Bank security

Fujitsu Laboratories Ltd. has developed a digital identity exchange technology that makes it possible for individual users and service businesses involved in online transactions to confirm the identity of other parties in transactions. The rapid advance of digitalisation in recent years has been accompanied by a dramatic rise in the number of online transactions in which users cannot see one another face to face, making it difficult to judge the credibility of the other party and leading to heightened concerns around trust. With reports of fraud and instances of people falsifying personal credentials like work history and professional qualifications growing increasingly prevalent, ensuring the circulation of high-quality, reliable identification data poses an urgent challenge to users and businesses alike. DID utilising blockchain Fujitsu's new digital identity exchange technology promises a future in which people can enjoy online services more safelyTo address this, Fujitsu Laboratories has developed technology based on a Decentralised Identification (DID) utilising blockchain that analyses the risk of falsification and the trustworthiness of the other party's personal credentials when a user conducts a transaction online. The new technology achieves this through a mutual evaluation of the users when a transaction occurs, and by inferring the relationships between users based on past transaction data. Fujitsu's new digital identity exchange technology promises a future in which people can enjoy online services more safely, offering user-friendly features including graphics to visualise the relationships between users, as well as a unique ‘trust score’ that makes it easier to determine each user's trustworthiness before starting a transaction. Accurately discloses party’s identity In recent years, there has been an increase in new forms of business based on trust between people or companies, including sharing and matching services. In these sorts of digital businesses, it remains crucial to accurately convey the identity of other party in the transaction. There are now ongoing discussions around the use of blockchain technology in these kinds of transactions as a form of decentralised identification that accurately discloses each party's identity to the other parties, as guaranteed by an impartial third party. DID is a system in which a third party guarantees the accuracy of an individual's identity and personal credentials DID is a system in which a third party guarantees the accuracy of a given individual's identity and personal credentials. However, if a service business or user conspires with a third party acting in bad faith, it is possible to falsify a person's history or credentials, creating the risk that this falsified information will spread very widely without being discovered. Digital identity exchange technology Moreover, as the number of users who utilise these services increases, it becomes more difficult for users or a third party to grasp what sort of people the other parties are, increasing the possibility of maleficence. This necessitates a system whereby users can evaluate for themselves the truthfulness of the identity of the other parties in the transaction. Expanding on its past use of blockchain technology, Fujitsu Laboratories has developed a new digital identity exchange technology for safely circulating personal credentials in a form that enables users to confirm the trustworthiness of the other party, drawing on factors including the status of previous transactions and evaluations by users who had engaged in transactions with the party in question, as part of a decentralised identification system. Generating trustworthy transaction data With Fujitsu's new identity exchange technology, evaluations (e.g. reputation and rating) for each user in a transaction are recorded as a series of transaction data. By storing these evaluations on the unfalsifiable distributed ledger of a blockchain, this system can improve the reliability of insights into the trustworthiness about each user. Analysing relationships of trust This system converts the trustworthy transaction data about individuals shared on the blockchain into a graph structure so that the relationships between users can be understood. A trustworthiness score is attached to each user by weighting factors including how many trusted users evaluate them highly. Even if a user colludes with a third party to improperly raise their evaluation, the graph-structured relationships will reveal information such as the weakness of their relationships with other users, giving the system the potential to identify misrepresentations. Disclosing necessary information only Users can have their credentials verified with only a partial disclosure of relevant data, allowing for safe and highly reliable transactions without forcing users to offer unnecessary personal details. Determining trustworthiness of other party Fujitsu Laboratories will continue to develop IDYX as a trust-based service platform supporting digital businessThe newly developed technology analyses the trust relationships of each user, allowing the system to pre-emptively determine the trustworthiness of the other party in a transaction. The newly developed technology allows users to easily confirm information about which companies and individuals can be trusted in transactions in a variety of digital business situations, helping to build a digital ecosystem that transcends the boundaries of companies and industries and makes safe and secure online transactions a reality for all. Fujitsu Laboratories will continue to develop IDYX as a trust-based service platform supporting digital business, conducting trials in a variety of fields, beginning with the finance industry. In addition, Fujitsu aims to implement this technology during fiscal 2019 as a new functionality in its Fujitsu Intelligent Data Service Virtuora DX Data Distribution and Utilisation Service, a cloud-based solution for data utilisation powered by blockchain technology.

Keyfactor, a provider of secure digital identity management solutions, announced the acquisition of Spain-based Redtrust, a digital identity solutions company providing centralised certificate and digital signature management. “Like Keyfactor, Redtrust is fiercely committed to offering best-in-class identity management innovation to customers in industries where trust and reputation are a top priority,” said Jordan Rackie, CEO at Keyfactor. “This acquisition supports Keyfactor’s scale and global expansion efforts. We’re now able to address a broader number of use cases for our customers and appeal to a wider market, from the Global 2000 to small and midmarket businesses in North America and Europe.” Secures certificate lifecycle management Redtrust serves hundreds of customers operating in the banking, insurance, infrastructure and healthcare industriesIn January 2019, Keyfactor announced a $77 million growth funding round with Insight Partners, a global venture capital and private equity firm focussed on high growth technology and software companies. The company has doubled its revenue year-over-year and now secures more than 500 million certificates for Fortune 2000 clients worldwide. Founded in 2009, Redtrust serves hundreds of customers operating in the banking, insurance, infrastructure and healthcare industries. Its patented platform secures and centralises certificate lifecycle management, complementing Keyfactor’s end-to-end secure identity and code signing platform. “We found the perfect partner with Keyfactor, and I’m thrilled for Redtrust to reach this important company milestone,” said Daniel Rodriguez, CEO at Redtrust. “Together we have a shared vision for the future of trust, and an obsession with technical excellence and customer success. We’re now on an unstoppable mission to secure the digital identities for companies of all sizes, in any market.” Protecting certificates and identities We acquired the best company with the best technology to address these threats"“With the ongoing emergence of new technology trends like DevOps and IoT, the ability to protect certificates and identities has become increasingly critical,” said Garrett Bekker, Principal Analyst at 451 Research. “The purchase of Redtrust demonstrates Keyfactor’s ongoing commitment to provide customers around the world with a full range of certificate and key management services that both enhance security as well as keep up with ever-changing compliance requirements." “Pervasive cyber-threats that exploit common Public Key Infrastructure (PKI) vulnerabilities, digital certificates and unsecured code are on the rise due to digital transformation, IoT adoption and evolving DevOps environments,” said Kevin von Keyserling, Chief Strategy Officer & Co-founder at Keyfactor. “We acquired the best company with the best technology to address these threats. Full stop.”

Ping Identity, global provider of identity defined security solutions, has announced updates to its data governance solution, PingDataGovernance, to better manage data security and privacy requirements for APIs and user profiles. Today’s enterprises manage many different APIs on average, meaning sensitive consumer data like banking information and healthcare records are increasingly vulnerable. This rapid growth of APIs and third-party API traffic necessitates fine-grained data protection. These latest enhancements help enterprises build consumer trust and enable seamless and secure experiences for their customers. PingDataGovernance data protectionThe updates to PingDataGovernance address the needs with two main changes - data protection in APIs and drag-and-drop GUI The updates to PingDataGovernance, which are generally available this month, address these needs with two significant changes. The first is customer data protection in APIs as part of an advanced API security program. The second is a drag and drop graphical user interface (GUI), allowing business users to collaboratively author and test policies with a visual policy tree. With this additional functionality, customers can address several organisational challenges, including: Conflicting Forces: Often, enterprises can experience conflicting forces among the stakeholders contributing to the complexity of securing consumer data. Data privacy regulations, users themselves and various business units within an organisation all have different requirements for accessing and protecting data. With the new GUI, PingDataGovernance accounts for these forces by providing an externalised authorisation platform for gathering and reconciling independent policy requirements to help ensure every party is satisfied and data is secure. Empowerment of Stakeholders: Ping Identity understands developers don’t want sole responsibility for security, which is why this latest update eliminates the burden of database administrators and API developers to gather and reconcile policy requirements. With the new GUI, policy authors are able to visually test policy decisions based on dynamic inputs, using any number of attributes, including real-time risk scores, data source lookups, and more. Fine-Grained Policy Control: With consumer data security in mind, PingDataGovernance gives enterprises centralised, fine-grained control over who has access to all user-related data. While this control has always applied to data within user profiles, it now extends to access and filter data in APIs—providing a new layer of governance. Users can now securely expose data to delegated individuals, define what specific data others can view and edit, and filter and remove unauthorised data. “We have been using PingDataGovernance for some time now and we're eager to begin using the new graphical user interface for collaborative visibility and drag and drop policy administration,” said Mike Mayfield, Head of Directory at the Open Banking Implementation Entity (OBIE) of the UK.

From June 11th to 13th Gradiant has an important appointment in London. For a few days, the city is becoming the capital of identity recognition technologies to transact in a seamless, yet secure manner. Identity Week is the largest technology fair focused on the concept of identity in Europe and this year brings together more than 3,000 international industry actors in three world-class events: Digital:ID, Planet Biometrics and Security Document Week. Forensic and face recognition solutions In this international scenario, Gradiant is showing forensic technologies and face recognition solutions at booth D28 (Digital: EXPO, ExCel London) to automate digital onboarding and Know Your Customer (KYC) processes in a reliable way, as well as prevent document fraud on Internet. Providing security when we need access to personal data is fundamental in order to incorporate technology into the day-to-day activities we carry out in the actual digital society. Facial recognition is positioned as one of the most reliable techniques to incorporate into user registration processes Facial recognition is positioned as one of the most reliable techniques to incorporate into user registration processes, both to register new customers and to provide secure access to personal data in digital onboarding processes (electronic identification of the customer that allows the remote goods and services contract). Most of the time, these processes require to verify that the ID document - ID, passport or driver's license - registered in the system matches with the user's identity in an unmistakable way; but it is also important to incorporate other techniques that collect more information about the client and analyse possible manipulations carried out in the identity document, in order to ensure secure remote client's discharge. Valida by Gradiant forensic tool “In London we are going to show Valida, our forensic tool to detect manipulations in digital documents. In January we received our second selection to present this solution at the CES in Las Vegas and we continue to show it at MWC in Barcelona and RSA in San Francisco,” explains Daniel Ramos, International Business Development Manager at Gradiant. "Now it's time to bring Valida to the UK, to Identity Week, where the world's leading document security vendors come together.” Valida by Gradiant’s main goal is to evaluate the authenticity of digital documents to prevent fraud in online user verification, digital on boarding and Know Your Customer (KYC) processes. This technology developed by Gradiant, in collaboration with atlanTTic research center of Universidade de Vigo, allows companies to offer an extra level of security in this operations, as it automatically analyses any type of identity document (and other PDF and JPEG files such as payroll, invoices, receipts, etc.) to detect possible spoofing attacks and forgeries in the data present in these files. faceIDNN facial recognition technology Gradiant is also showing in London faceIDNN to verify user’s identity by comparing the face with the photograph in his/her ID In addition to forgery detection technology for digital documents, Gradiant is also showing in London faceIDNN to verify user’s identity by comparing the face with the photograph in his/her ID, driver’s license or passport. Using both images, techniques developed by Gradiant verify in real time if they belong to the same person. The company’s experience in facial recognition has allowed to develop techniques for anti-spoofing attacks, as well as guaranteeing verification despite significant appearance changes have happened against the photo in the ID card, or if the person has aged. faceIDNN has been co-funded by Xunta de Galicia (Galician Regional Government) by Ignicia Programme (IN8555A IGNICIA Proba de Concepto) Biometric technologies In order to complement this verification, Gradiant has developed biometrics of signature, voice and video (liveness detection) to be incorporated in the processes of digital onboarding as a second authentication factor, in order to prove the customer is who he claims to be. “Our solution focuses on taking advantage of digital onboarding process in order to collect other types of information that provide us with a higher level of security in their verification, such as their signature, voice or video," says Ramos. "We have these three biometric technologies and we can implement them together or separately.” More and more businesses are born 100% digital and more traditional ones are joining the digitised world. Some of these businesses need to verify the identity of their customers remotely and ensure. This is the case of banks, which currently can register new customers without them physically going to bank offices. Biometric verification solutions These entities have a legal obligation to know the identity of their customers as required by the 4th European Anti-Money Laundering Directive In addition, these entities have a legal obligation to know the identity of their customers as required by the 4th European Anti-Money Laundering Directive, in order to comply with the Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements. This European directive aims to prevent problems such as corruption, illegal financing, and money laundering, among others, to combat illegal transactions in the digital environment. Gradiant's biometric verification solutions are a complete choice to ensure security through face, signature or voice customer identification and to prevent fraud in digital files. These solutions can also be effective in sectors such as gambling (to identify if users are old enough to access these services), sharing economies (where there is a digital transaction between at least two people), dating, telcos, insurance, e-commerce and hotels.

Consumers are managing their financial services in more digital and diverse ways than ever before. But as card-not-present (CNP) transactions across e-commerce, m-commerce and remote commerce rise across the globe, so does fraud. Adding security without simply creating more points of friction is a real challenge, but one that the EMV 3-D Secure protocol – EMV 3DS for short – is trying to combat. The protocols are generating real interest across the industry, but what exactly is EMV 3DS? And what are the key considerations stakeholders in the online payments and financial services world should be making? Verifying CNP Transactions Three-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactionsThree-Domain Secure (3DS) is a standard messaging protocol used to identify and verify cardholders for CNP transactions. It creates a standardised, harmonised and secure authentication solution for all stakeholders: merchants, issuers, acquirers and schemes. Initiated by Visa and followed by other payment schemes such as Mastercard, a new version of EMV 3DS has now been developed and is being maintained by the industry body, EMVCo. Goals of EMV 3DS specifications The main goals of the latest EMV 3DS specifications can be broken down into three: Increase approval rates Fundamentally, achieving this boost the total volume of transactions and increases revenues for retailers, banks and schemes alike. Reduce fraud Merchants or issuing banks have historically been liable for fraudulent chargebacks, but now the responsibility is shifting depending on which version of EMV 3DS is supported during the authentication. EMV 3DS risk-based-authentication helps reduce fraud and brings huge savings, as well as more confident consumers. Enhance the user-experience Improved online authentication solutions – remembering the 3rd, 4th and 7th digit of a password set five years ago, for example – are far from user-friendly. And the stats speak for themselves: eCommerce cart abandonment rate is at nearly 70%, and around 28% of US online shoppers admit to quitting orders due to checkout processes being too long or complicated. Cutting out complex additional steps for consumers will reduce cart abandonment and result in better sales for retailers (as well as customers happier to return!). Intelligent risk-based decision-making EMVCo’s latest specification features even more intelligent risk-based decision-making with advanced algorithms By improving communication ‘in the background’ between the issuing bank, the acquirer and the merchant, EMV 3DS streamlines the user experience. At a high level, basic account holder information can now be automatically retrieved and verified without additional consumer input. EMVCo’s latest specification features even more intelligent risk-based decision-making with advanced algorithms and smarter data sharing that help evaluate if a purchase is ‘normal’ or not. For example, considering user location, amount spent and frequency of transactions. This means additional authentication processes are only requested when really needed. Say if one is making an m-commerce payment on holiday in Australia from a site they’ve never visited before – they may then be taken through some of the new, simpler additional authentication solutions defined. These now include one-time passwords sent via SMS, biometric authentication, use of existing authentication on mobile devices and background authentication checks. Compelling authentication solution Thorough testing and certification needs to be championed throughout Crucially, EMV 3DS is no longer just for payments. The use cases for identification and verification (ID&V) are expanding, so the scope of EMV 3DS has become much broader to include adding cards to a digital wallet, open banking services and financial services apps, etc. EMV 3DS is a compelling authentication solution fit for the digital, omnichannel age. But as with any major system upgrade, implementation does not come without its challenges. Selecting a trusted partner who understands the nuances and complexities of this new payments infrastructure can help take the strain of compliance. Whether defining and certifying a new solution, or upgrading an existing implementation, thorough testing and certification needs to be championed throughout. This is key to minimising unexpected delays and costs on the path to service launch. FIME’s long history supporting the industry’s digital transformation and participation in EMVCo enable them to deliver unrivalled expert support for your projects.

Johnson Controls has launched the Pro 2MP Micro camera for installations where a low-profile, high-performance surveillance camera is required. The Pro 2MP Micro includes a lens that can be placed up to 20 feet away from the power supply as well as wide dynamic range to balance scenes where bright backlighting can be a challenge. The Micro also operates at a minimum illumination of 0.01 Lux and thus facilitates excellent low light performance without the need for IR illumination. The discrete form factor makes it a choice option for banking and ATM deployments. Additionally, the Pro Micro includes corridor mode for improved viewing in hallways and other narrow scenarios. There is no added licensing cost for the Pro Micro when added to VideoEdge Network Video Recorders (NVRs). Continuous video recording on the Micro Powerful technologies are built-in to the Pro 2MP Micro to increase confidence and savings. VideoEdge TrickleStor allows video recording to continue on the Micro when a network outage occurs. Once the connection is restored, the video from the Micro backfills to VideoEdge NVRs for seamless viewing later. Further, Illustra IntelliZip continuously monitors and optimises streaming parameters to match the level of activity in the camera’s field of view, providing practical storage savings.  The Pro 2MP Micro adheres to the rigorous security standards of the Tyco Cyber Protection Product Security Program. The holistic cyber approach begins at initial design concept, continues through product development, and is supported through deployment.

In the age of massive data breaches, phishing attacks and password hacks, user credentials are increasingly unsafe. So how can organisations secure accounts without making life more difficult for users? Marc Vanmaele, CEO of TrustBuilder, explains. User credentials give us a sense of security. Users select their password, it's personal and memorable to them, and it's likely that it includes special characters and numbers for added security. Sadly, this sense is most likely false. If it's anything like the 5.4 billion user IDs on haveibeenpwned.com, their login has already been compromised. If it's not listed, it could be soon. Recent estimates state that 8 million more credentials are compromised every day. Ensuring safe access Data breaches, ransomware and phishing campaigns are increasingly easy to pull off. Cyber criminals can easily find the tools they need on Google with little to no technical knowledge. Breached passwords are readily available to cyber criminals on the internet. Those that haven’t been breached can also be guessed, phished or cracked using one of the many “brute-force” tools available on the internet. It's becoming clear that login credentials are no longer enough to secure your users' accounts. Meanwhile, organisations have a responsibility and an ever-stricter legal obligation to protect their users’ sensitive data. This makes ensuring safe access to the services they need challenging, particularly when trying to provide a user experience that won’t cause frustration – or worse, lose your customers’ interest. After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover Importance of data protection So how can businesses ensure their users can safely and simply access the services they need while keeping intruders out, and why is it so important to strike that balance? After GDPR was implemented across the European Union, organisations could face a fine of up to €20 million, or 4% annual global turnover – whichever is higher, should they seriously fail to comply with their data protection obligations. This alone was enough to prompt many organisations to get serious about their user’s security. Still, not every business followed suit. Cloud security risks Breaches were most commonly identified in organisations using cloud computing or where staff use personal devices According to a recent survey conducted at Infosecurity Europe, more than a quarter of organisations did not feel ready to comply with GDPR in August 2018 – three months after the compliance deadline. Meanwhile, according to the UK Government’s 2018 Cyber Security Breaches survey, 45% of businesses reported breaches or attacks in the last 12 months. According to the report, logins are less secure when accessing services in the cloud where they aren't protected by enterprise firewalls and security systems. Moreover, breaches were most commonly identified in organisations using cloud computing or where staff use personal devices (known as BYOD). According to the survey, 61% of UK organisations use cloud-based services. The figure is higher in banking and finance (74%), IT and communications (81%) and education (75%). Additionally, 45% of businesses have BYOD. This indicates a precarious situation. The majority of businesses hold personal data on users electronically and may be placing users at risk if their IT environments are not adequately protected. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine Hacking methodology In a recent exposé on LifeHacker, Internet standards expert John Pozadzides revealed multiple methods hackers use to bypass even the most secure passwords. According to John’s revelations, 20% of passwords are simple enough to guess using easily accessible information. But that doesn’t leave the remaining 80% safe. Hackers have developed a wide range of tools to crack passwords, and these are readily available within a couple of clicks on a search engine. Brute force attacks are one of the easiest methods, but criminals also use increasingly sophisticated phishing campaigns to fool users into handing over their passwords. Users expect organisations to protect their passwords and keep intruders out of their accounts Once a threat actor has access to one password, they can easily gain access to multiple accounts. This is because, according to Mashable, 87% of users aged 18-30 and 81% of users aged 31+ reuse the same passwords across multiple accounts. It’s becoming clear that passwords are no longer enough to keep online accounts secure. Securing data with simplicity Users expect organisations to protect their passwords and keep intruders out of their accounts. As a result of a data breach, companies will of course suffer financial losses through fines and remediation costs. Beyond the immediate financial repercussions, however, the reputational damage can be seriously costly. A recent Gemalto study showed that 44% of consumers would leave their bank in the event of a security breach, and 38% would switch to a competitor offering a better service. Simplicity is equally important, however. For example, if it’s not delivered in ecommerce, one in three customers will abandon their purchase – as a recent report by Magnetic North revealed. If a login process is confusing, staff may be tempted to help themselves access the information they need by slipping out of secure habits. They may write their passwords down, share them with other members of staff, and may be more susceptible to social engineering attacks. So how do organisations strike the right balance? For many, Identity and Access Management solutions help to deliver secure access across the entire estate. It’s important though that these enable simplicity for the organisation, as well as users. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so Flexible IAM While IAM is highly recommended, organisations should seek solutions that offer the flexibility to define their own balance between a seamless end-user journey and the need for a high level of identity assurance. Organisations’ identity management requirements will change over time. So too will their IT environments. Organisations need an IAM solution that will adapt to both of these factors, providing them with the ability to apply tough access policies when and where they are needed and prioritising swift access where it’s safe to do so. Importantly, the best solutions will be those that enable this flexibility without spending significant time and resource each time adaptations need to be made. Those that do will provide the best return on investment for organisations looking to keep intruders at bay, while enabling users to log in safely and simply.

Timely and important issues in the security marketplace dominated our list of most-clicked-upon articles in 2018. Looking back at the top articles of the year provides a decent summary of how our industry evolved this year, and even offers clues to where we’re headed in 2019. In the world of digital publishing, it’s easy to know what content resonates with the security market: Our readers tell us with their actions; i.e., where they click. Let’s look back at the Top 10 articles we posted in 2018 that generated the most page views. They are listed in order here with a brief excerpt. 1. U.S. President Signs Government Ban on Hikvision and Dahua Video Surveillance The ban on government uses, which takes effect ‘not later than one year after … enactment,’ applies not only to future uses of Dahua and Hikvision equipment but also to legacy installations. The bill calls for an assessment of the current presence of the banned technologies and development of a ‘phase-out plan’ to eliminate the equipment from government uses. 2. Motorola Makes a Splash with Avigilon Video Surveillance Acquisition Early clues point to Motorola positioning Avigilon as part of a broader solution, especially in the municipal/safe cities market. The company says the acquisition will enable more safe cities projects and more public-private partnerships between local communities and law enforcement. Motorola sees Avigilon as ‘a natural extension to global public safety and U.S. federal and military’ applications, according to the company. 3. Impact of Data-Driven Smart Cities on Video Surveillance One of the major areas of technology that is going to shift how we interact with our cities is the Internet of Things (IoT). One benefit will be the ability to use video surveillance to analyse data on large crowds at sporting events The IoT already accounts for swaths of technology and devices operating in the background. However, we’re increasingly seeing these come to the forefront of everyday life, as data becomes increasingly critical. Bosch is highlighting its “Simply. Connected” portfolio of smart city technology to transform security as well as urban mobility, air quality and energy efficiency 4. CES 2018: Security Technologies Influencing the Consumer Electronics Market Familiar players at security shows also have a presence at the Consumer Electronics Show (CES). For example, Bosch is highlighting its “Simply. Connected” portfolio of smart city technology to transform security as well as urban mobility, air quality and energy efficiency. Many consumer technologies on display offer a glimpse of what’s ahead for security. Are Panasonic’s 4K OLEDs with HDR10+ format or Sony’s A8F OLED televisions a preview of the future of security control room monitors? 5. SIA Predicts Top Physical Security Trends for 2018 Traditional security providers will focus more on deepening the customer experience and enhancing convenience and service. The rise of IoT also places an emphasis on cybersecurity, and security dealers will react by seeking manufacturers and technology partners with cyber-hardened network-connected devices. 6. High-Speed Visitor Screening Systems Will Improve Soft Target Security The system is more expensive than a metal detector, but about a third the cost of familiar airport body scanners. Labor reduction (because of faster throughput) can help offset the system costs, but “it’s difficult to quantify the improvement in the visitor experience,” says Mike Ellenbogen, CEO of Evolv Technology. 7. How to Prevent ATM Jackpotting with Physical and Cyber Security A new crime wave is hitting automated teller machines (ATMs); the common banking appliances are being rigged to spit out their entire cash supplies into a criminal’s waiting hands. The crime is called “ATM jackpotting” and has targeted banking machines located in grocery shops, pharmacies and other locations in Taiwan, Europe, Latin America and, in the last several months, the United States. Rough estimates place the total amount of global losses at up to $60 million. The safety and security world bring a complex problem to solve- how to pick out a face in a moving and changing environment and compare it to several faces of interest 8. Why We Need to Look Beyond Technology for Smart City Security Solutions Although technology is necessary for an urban area to transition in to a safe and smart city, technology alone isn’t sufficient. Truly smart cities are savvy cities and that includes how they employ software, sensing, communications and other technologies to meet their needs. 9. How New Video Surveillance Technology Boosts Airport Security and Operations Employing airport security solutions is a complex situation with myriad government, state and local rules and regulations that need to be addressed while ensuring the comfort needs of passengers. Airport security is further challenged with improving and increasing operational efficiencies, as budgets are always an issue. As an example, security and operational data must be easily shared with other airport departments and local agencies such as police, customs, emergency response and airport operations to drive a more proactive approach across the organisation. 10. The Evolution of Facial Recognition from Body-Cams to Video Surveillance The safety and security world bring a complex problem to solve how to pick out a face in a moving and changing environment and compare it to several faces of interest. “One-to-many” facial recognition is a much harder problem to solve.

There’s no denying that cyber-crime is one of the biggest threats facing any organisation with the devastating results they can cause painfully explicit. Highly publicised cases stretching from the US government to digital giant Facebook has made tackling cyber security a necessity for all major organisations. The consequences of breaches have just become more severe, with new GDPR rules meaning any security breach, and resultant data loss, could cost your organisation a fine of up to four per cent of global revenue or up to 20 million euros. Cyber-crime potentially affects every connected network device. In the biggest cyber-crime to date, hackers stole $1 billion from banks around the world, by gaining access to security systems. It’s more important than ever for organisations to be vigilant when it comes to their cyber security strategy. To help avoid becoming the next victim, I’ve put together a five-point cyber plan to protect your video surveillance system. 1. Elimination of default passwords A small change to a memorable, complex password could have huge consequences for your business It is estimated that over 73,000 security cameras are available to view online right now due to default passwords. ‘Password’ and ‘123456’ are among the top five most popular passwords with a staggering 9,000,000 login details matching this description. Guessable passwords create an unsecure security system which can result in an easy way for hackers to gain access to your organisation’s data, making you vulnerable to a breach. A small change to a memorable, complex password could have huge consequences for your business. Removing default passwords from products and software forces individuals to think of their own to keep their data safe. If a password system is not provided by your organisation we recommend that your password uses two or more types of characters (letters, numbers, symbols) and it is changed periodically. 2. Encrypted firmware Encrypting firmware is an important part of any organisations overall security system. Firmware can leave an open door, allowing hackers to access your data. All firmware should be encrypted to reduce the possibilities of it being downloaded from the manufacturers website and deconstructed. If the firmware posted is not encrypted, there is a risk of it being analysed by persons with malicious intent, vulnerabilities being detected, and attacks being made. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis There have been cases where a device is attacked by firmware vulnerabilities even if there are no problems with the user's settings, rendering it inoperable, and DDoS attacks being made on other servers via the device. With i-PRO cameras and recorders, all firmware is securely encrypted to mitigate analysis. There is also a possibility of being attracted to spoofing sites by targeted attack email and firmware being updated with a version that includes a virus, so firmware must always be downloaded from the vendor's page. It may also be advantageous to combine this with an imbedded Linux operating system which removes all unused features of the device, it can help to reduce the chances of malicious entities searching for backdoor entities and inserting codes. 3. Removing vulnerabilities within the operating systems Vulnerability is the name given for a functional behaviour of a product or online service that violates an implicit or explicit security policy. Vulnerabilities can occur for a number of reasons for example, due to an omission in logic, coding errors or a process failure. Network attacks exploit vulnerabilities in software coding that maybe unknown to you and the equipment provider. The vulnerability can be exploited by hackers before the vendor becomes aware. You should seek to minimise these issues by looking for a secure operating system which is regularly updated. Panasonic has developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping As a provider of security solutions, Panasonic is taking a number of steps to ensure its consumers remain safe and secure. We have developed Secure Communications, a platform and package to protect against video tampering, altering, spoofing and snooping. We have combined with a leading provider of highly reliable certificates and technology for detecting and analysing cyber-attacks with its own in-house embedded cryptography technology, to provide a highly secure and robust protection layer for its embedded surveillance products. 4. Avoiding remote login using Telnet or FTP Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures Telnet and FTP are a very outdated source of software which as a result means they lack built-in security measures. File transfer protocol or transfer through cloud-based services means the files and passwords are not encrypted and can therefore be easily intercepted by hackers. An encrypted software removes the risk of files being sent to the wrong person or forwarded on without your knowledge. Telnet predates FTP and as a result is even less secure. Hyper Transfer Protocol Secure is a protocol to make secure communications by HTTP, and it makes HTTP communications on secure connections provided by SSL/TLS protocols. The major benefits of using this system is that HTTPS and VPN encrypt the communications path, so data after communications is decrypted and recorded. If recorded data is leaked, it will be in a state where it can be viewed. With data encryption, however, it remains secure and can even be recoded to storage. Thus, even if the hard drive or SD card is stolen or data on the cloud is leaked, data cannot be viewed. 5. Use of digital certificates Private and public keys are generated at manufacture in the factory and certificates installed at the factoryDigital certificates are intended to safely store the public key and the owner information of the private key it is paired with. It provides assurance that the accredited data from a third party is true and that the data is not falsified. It is beneficial for all data to be encrypted with digital certificates. Digital certificates are far safer when issued by a third party rather than creating a self-signed version unless you are 100 percent sure of the receiver identity. From April 2016, some models of Panasonic series iPro cameras come with preinstalled certificates to reduce the risk of interception and the hassle of having to create one. With i-PRO cameras with Secure function, private and public keys are generated at manufacture in the factory and certificates installed at the factory. As there is no way to obtain the private key from the camera externally, there is no risk of the private key being leaked. Also, certificates are signed by a trusted third party, and the private key used for signing is managed strictly by the authority. In addition, encryption has been cleverly implemented to reduce the usual overhead on the IP stream from 20% to 2%.

Coming off a successful ISC West show, Honeywell is sharply focussed on product development, with an emphasis on advanced software. “We have a strong new product pipeline this year – more than two times the number of products than we’ve released in the past several years,” says Luis Rodriguez, Director of Product Marketing, Honeywell Commercial Security. “At ISC West, we received a lot of interest in how AI and new security systems are changing the market.” Although uses for AI are still emerging in security, Honeywell sees an important role for AI in building a connected system to ensure the safety and security of a building, and more importantly, its occupants. AI allows end users to go beyond monitoring activity on a surface level to really understand the scene – from who exactly is in the area to what they might be doing. As more data is processed over time, AI will continue to build on its learnings to help deliver a more accurate assessment of potential threats each time. Machine learning-based analytics End users should explore the use of machine learning-based analytics as machine learning is more advanced than AI-based systems, says Rodriguez. “When speaking to dealers and integrators, end users should also inquire about the detection accuracy of systems that use AI or machine learning technology, particularly around false positives and negatives.” Honeywell seeks to develop integrated security systems that provide the earliest detection “Additionally, end users should always ask to conduct site testing so to understand how well-suited the machine learning-based system is to the particular user’s native environment,” adds Rodriguez. “The testing will help identify the exact needs of their site.” Honeywell is reinvesting in its video portfolio, both in hardware and software innovation, as well as partnering with the top experts in the IT and education industries to stay ahead of customer demand. Honeywell seeks to develop integrated security systems that provide the earliest detection, enable the fastest response, centralise decision making, and allow customers to manage it all from anywhere. Solutions for vertical markets Honeywell Commercial Security is focussed on supporting vertical markets that have specific security needs such as education, banking and finance, and pharma. Each has unique nuances that call for tailored security approaches. “As Honeywell continues to develop its suite of security solutions for the future and identify personalised systems for each vertical, AI such as analytics, deep learning and facial recognition will play an integral role during research and testing,” says Rodriguez. Honeywell is developing video and audio analytics technology capable of studying crowd behaviour as well as detecting guns, gunshots An example is the education market, where eliminating human delay in reporting potential threats to law enforcement and creating faster systems that help omit single-point failures are key to protecting schools and ensuring students’ safety. To address those challenges, Honeywell is developing video and audio analytics technology capable of studying crowd behaviour as well as detecting guns, gunshots and fights, says Bruce Montgomery, Business Development Manager, Honeywell Commercial Security. Testing technology for sports security The software is able to visualise, automate planning, design and efficiency analysis of a video surveillance system"A partnership with University of Southern Mississippi’s National Center for Spectator Sports Safety and Security (NCS4) is testing technology such as MaxPro Video, Pro-Watch Access Control and UNP Mass Notification in the National Sport Security Laboratory and in connected real-world environments. “The analytics data gathered from these environments will help inform future security innovations,” says Montgomery. Another Honeywell partnership is with JVSG, whose CCTV Design Software offers a new way to design more affordable and higher quality video surveillance systems. Integrators and distributors are now able to add a range of models from Honeywell’s portfolio of Performance Series IP Cameras into their system design from the software’s database. “The software is able to visualise, automate planning, design and efficiency analysis of a video surveillance system,” says Jeremy Kimber, Director of Enterprise Global Product Management, Honeywell Security and Fire. The program is used by more than 7,000 CCTV designers in more than 130 countries around the world and is downloaded more than 60,000 times every year.

Effective access control can be achieved without the use of cards using a new generation of secure facial authentication enabled by artificial intelligence and machine learning. Alcatraz AI is introducing a system that deploys a sensing device, about the size of a badge reader, with multiple colour and infrared cameras that can detect facial features and confirm an identity. Real-time 3D facial mapping avoids anyone using a photograph, video or mask to spoof the system and confirms there is a real person that matches the stored facial image. System helps in tailgating mitigation Deep neural networks, powered by NVIDIA, enable the system to achieve new levels of frictionless access control, says Vince Gaydarzhiev, CEO of Alcatraz AI. Computer processing is achieved at the edge to ensure speedy and secure access control. We saw an opportunity to create a system that solves issues of tailgating and addresses the need for security without increasing friction"“We saw an opportunity to create a system that solves issues of tailgating and addresses the need for security without increasing friction,” says Gaydarzhiev. The accuracy of the system lessens the need for security guards, he says. The Silicon Valley startup, currently with 20 employees, was founded in early 2016 by a team from Apple, NVIDIA and Lily Robotics with a goal of targeting mid- to large-sized corporations that currently have deployed badging systems. The company has raised close to $6M from venture capital firms and individuals, and Johnson Controls/Tyco has invested in the startup. Alcatraz AI’s sensor device, mounted near a door, confirms a user’s identity and communicates the user’s badge number to the existing access control infrastructure. “The system improves the facial profile every time, using the neural network to be even more accurate in the future,” says Gaydarzhiev. He says it is the industry’s first “instant one-factor authentication for multi-person in-the-flow sensing.” The system is less expensive than previous facial authentication systems and does not require users to be very close to the reader Easy enrolment and deployment Enrolment in the system is easy. Companies can deploy a separate enrolment station, or any reader can be used for enrolment. After badging in a couple of times, the face matching system “enrols” the face with the associated badge number, thus allowing the user to dispense with the badge altogether. In the future, the frictionless system simply recognises the user and opens the door. A user company can quickly deploy the system at locations where thousands of employees have access, without requiring employees to go to HR for enrolment. Gaydarzhiev says accuracy of the system is no less than that of iris scanning, and the accuracy is configurable for specific needs. He says the system is less expensive than previous facial authentication systems and does not require users to be very close to the reader. Facial authentication is also more flexible than iris scanning or fingerprinting. Detecting intent from positioning of eyes The system detects intent from the positioning of the eyes and body to avoid opening a door unintentionallyIn contrast to near field communication (NFC) or Bluetooth systems, the technology does not require a compatible smart phone or have issues of communication range. There is no need for users to stop and perform an action or gesture to signal intent. The system detects intent from the positioning of the eyes and body to avoid opening a door unintentionally, says Gaydarzhiev.  Alcatraz AI is targeting high-tech enterprises, including healthcare, government and eventually banks. Currently they have three pilot installations among large global software companies and are undergoing trials with some government agencies. Today, they sell direct to end users, but the intent is to develop a dealer channel that will account for most of the sales.

Recent technology advances – from the cloud to artificial intelligence, from mobile credentials to robotics – will have a high profile at the upcoming ISC West exhibition hall. Several of these technologies were recently designated by the Security Industry Association as the Top 8 security technologies for security and public safety. Some of them will also be a focus at the ISC West conference program, SIA Education@ISC, April 9-11 at the Sands Expo Center. This article will highlight some of those conference sessions.  Topic: Cloud Systems and Video Surveillance as a Service (VSaaS) Managed Video Services are saving TD Bank $500K annually, April 9, 2:45 to 3:45 p.m. Why TD Bank decided to roll out a managed services solution, what it took to deploy and how the bank is saving an astounding $500,000 annually. IT 4.0 and Video Surveillance: A Guide to the New Terminology and What It Means to You and Your Customers, April 11, 1:15 to 2:15 p.m. How IT 4.0 can enhance or change video surveillance, and consequently deliver additional value to customers, including explanations of terms such as cloud data centers, personal clouds, the edge, IoT sensors and data analytics. One of the sessions to cover how IT 4.0 can enhance or change video surveillance, and consequently deliver additional value to customers Topic: Artificial Intelligence (AI) In Video and Other Systems The Challenges and Opportunities of AI in Physical Security, April 10, 3:45 to 4:45 p.m. Looking toward what the future may hold for AI in physical security; the challenges and opportunities the technology has created; and how participants can leverage AI and machine learning with existing customers to grow their business. Deep Learning Demystified: Next-Generation AI Applied to Video, April 11, 9:45 to 10:45 a.m.  Dispelling the myths of the terms “deep learning” and “artificial intelligence,” and what the technologies can do in practical terms. Modern cameras find and identify faces and vehicles, analyse behavior and organise and control assets Neural Processing and Smart Cameras, April 9, 8:30 to 10 a.m. Deep learning-capable hardware is evolving at a frantic pace, and GPU and NPU (neural processing unit) co-processors are commonly embedded in cameras and video management systems. Modern cameras find and identify faces and vehicles, analyse behavior and organise and control assets. Analytics in the Video Central Station: Proper Deployment, Programming and Configuration to optimise operational and cost efficiencies, April 11, 3:45 to 4:45 p.m. How analytics plays a critical role in reducing alarm traffic in a central station environment, allowing them to save money and realise other operational and performance efficiencies. Topic: Robotics and Autonomous Devices Robotic Aerial Security – Growth Trends and Best Practices, April 10, 11 a.m. to noon The lion’s share of growth in the robotic aerial security sector will come from autonomous systems and changing FAA regulations will soon allow companies to monitor and secure remote facilities with no human guards present. Racing drones are difficult to detect as they do not use GPS or radio frequency signals to identify the location of other devices How to Adapt to Address Drone Security, April 11, 1:15 to 2:15 p.m. Drone industry professionals and a physical security design engineer will cover the realistic applications of drone systems and counter-drone solutions that can protect organisations and facilities. Next Generation Threat: Racing Drones, April 11, 2:30 to 3:30 p.m. Racing drones are difficult to detect as they do not use GPS or radio frequency signals to identify the location of other devices. This session will identify the potential risks these drones can pose to facilities, special events, and critical infrastructure. Establishing a Corporate Drone Program, April 10, 9:45 to 10:45 p.m. Is a corporate drone program an appropriate addition to an existing security program? How to understand and navigate the regulatory challenges and processes associated with starting up a commercial-use drone program. The Rise of Intelligence in Physical Security, April 11, 9:45 to 10:45 a.m. “Intelligence” incorporates a variety of subdomains from artificial intelligence to machine learning and contextual analysis. It is rapidly becoming a focus in the realm of IT security – and increasingly in the realm of physical security, too. Changing FAA regulations will soon allow companies to monitor and secure remote facilities with no human guards present Topic: Mobile Credentials Finding Their Place in Access Control How Biometrics Are Enabling the Convergence of Physical and Information Security, April 10, 1:45 to 2:45 p.m. At the center of convergence is one crucial building block: strong irrefutable identity powered by biometrics. Driving the Future: How Interoperability Standards in Access Control Can Enable Smart Building Success, April 9, 1:30 to 2:30 p.m. Growing user demand is driving new open platform approaches and the adoption of interoperability standards Growing user demand for unfettered and unlimited third-party integrations is now driving new open platform approaches and the adoption of interoperability standards. They are changing the dynamic of access control and its role within the smart building environment. Topic: Facial Biometrics in Professional Solutions How Biometrics Are Enabling the Convergence of Physical and Information Security, April 10, 1:45 to 2:45 p.m. Securing workstations, virtual desktops, turnstiles, front doors, mobile devices and more, biometric authentication is helping enterprises and governments worldwide to realise a more secure future. Topic: Voice Control in the Smart Home Environment Delivering the Smart Home of the Future, April 11, 3:45 to 4:45 p.m. With the proliferation of connected smart devices, including voice control devices, consumers have a growing array of options for defining what their Smart Home experience could be.

