New Revision: ANSI X9.84-2018: Biometric Information Management and Security for the Financial Services Industry
Verification and identification are concrete methods for proof. Authenticating individuals is important for a variety of purposes, and financial services is certainly one of the industries in which clear, reliable, and repeatable verification of an individual is crucial. Several identifying means exist to conduct this process, but biometrics has the backing of a person’s nearly permanent features or behavior.
Biometrics is highly advanced today, but, as a practice, it is really nothing new. As it provides numerous resources but ultimately serves as the “something you are” identity factor, biometry has been depended upon since long before the advent of modern and emerging technologies.
For example, there’s fingerprint biometrics, in which the unique pattern of friction ridges and valleys found on a person’s fingertips identifies that individual. These loops, whorls, and arches naturally chiseled into a person’s digits have been classified under several main types and subtypes by law enforcement agencies (e.g. the FBI) for over a century.
As discussed by ANSI X9.84-2018, other biometric methods have analog roots. One of the more basic technologies, iris biometrics, harnesses the specific usefulness of the colored portion of the eye surrounding the pupil. Today, iris biometrics is advanced with the aid of specialized video cameras. Additional physical features are captured through face and voice biometrics.
Biometrics also involves the capturing and cross-referencing of behavioral features, such as with gait analysis. According to ANSI X9.84-2018, there are three basic biometric processes: enrollment (the process of collecting biometric samples from a person and the subsequent generation and storage of biometric reference templates), verification (a “one-to-one” comparison), and identification (a “one-to-many” comparison).
ANSI X9.84-2018 details this information methodically, thoroughly touching upon the various aspects of biometrics. Overall, the American National Standard describes the security framework for using biometrics for authentication of individuals in financial services. In addition to detailing the background information on biometric technologies, it covers the architectures for implementation, minimum security guidelines for effective management, and control objectives and recommendations for use by a professional practitioner.
In describing the cryptographic guidelines, techniques, protocols, and syntax for the storage and transfer of biometric information and for using biometrics as an identification and authentication mechanism for secure remote electronic access for financial services or other industries, ANSI X9.84-2018 aligns with similar financial industry standards.
ANSI X9.84-2018 was written by the ANSI Accredited Standards Committee X9 (or just X9). X9 develops and maintains open consensus standards for the US financial services industry. With the burgeoning of electronic communications across public networks, such as the Internet, and the rapid advancement of technology, the financial industry has been seeing both improved services and, unfortunately, increased risk. ANSI X9.84-2018 is just one of the many financial services standards published by X9 that confronts the issue of information management in the face of vast interconnected technological networks.
ANSI X9.84-2018: Biometric Information Management and Security for the Financial Services Industry is available on the ANSI Webstore.