The Top 15 Reasons To Use Biometric Technology In Workforce Management And Retail Point Of Sale – Reason #9 – Role Based Security

Blog Series – “The Top 15 Reasons To Use Biometric Technology In Workforce Management And Retail Point Of Sale”

Leading up to our participation in the National Retail Federation’s 2011 “Retail’s Big Show” from January 9 – 12 in New York city, M2SYS Technology is publishing a blog series on the top 15 reasons that biometrics is a smart choice for retail organizations to consider as an authentication technology in workforce management and retail point of sale applications.

In case you missed it, here are the links to our prior posts in the series:

Reason #1 – Stop Buddy Punching
Reason #2 – Increase Productivity
Reason #3 – Enhance Loss Prevention
Reason #4 – Establish Accountability
Reason #5 – Going Green
Reason #6 – Build Customer Loyalty
Reason #7 – Achieve Higher Return On Investment
Reason #8 – Airtight Access Control

And now on to our next post…

Reason #9 – Solidify Role Based Security

The Role Based Access Control Model

Role based access control (RBAC) is defined as the strategy that is used to restrict system access to authorized users.  In our last blog post, we discussed using biometrics to achieve airtight access control in the context of securing inventory and physical assets.  In this post, we are going to cover establishing a solid RBAC model as it relates to system access and transactional authorization.

Almost all retail establishments develop a hierarchal model for their business based on the roles of their employees.  This model delineates permission based system access and acts as a guide for the processing and rectification of transactions.  Most organizations are very stringent about developing a comprehensive model for this purpose but fail to employ the proper system technology that essentially ensures that the permissions set forth in the model are followed and not abused for criminal purposes.  Similar to physical inventory access control, the feasibility of ensuring that RBAC will work successfully and not be exploited is directly tied into the strength and security of the system technology.

Some Technologies Make Audit Trails Impossible To Follow

Most often, employees take advantage of loopholes in a system by swapping barcode ID cards to authorize transactions or sharing PIN’s to override the authorization level that their current status provides.  This system manipulation is commonly used to enter phantom transactions, falsify returns and comp items or services for customers or employees who should actually be paying for them.

Problems arise when you employ more antiquated system technologies that offer no assurance that the individual who traces back to the illegal transaction was actually the person who committed the crime.  You think that you have narrowed down your list of perpetrators to one or perhaps a few employees who fit within a particular window or timeframe but realistically, you have no way of truly knowing that the suspects were acting alone or perhaps in conjunction with other employees by swapping ID cards or PIN’s.  Even though you had good intentions to put a system in place that limits transactional authority based on an employee’s role, it’s virtually impossible to establish a concrete audit trail due to the uncertainty that the technology itself creates.

Biometrics Is The Only Way To Know For Sure

Upon implementing a biometric component to your RBAC model, you can rest assured that the ability to identify an individual executing a transaction is virtually undeniable.  If you elect to adopt a fingerprint biometric system, it’s not feasible to think that an individual would conspire to figure a way to fool the system by replicating a mold of a supervisor or manager’s fingerprint in order to override their own authority level.  If you select a more sophisticated biometric modality such as finger vein or palm vein technology which relies on vascular biometric technology, then the chances of someone obtaining a vascular finger or palm pattern to use as a means to fool the system becomes virtually impossible.

Therefore, the audit trail becomes concrete and you have implemented a system that solidifies your RBAC model and provides the peace of mind to know that if a problem were to arise, it would be handled swiftly and accurately.

Biometrics Is One Spoke In The Wheel Of Effective RBAC

Simply deploying a RBAC model with a biometric system for authorization is not going to single handedly wash away any chance of your system being exploited.  Although biometrics does offer a very powerful way to secure system access with a solid audit trail, it must be combined with other key ways to prevent employee theft.  Check out this article which describes some additional measures you can put in place to help prevent employee theft and mismanagement.

We encourage you to read through some testimonials from our point of sale Integrators to see firsthand the value that a biometric component can inject into a retail environment.

Do you think biometric technology would be a powerful way to establish a solid RBAC model?  Why or why not?  Please share your comments below.

John Trader (241 Posts)

John Trader is the Public Relations and Marketing Manager with M2SYS Technology, a recognized industry leader in biometric identity management technology. Headquartered in Atlanta, GA M2SYS Technology's mission is to pioneer the high-tech industry by delivering long-term value to customers, employees and partners through continued innovation and excellence in all aspects of our business. M2SYS continues to innovate, build and bring to market leading-edge biometrics solutions that revolutionize the industry and expand the applicability of biometrics technology in our marketplace. You can view their Web site at www.m2sys.com or contact them via e-mail at info@m2sys.com