“A reported passkey vulnerability has been walked back, and FIDO is recommended as the fix to the vulnerability of “phishable” MFA wreaking havoc on corporate networks around the world.
“The PoisonSeed attack reported by security company Expel earlier this month does not give access to protected assets, if the FIDO Cross-Device Authentication flow is properly implemented.”
Proper implementation and configuration is essential.
When I started in biometrics 30 years ago, the most important operational biometric standard to me was what was then called the Electronic Fingerprint Transmission Specification or EFTS, published by the Department of Justice’s Federal Bureau of Investigation (FBI).
Record types from the 1993 ANSI/NIST standard.
Unlike the ANSI/NIST biometric data interchange standard, the EFTS can actually be used out of the box to transmit data. The ANSI/NIST standard doesn’t define any “Type 2” fields, nor does it define any “types of transactions” (TOTs). EFTS did.
State police agencies have their own law enforcement transmission standards. Here’s New York’s version (PDF).
Other U.S. federal agencies such as the U.S. Departments of Defense and Homeland Security have transmission standards.
Other countries have their own transmission standards.
Multinational agencies such as INTERPOL have their own transmission standards.
Luckily all the different standards have some basic similarities, but if you have a mobile biometric device that must submit to DOJ and DoD and DHS, you need to switch to the proper profile for each submission.
Last week I downloaded two different standards so I could understand the TOTs. I would have downloaded a third, but the agency restricts its distribution.
Word up
But I will tell you the biggest frustration I have with the standards.
In the EBTS and some other standards, there is a type of transaction referred to as “Criminal Ten-Print Submission (No Answer Necessary).” The abbreviation for this TOT is CNA.
Microsoft Word in default mode auto-corrects this from CNA to CAN.
Imagen 4.
CMOs, I can help you
But I’ve overcome this frustration over 30 years of immersing myself in all things biometric-translation related. This experience is benefiting a Bredemarket client that communicates with end customers regarding many of these standards.
Can my experience benefit you as your organization produces content, proposal, and analysis materials on a deadline? If Bredemarket can help you catch up or get ahead, let’s talk.
If you hear a fingerprint person discussing a “bifurcation,” the definition is pretty simple.
“The point at which one friction ridge divides into two friction ridges.”
And if you think of fingerprint ridges as black lines on a white background, then a bifurcation is the exact opposite of a ridge ending.
The fingerprint image is from an appendix to the National Institute of Standards and Technology’s 2003 Fingerprint Vendor Technology Evaluation (FpVTE).
Yeah, THAT FpVTE. I remember it well from my days at Motorola…not a “top 3” vendor.
“Businesses are rapidly adopting biometric authentication marketing as it serves a dual purpose: enhancing security and providing a customized marketing experience.”
But does it pay? Yes.
“By integrating fingerprint recognition technology, a retail company optimized its app experience, leading to a 20% increase in online sales. In another case, a banking institution used facial recognition for secure and quick authentication, resulting in a customer service rating boost of 25%.”
There are ways other than biometrics to know who your prospects are, but knowledge based authentication (KBA) such as passwords has its weaknesses. With KBA you may not be interacting with your prospects, but with your prospect’s spouse or child.
JOE’S ALCOHOL EMPORIUM: Evelyn, what types of alcohol do you prefer?
EVELYN’S TEENAGE SON WHO KNOWS HER PASSWORD IS HIS BIRTHDATE: 200 proof, man! Let’s get wasted!
Bredemarket has created targeted, segmented content, including individualized content. Let me help you communicate with your individual prospects. Talk to me.
I’ve frequently talked about geolocation as a factor of authentication, and have also mentioned the privacy concerns that rise with the use of geolocation for identification.
But sometimes it’s not just an issue of privacy, but something more sinister.
Authentic Living Therapy is a counselor specializing in trauma, abuse, emotional abuse, anxiety, depression, self-harm, parenting, and relationship difficulties. The page recently shared an image post on Facebook with the title
“Tracking someone’s location isn’t always about care. Sometimes, it’s about control.”
If you are a tech marketer and want to share how your identity solution protects individual privacy, I can help you write the necessary content. Let’s meet. Before your competition shares ITS story and steals your prospects and revenue.
If you’re a tech marketer who is attending the Inland Empire BizFest at the Main Event in Montclair, California on Thursday evening, I’m going to save you a few minutes.
Take the long way home to marketing and writing services
Tech marketers seeking marketing and writing services will have to go through these steps.
Look for John E. Bredehoft. I look like this, although I haven’t decided if I’ll wear the tie and jacket.
John E. Bredehoft of Bredemarket.
Ask me, “Hey, John, you offer those marketing and writing services, right?”
Ask me for a brochure.
Download the brochure now
Why don’t you save yourself a few minutes and download the brochure now?
And to save even more time, you can go ahead and visit the referenced “bredemarket.com/mark” page now also. This web page covers the stuff I couldn’t fit on the one-page brochure.
The best laid plans of wildebeests and men often go awry
But if you don’t have a chance to download the brochure or visit the “Stop losing prospects” page, I plan to be at the Main Event on Thursday.
Note that I said I PLAN to be at the Main Event. The last time I planned to be at an event (a business expo in Los Angeles), neither my client nor I made it.
So I don’t guarantee I’ll be there, but I plan to be there.
1. Collect data from a user’s device: GPS, GSM, WiFi, plus IP addresses.
2. Verify location accuracy. Our rules engine runs hundreds of location data, device integrity, and identity fraud checks on every geolocation transaction to detect suspicious activity.
3. Combine real-time and historical data to detect and flag patterns of location fraud. Our models are constantly updated with the use of machine learning and human intelligence.
In his demonstration, Matthew Boland showed an example of someone who had filed numerous chargeback requests in a short period. That’s a red flag in itself.
But when Boland combined the real-time and historical data to analyze the geolocations of the chargeback requests, he found that many of the requests were filed from the same location as the person’s mailing address. So at least that was legit, and the chargeback requests weren’t being filed from China.
In addition to first-party fraud, GeoComply handles geofencing for gambling operations. To see an example of Super Bowl 2024 attempted gambling transactions in Kansas (good) and Missouri (bad), watch this video.
Kansas City (KS, MO) activity on Super Bowl Sunday.
Bredemarket 