Traka has launched a new downloadable white paper to open a discussion on the changing nature of retail banking in the UK, using latest case examples to consider branch management and shifting customer expectations. The white paper, titled ‘Shaping the retail banking industry’ looks at several factors influencing the sector, including the increasing expectations and values of customers demanding a more personalised branch experience. Key and equipment management Incorporating analysis from globally renowned financial services, including PwC, Accenture and Deloitte, the paper highlights the opportunities for innovation, together with collaboration and adoption of new operational processes. This incorporates key and equipment management to enable retail banks to deliver on top quality service. The future for retail banking could arguably also be cited as bleak and in a state of industry disruption" Says Mike Hills, Traka UK Market Development Manager and Author of the white paper: “Against a backdrop of negative press concerning the state of UK high streets, the future for retail banking could arguably also be cited as bleak and in a state of industry disruption, as customers move towards a more mobile-connected lifestyle.” Staff and customer security “However, our research in putting together this white paper tells a different story. That actually, the sector has a real chance to embrace the changes occurring and entice their customers, meeting demands for personal service. We found that brands riding the storm are taking small yet significant steps to tailor their services and make operational differences that are proving key to their success.” The white paper focusses on Traka’s experience with Nationwide Building Society to demonstrate how supporting operational efficiency can benefit banking staff and ensure they can focus on serving their customers, without compromising on security.  Retail Banking security Mike concluded, “We have brought this white paper together using the latest research and intrinsic market reports, together with case evidence on the future of the retail banking industry and the issues faced by the sector to ensure long term success.”  “Within this, we wish to stimulate debate and encourage views and contributions from as many different voices as possible. We look forward to your opinion, experience or comment on this matter of growing importance so together, we can look to support and shape the future of retail banking.”

Ping Identity, the provider of Identity Defined Security, announces its successful completion of the Financial-grade API (FAPI) conformance testing, as part of the process defined by Open Banking Ltd. This builds on Ping Identity’s previous success as the first identity platform to pass all 70 technical security tests, as set by Open Banking Ltd., with zero warnings. The most recent set of FAPI conformance testing evaluated the latest versions of the Ping Intelligent Identity platform, including PingFederate, PingAccess and PingDirectory, within a mock banking environment. Additional technical requirements It switches to an API model with structured data that utilises a token model such as Open Authorisation The inclusion of FAPI within the Ping Identity solution for Open Banking helps allow banks to overcome insecure practices such as screen scraping by using stored user credentials. Instead, it switches to an API model with structured data that utilises a token model such as Open Authorisation. FAPI is a technical specification developed as a multi-industry standard by the FAPI Working Group of OpenID Foundation (OIDF). It leverages OAuth 2.0 and OpenID Connect (OIDC) to define additional technical requirements for the financial industry and other sectors requiring higher security. For banks specifically, FAPI provides various advantages. This includes enabling applications to securely interact with financial accounts, while also enhancing the user’s ability to control security and privacy settings. Secure identity requirements In concurrence with the specification, OpenID Foundation maintains a cloud-based testing suite for conformance testing by banks, certified third-party security providers and platform vendors—such as Ping Identity. The Ping Intelligent Identity platform is used by hundreds of financial services enterprises, including many of the CMA 9 and Open Banking Ltd. itself. Additionally, FAPI is of increasing relevance to the growing number of new fintech start-ups in areas such as investment, wealth management, insurance, payments and even real estate. “This is significant beyond the Open Banking and financial services sector,” explains Rob Otto, EMEA Field CTO, Ping Identity. “Other digitally-focused sectors, with similar secure identity requirements, now have a proven template that can allow them to quickly deploy their own security controls, which have been stringently tested by the largest financial institutions in the UK.”

