them from which software systems.  Transactional strong authentication will play a much bigger role as corporate, industry and government policy-makers crack down on vulnerabilities, so take stock of how this will impact your security organization and be prepared to serve a greater role in the transaction process. That is the future of security management.  

SIDEBAR: Identifying a Solution

By far the most populous jurisdiction in the greater Washington, D.C., area, Fairfax County, Va., employs more than 1,300 police officers. In 2006, the Fairfax County Police Department (FCPD) fielded more than 250,000 requests for police services.

The county’s most recent advancement is the addition of handheld biometric terminals that cross-reference the county’s regional fingerprint database with its photo files, which improves the accuracy of ID discovery by FCPD officers in the field.

This busy department moved ahead of the technology curve back in 1983 when it agreed to participate in the Northern Virginia Automated Regional Identification System (NOVARIS), an automatic fingerprint identification system (AFIS) database that served as a common resource for several adjoining municipalities. But in 2004, Fairfax learned that its system, along with several others regional AFIS systems, would be declared obsolete and no longer be maintained by 2008. So FCPD, along with D.C. and Maryland police, began identifying funding to upgrade and expand NOVARIS into a fully integrated regional system with high interoperability, increased search speed and improved imaging capability. Together, they secured an Urban Area Security Grant and a grant from the Department of Homeland Security totaling $14 million.

The county’s NOVARIS integrator recommended the DSV2+TURBO from Datastrip Inc. The handheld biometric terminal has a fingerprint scanner and card reader, and it can also take photos on the scene. Further, these mobile units were easy to clear through purchasing pro forma because they are certified under the Homeland Security Presidential Directive (HSPD-12) and the General Services Administration’s FIPS 201 evaluation program.

“Obviously, system compatibility, accuracy and reliability were our highest priorities,” said Lt. Vincent Byrd, FCPD’s project manager. “This solution provided a number of additional benefits. It is Windows based and functions like a PDA, so it was already familiar to officers. The units were also customized to touch screens so that officers don’t need a stylus, which makes for one less thing to manage in the field.”

To date, Fairfax County has purchased 130 of the two-pound terminals, which Fairfax and Montgomery Counties and Washington, D.C. Metro police are currently using. Other NOVARIS agencies and jurisdictions are expected to build the installation base through 2008 and beyond.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Gregg LaRoche is director of product strategy at Imprivata (www.imprivata.com).

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing