CardLab’s disruptive security solutions offer the essential cybersecurity paradigm shift to put an end to cybercrime.
Surveillance is becoming more commonplace than ever before. In airports, harbours, border control points and in countries with high levels of surveillance, cameras, sensors, smartphones and other devices are continually capturing images such as face scans, iris scans, fingerprints and motion patterns; all of which are then stored centrally in databases for later identification processes. This process is left potentially open to hacking at several stages, from hacking into the hardware device itself to direct infiltration of the database, where hackers can retrieve anything from raw data to encrypted algorithms, tokens and templates. This means the risks of data loss, compromised cybersecurity paradigms and privacy violations are prevalent, leading in extreme cases to the loss of critical biometric data meaning it will never again be possible to establish a unique identification of individuals; and leading to total uncertainty on who you actually are dealing with online.
The risk not just of hacking attacks, but of terrorists using stolen identities, is rising rapidly; as the big hacks have shown. Security concerns over cybercrime are rapidly increasing with losses up to €526.55bn in 2016 and a forecasted cost in 2020, according to the latest CSIS/McAfee report, of €19.8 trillion due to spectacular hacks, cryptocurrency theft, online identity theft and other illegal activities. Digitalisation has made this possible on a massive scale, as to date the focus has been too much around convenience and short term cost gains. Looking backwards at the increase in losses related to digitalisation, it is clear there will be a long term cost which will outstrip the short term savings by a clear margin if we do not disable this hackers’ paradise. The answer until now has typically been more encryption, but the reality is that the hackers will always catch up. It is time to stop letting the hackers set the rules and start reducing global losses due to criminal cyber-activities and fraudulent activities generally, which currently total almost 1% of the world’s GDP.
Living digitalisation forwards
Digitalisation will continue at an ever increasing speed, but we need to introduce a cybersecurity paradigm shift before we end up with a world with no certainty on who you are dealing with digitally, dramatically increasing the risk of terrorism, identity theft; and even more ransom payments due to cyber-criminal activities and potentially the loss of trust between individuals and nations.
CardLab security solutions offers that essential paradigm shift to put an end to these criminal activities; along with easy GDPR compliance, privacy protection and seamless and cost effective integration with the existing infrastructure. CardLab’s cybersecurity paradigm shift involves adding an offline hardware element to the authentication process via a biometric card which exists fully out of hacker space; on the basis that ‘what cannot be seen cannot be hacked’. The card stays offline until the user decides to activate it; and no information will be released from the card until the user is able to verify their identity with a correct fingerprint.
The card is only a part of a full authentication system which does not hold personal data, instead using tokens created by the card after the correct fingerprint has been presented. This eliminates the need for central biometric databases which can be hacked and exploited and is therefore a true distributed security solution, wherein the end user takes full control of when, where and how to share their data.
The system is fully compliant with the GDPR and PSD2 regulations; and represents true identity protection for the user while providing unique user identification.
Digitalisation is normally considered to be more efficient and time saving, but the reality is that the activation and use process for the card system is several times faster than activating and using a mobile app; and the card system represents a much higher level of security than any app or IoT-based device will ever be able to provide.
Can a card be hacked? Theoretically, yes; but in contrast to IoT devices which can be accessed remotely, the hacker will need to have it in their hand and hacking the card system will entail no less effort than hacking a database. Where data is taken from the card it is probable it can never be used, as cards are deactivated as soon as they are reported missing or stolen.
Furthermore, from the perspective of a hacker it would seem futile to expend significant effort on retrieving data from one card whose loss is immediately detectable; whereas hacking a database will provide access to millions of accounts with minimal effort.
Why CardLab’s cybersecurity paradigm helps create a secure digitalisation future
Working in partnership with CardLab will give access to our extensive experience in the powered card industry, with the following benefits:
- Your identification on the internet will be the secure token the card creates after approving your unique fingerprint;
- Our cards function within the existing infrastructure, with huge savings on implementation costs;
- Our cards are compliant with existing card standards and protocols;
- Our cards can be customised to meet the specific needs of the user;
- Scalable card security option gives you the exact level of security needed and you only pay for what you need; and
- The cards adhere to use patterns familiar to the end user, making security improvements easily acceptable by end users.
We provide cards and services ranging from:
- Biometric card with full ‘System on Card’ fingerprint authentication featuring backend authentication and ID management system;
- Communication controlled RFID cards;
- Connected cards enabling transformation of virtual cards to a physical card;
- All in one card solutions including a connected app and security platform; and
- Card development, consultancy and card production services.
We recommend that you contact us to learn more about how you can use our card solutions to stay protected. As a standard service we deliver different versions of cards, including:
- A biometric OTP card with battery and display, enabling secure E-banking, E-commerce and E-government from any web interface. The card can generate more than 5,500 codes before the battery is depleted;
- A biometric card based on energy harvesting with a biometric fingerprint sensor for secure payment, access and ID purposes, which is usable for minimum 50,000 cycles;
- A hybrid card with fingerprint sensor and display with energy supplied via energy harvesting and battery augmentation where insufficient or no power is available to operate the card, well suited for high frequency use combined with E-banking, E-commerce and E-government; and
- A biometric card with rechargeable battery enabling high frequency use for extended period for all card purposes, including full cold wallet storage for blockchain and cryptocurrency platform authentication.
All of the above card solutions can be delivered as ‘connected cards’, meaning they can perform encrypted communication between the card and a host device – typically a smartphone via NFC and/or BLE, giving the ability to make the complete user verification offline and transmit the generated token to an app for online operation.
Digitalisation is here to stay and we definitely need to take the benefits we can get from it, but we also need to have a better and more risk-based approach to how we implement digitalisation.
Critical and sensitive information is almost impossible to protect in an online environment; and it is clear to CardLab that the future needs to include offline elements, especially in the authentication process, to avoid a scenario in which we lose all biometric data and no longer are able to create a unique identity for our citizens.
The offline element in form of biometric cards which can turn individuals’ data into tokenised data on the internet is the most secure way of handling the most sensitive data you have: your biometric data. In combination with a state of the art backend authentication system with asynchronic key handling, this represents a new and far higher level cybersecurity paradigm offering unique identification and identity protection at the same time.
This biometric security card project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 757096.
+45 31 55 49 94