Columbia Bank, a Northwest community bank headquartered in Tacoma, Washington, sought to upgrade their video surveillance solution to improve image quality and retention time. They also wanted to maximise field of view to deliver a more forceful and expansive – yet, less intrusive – solution. Working with Cook Security Group, Inc., Ross Armstrong, vice president of physical security at Columbia Bank, chose to overhaul video surveillance in their 150-plus branches across the Northwest, many of which included older analogue cameras. They chose to install a mix of Hanwha Techwin models including Wisenet P series PNM-9000VQ multi-sensor / multi-directional outdoor vandal-proof dome cameras with 5 megapixel lens modules and Wisenet X series XND-8020F 5 megapixel indoor flush mount dome cameras. Surveillance cameras managed by Omnicast VMS The project, which started in June of 2018, has already deployed over 1,200 Hanwha Techwin cameras across 80 locationsColumbia Bank is in the process of the multi-phase upgrade that converts their existing branches to Hanwha Techwin video surveillance cameras managed by Genetec’s Security Center Omnicast Video Management System (VMS). The project, which started in June of 2018, has already deployed over 1,200 Hanwha Techwin cameras across 80 locations. They will complete another 60 sites in 2019, and 30 more in 2020. The video cameras serve as part of an overall physical security plan and are positioned to provide expansive coverage of bank interiors including teller lines, exteriors including parking lots and surrounding areas and ATM machines. Cameras bundled with analytics Armstrong said Columbia Bank tested out a of variety of models before deciding on Hanwha Techwin. “I didn't know which camera vendors would give us the biggest bang for the buck,” he said. “But I settled on Hanwha Techwin for a couple of reasons. One, is the price competitiveness and, two, the fact that the cameras come bundled with so many analytics that many companies want to charge extra for those licenses.” One of the analytics features the Columbia Bank security team uses with regularity is the loitering feature, specifically at their ATM machines One of the analytics features the Columbia Bank security team uses with regularity is the loitering feature, specifically at their ATM machines. “If an individual is loitering around one of our ATMs beyond the set time limit, then we have it programmed into Genetec’s Security Center to send an alert." "Omnicast snaps a photo of the loiterer and emails it to everyone designated on our security team. We then can take a quick look at that photo and quickly determine whether or not somebody is utilising the ATM as a customer or if they're doing something they're not supposed to, such as trying to break into the ATM or installing a skimmer.” Health monitoring of the cameras Armstrong said, as he tested cameras from other vendors, he noticed a consistent drop rate which he was concerned would get worse. Even though 98 percent availability seems acceptable, any downtime creates a risk of missing critical events" “Security Center provides health monitoring of the cameras, and what I looked for was if the availability started dropping below 98 percent. Even though 98 percent availability seems acceptable, any downtime creates a risk of missing critical events. One camera model we were testing was experiencing regular outages, where we would lose 30 seconds off and on throughout the day. These short loses added up quickly and we were seeing availability times dropping somewhere around 93 to 94 percent. That wasn't acceptable. “When I reviewed the data on the Hanwha Techwin model, the average availability was consistently above 99 percent, which was so impressive. It might just be a two percent difference, but it's inevitable that the one time you need it is the one time that camera is not working as expected. Columbia Bank was unwilling to accept the risk of utilising equipment that failed to meet our standards, and decided to partner with Hanwha Techwin, who provided a much more reliable end user experience.” Utilising H.265 and WiseStream compression Impact on network infrastructure and bandwidth were also determining factors for Columbia Bank as they chose to upgrade their video surveillance system. Armstrong said he was disappointed to find many camera manufacturers were not quickly integrating usage of H.265 compression technology into their products. He said he is impressed that Hanwha Techwin utilises H.265 in so many of its camera models, as well as the fact that Hanwha has incorporated its own WiseStream technology into its cameras, making them even more efficient. Hanwha Techwin Wisenet P and X series cameras use H.265/H.264/MJPEG with Hanwha’s exclusive WiseStream II compression technology Hanwha Techwin Wisenet P and X series cameras use H.265/H.264/MJPEG with Hanwha’s exclusive WiseStream II compression technology. WiseStream dynamically controls encoding, balancing quality and compression according to movement in the image. Combined with H.265 compression, the bandwidth efficiency can be improved by up to 75 percent compared to current H.264 technology. Installing non-intrusive cameras Community banks are charged with keeping employees, customers, and assets safe, but also need to present a warm and inviting environment since they are often a hub of civic activity. In-your-face video surveillance cameras in a bank can be threatening to any would-be criminal, but they are also off-putting to customers that visit banks on a day-to-day basis. This allows us to get higher quality images – and a wider field of view – while not intruding into people’s personal space"When Armstrong and his team were evaluating camera solutions across its branches, they wanted to find a way to let customers know they were providing the latest in video security without the potentially intrusive analogue cameras that often can be found just inches away from customers during transactions at the teller counter. Higher resolution 5 megapixel cameras “It’s a balance – you want customers to feel secure, but you don’t want them to feel like they are in a prison or a fishbowl,” said Armstrong. He said they removed the older analogue cameras on the teller line and replaced them with the higher resolution 5 megapixel Hanwha Techwin models, which were placed off the teller line. “This allows us to get higher quality images – and a wider field of view – while not intruding into people’s personal space,” he said. SPD-150 49 Channel Decoder for connectivity One way to convey that Columbia Bank is all business when it comes to security was with an innovative decoder offered by Hanwha Techwin. Armstrong said they wanted to have video monitors showing surveillance camera feeds in certain higher-risk locations so that customers would know they are being recorded, and that would serve as a deterrent to any would be criminals. However, with the change in hardware, they were unable to connect monitors directly to a DVR. Armstrong said Hanwha’s SPD-150 49 Channel Decoder has allowed them to connect analogue, HDMI, and VGA. Columbia Bank has provided video evidence to help law enforcement investigate a variety of incidents including drive-by shootings, traffic accidents, and arson “Being able to put one Hanwha decoder unit in a branch and run three monitors off of it – as well as the ability to hook monitors up to some cameras directly – has saved us tremendous amounts of money while adding a visual security feature.” Adding cameras outdoor to assist community Columbia Bank has long emphasized that they are a community bank that’s community minded. When Armstrong and his team decided to upgrade their video surveillance solution, they made the decision to add video surveillance cameras to the exterior of all bank locations not only to protect their customers as they come and go, but also to assist the community and law enforcement when incidents occur in areas surrounding their branches. We’re very pleased with the solution from Cook Security Group, Hanwha Techwin, and Genetec" “We look at it as the opportunity to give back to the community and provide assistance in a variety of ways,” said Armstrong. So far, Columbia Bank has provided video evidence to help law enforcement investigate a variety of incidents including drive-by shootings, traffic accidents, and arson. Satisfied with the system’s performance Columbia Bank has been well served by the Hanwha Techwin-Genetec security solution and Armstrong said they are very satisfied with the performance of the system. “Hanwha Techwin has been a phenomenal partner for us,” he said. “And that’s what I look for in a security provider – a long-term partnership. We’re very pleased with the solution from Cook Security Group, Hanwha Techwin, and Genetec and we look forward to completing all phases of the project.”

Ahli United Bank (AUB) is a leading financial institution providing banking, investment, and wealth management services from 147 branches in eight countries. Utilising Gallagher’s business and security solutions in Bahrain since 2008, Ahli United Bank decided in 2017 to undertake a full upgrade of the systems at its headquarters. Installing controlled doors As part of upgrading the full product suite at its Bahrain Headquarters – which included all controlled doors and software – Ahli United Bank (AUB) also took the opportunity for a complete re-design of the set-up and locations of its security system. The bank was committed to finding a product that was cost effective and had a long life expectancy. While researching their options, AUB management saw a demonstration of Gallagher’s Mobile Connect technology and were immediately convinced that this was the ideal product for the bank’s upgrade. Gallagher Mobile Connect uses Bluetooth wireless technology to enable users to badge at a reader using a smartphone  Gallagher Mobile Connect In late 2018, AUB began testing the new mobile solution on site then to be rolled out to most of its staff at headquarters. Gallagher Mobile Connect uses Bluetooth wireless technology to enable users to badge at a reader using a smartphone instead of an access card. A huge benefit for AUB is the solution’s capability to add additional layers of security where needed. Gallagher’s Mobile Connect solution provides the option to apply two-factor authentication via the smartphone – either fingerprint, PIN, or facial recognition – delivering heightened security over access to restricted areas. According to AUB’s management, the two-factor capability was very appealing to them. “Using mobile with facial recognition is far more secure than card and PIN, and it’s immensely more cost-effective than buying biometric readers,” they said. Temporary remote access control From an administrative and site management perspective, Gallagher Mobile Connect provides AUB with significant flexibility. Easy provisioning means that authorised staff can remotely allocate temporary access in advance and can also schedule when a user’s access can begin and end – ideal for visitors and contractors who come to the bank’s headquarters. Beyond Mobile Connect, readers and controllers, AUB uses Gallagher’s security software platform, Command Centre, to manage alarms and access for its headquarters and all branches, all from a centralised location. “The power of Command Centre is enormous,” said AUB’s Management. “It integrates with our CCTV equipment and gives excellent oversight of our operations.”

Brian Ishikawa has always kept tight control over his video surveillance system, allowing only authorised personnel within his corporate security division to access video footage. So it was a change for Ishikawa, Senior Vice President and Director of Corporate Security for the Bank of Hawaii, to get used to the idea of authorised staff from the bank’s branch division being able to review video for operational, compliance and marketing-related purposes. The insights collected from the video are helping the bank make more strategic decisions about staffing, customer service and even future branch design. Business intelligence Our March Networks surveillance platform is providing us with some significant business and non-security-related uses" “Our March Networks surveillance platform is providing us with some significant business and non-security-related uses,” Ishikawa explained. Bank of Hawaii, which operates 69 branches and 373 ATMs across Hawaii, American Samoa and the West Pacific, is currently using March Networks Searchlight for Banking software to gather business intelligence at its branches. Searchlight’s mix of surveillance video, teller/ATM transaction data and analytics delivers valuable insights into the bank’s operations, as well as helping to enhance security and uncover fraud. “Our branch division folks look at the data to get ideas on how we should do our branch operations or staffing differently,” he said. People counting data — collected by FLIR Brickstream3D sensors integrated with the Searchlight software — tells them which entrances and exits are most used so they can place marketing materials in high-traffic areas. Video surveillance products The information is also being used to help determine future branch layouts. Queue length and dwell time data, meanwhile, help them understand their busiest time of day, and day of the week, so they can staff branches appropriately. “It’s a huge plus for us,” said Ishikawa. “Our executive management team can see the benefits of the video solution, and the future possibilities for this data.” A forward-thinking bank that’s keen to try new technology, Bank of Hawaii began exploring Searchlight after its success with March Networks’ other video surveillance products. The bank first started using March Networks systems in 2015, when it was time to upgrade its legacy DVRs. At the time, Bank of Hawaii was relying on two different video platforms, and it wasn’t happy with their performance. After enlisting the help of a consultant, and doing his own research at security tradeshows, Ishikawa says the decision to go with March Networks was clear. Network video recorders 'March Networks’ products are really engineered for the banking environment" “I remember asking some of my banking counterparts, ‘Hey what are you guys using?’ And they strongly recommended March Networks,” he recalled. The consultant came to a similar conclusion. He said, "March Networks’ products are really engineered for the banking environment,’ so that helped us make the decision.” Bank of Hawaii is currently using March Networks 8000 Series Hybrid Network Video Recorders (NVRs) in about half of its banking branches. The Linux-based devices provide reliable video surveillance recording and management, and are also easy to service, which is a huge bonus for Ishikawa and his team. In addition, the 8000 Series rack mount units feature an innovative ‘dock and lock’ station that allows technicians to easily remove and service the recorder while leaving all rear connections clean and organised in place. Existing analogue cameras “With other companies, you have to power down the recorder for several minutes to service it, and that means unplugging and re-plugging all the inputs. You miss a number of minutes of recording during that time. With March Networks, we’re able to just pull out the hard drive and pop in another one without taking the NVR offline,” he said. “That’s huge for us.” According to Ishikawa, Bank of Hawaii also appreciates the 8000 Series’ hybrid support, which allowed the bank to continue using its existing analogue cameras, and the motion histograms in March Networks Command video management software, which show Ishikawa and his team where motion occurred and helps them rapidly locate video evidence. “Command’s modern interface is really user-friendly, and it’s very easy to find video,” said Ishikawa. Dynamic range technology Bank of Hawaii has installed MegaPX ATM Cameras, which are purpose-built for ATMs “When someone is telling you, ‘Hey we had a problem at this branch this morning, I don’t know what happened, but it must have been around this time’, we’re able to find that video much more quickly on a March Networks platform.” The bank’s high resolution cameras also make it easy to discern important details. In its newer branches, Bank of Hawaii is using March Networks ME4 Series IP cameras, which capture 4MP images and feature high dynamic range technology to optimise image quality in both low and bright light. The bank is also using Oncam 360° cameras for high-resolution panoramic views. For security at its bank machines, Bank of Hawaii has installed MegaPX ATM Cameras, which are purpose-built for ATMs. Video is integrated with the bank’s ATM transaction data in the Searchlight software for rapid investigations into customer complaints and potential fraud. More comprehensive oversight “It’s so easy to search,” said Ishikawa. “It takes us exactly to that transaction and the associated video so we can figure out what transpired.” The bank is also integrating its teller transaction data with video in Searchlight for more comprehensive oversight of its branches. The combination of video, transactions and analytics helps it get a more holistic view of its services. “Transaction data is not always indicative of how busy a branch is,” Ishikawa said, noting that lengthier conversations at the teller counter often create value because the customer returns later to access another bank product or service. Having video and analytics is an added layer of information. Being able to remotely access video also helps Ishikawa’s security team conduct virtual patrols. This saves them both time and money. Uniformed security member Capturing video of the incident helped underscore the serious nature of the situation “In the past, whenever there was an issue, we had a uniformed security member head out and physically check the branch. But with virtual patrols, we can do fewer physical visits and, when we do visit, it’s a more meaningful visit.” The security team, for example, can keep an eye on issues with vagrancy and loitering by simply logging into the Command software. March Networks video has helped the bank successfully address some of these issues. In one case, a person was routinely visiting a branch and causing disruptions by yelling and throwing deposit slips on the floor. “We don’t always know the situation, but if a person is yelling or displaying erratic behaviour, they pose a risk,” said Ishikawa. Capturing video of the incident helped underscore the serious nature of the situation. Investigating a fraud “We were able to show police that this was not a minor disruptive party. It was a very concerning issue for us. And it wasn’t just our bank, it was occurring in other banks, too.” Going forward, Bank of Hawaii is planning to migrate its remaining retail branches to March Networks. Given the widespread benefits of intelligent video, Ishikawa predicts that, like him, more bank security managers will receive requests to share their video surveillance securely with other departments. “In the future, it won’t just be security that’s asking for a video upgrade,” he said. “It’s going to be other parts of the business saying, ‘We want a piece of the pie too.’ Because surveillance is more than just investigating a fraud or robbery incident. Now, video surveillance is a lot more than that.”

Saudi Arabia’s National Commercial Bank (NCB) is using IDIS technology for one of the biggest financial surveillance system upgrades ever seen in the region, involving at least 1000 NVRs and over 2500 IP cameras. The bank, which serves over 5.4 million customers and is the second largest in the Arab world, chose an IDIS solution to modernise its security and comply with the latest standards introduced by the Saudi Arabian Monetary Authority (SAMA) and Ministry of Interior. Analogue infrastructure IDIS, which is the largest manufacturer of surveillance technology in South Korea, confirmed that the project involves an upgrade to full HD IP technology across 400 branches and more than 2580 ATMs, to be completed ahead of the 2021 deadline. Solutions provider Almajal G4S was appointed and following a competitive tender process IDIS technology was identified as performing better NCB, also known as AlAhli Bank, needed NVRs that would provide RAID 1 and RAID 5 support, and a solution that would allow integration of both IP and existing analogue infrastructure, and the capability to cost-effectively store video footage for a full year. Solutions provider Almajal G4S was appointed and following a competitive tender process IDIS technology was identified as performing better than alternatives in detailed and rigorous proof-of-concept testing. High level protection The IDIS solution operational benefits at the installation stage as well as in daily operations over the lifetime of the system. “Keys advantages for NCB in choosing an IDIS solution is the technology’s robustness, its resilience against data loss, and high level protection against cyber threats. Using IDIS technology is also ensuring a frictionless migration from existing analogue,” says Ahmad Said, ESS Director at Almajal G4S. Thanks to its hybrid capability, IDIS technology allows analogue and IP cameras to be used together, making the upgrade project easily manageable, with a seamless, staged switch-over. For this mission-critical project, IDIS’s Linux based servers and proprietory protocols also offered the highest level of resistance to hacking, while zero-configuration elminates the need to manage IP addresses for every device, all of which gave NCB the network security assurances they were looking for. Allow efficient maintenance NCB and the associated IDIS solution will be the first to achieve full compliance with the new SAMA standards An important consideration for NCB was IDIS Intelligent Codec which, together with dual H.264/H.265 performance, delivers up to 90% reduction in bandwidth and storage. This gives the bank significant, on-going savings allowing compliance with video data storage rules. It also speeds up recording retrieval and helps to make NCB’s new security system easier and more economical to run, says Harry Kwon, General Manager, IDIS Middle East and Africa. “With the upgrade already proving its value the bank’s central monitoring teams now work more efficiently, with their system providing event forwarding, acknowledgements, notifications and live pop-ups.” Providing the lowest total cost of ownership, the IDIS solution will allow efficient maintenance and simultaneous remote upgrades for multiple devices and gives NCB the assurance of IDIS Ultimate Warranty. The project is due for completion in 2019, NCB and the associated IDIS solution will be the first to achieve full compliance with the new SAMA standards.

There will be more artificial intelligence, more machine learning, video systems with more capabilities, and all of it will add greater value to our solutions. Those are among the expectations of our Expert Panel Roundtable as they collectively look ahead to the remainder of 2019. One unexpected prediction is that AI will not prove to be a game changer – at least not yet. We asked this week’s Expert Panel Roundtable: What will be the biggest surprise for security in the second half of 2019?

There’s a huge cloud hanging over the physical security market, but in a good way. Cloud-based systems, whether for video, access control or another category, are on the verge of taking the industry by storm. The benefits of that mythical “cloud” are well-known, or certainly well-touted, in the market. It’s almost as if the word “cloud” has become a buzzword that can mean different things, or at least whatever the customer wants it to mean (as long as they buy!). We asked this week’s Expert Panel Roundtable to define the term more specifically, and to comment on the industry’s understanding of the terminology. Specifically, we asked: Define what we mean by “the cloud.” Is the definition universally understood in the market?

One of the things all security systems have in common is that they depend on human operators, to one extent or another. But how often is the human factor overlooked in product design? Sometimes, more focus is aimed at increasing the functionality of a system, even at the expense of usability. That’s how we get systems that have more capabilities, although accessing that functionality may be hopelessly complex. Creating effective graphical user interfaces (GUIs) is an ongoing challenge for the security market, and the consumer market, with its iPads and smart phones, has raised the expectations bar. We asked this week’s Expert Panel Roundtable: What elements are required to make an effective video system user interface?