Last of 3 parts
SECURITY beyond passwords is the technology behind the cognitive recognition (CogID) technology invented by Dr. Alex Natividad, a practicing Filipino psychiatrist in Texas. In his CogID, one need not memorize his passwords to access computerized application systems (apps), whether it be corporate or personal. His identity shall be verified based on his life, mind, or experiences.
To clearly understand the CogID concept in eliminating usernames, passwords or personal identification number (pin) codes to identify the user, you may view the Nimbus Overview Video at nimbus.com or https://www.youtube.com/watch?v=6R-4BZKFUQ0. In CogID concept, accessing apps is through the use of unforgettable stories in your memory, whether it happened when you were a kid or up to the recent ones. In the video, the sample story shown is “Julie Gomez was my first girlfriend. We went to high school together at Dallas High School in 1975. When we graduated, she gave me a pen as a gift. Later, she became an avid golfer.” It is explained therein that CogID breaks apart a story in your memory into different objects. Such object is called recognition object which is composed of two things: focus object and attributes. In the sample story, the focus object is Julie Gomez and the attributes are First GF, pen, Dallas HS, 1975 and Golfer. To summarize the video, in CogID system, there’s no password or pin code entered to access a certain app but rather you choose the right attributes to relate to a focus object from different multiple choices. Hence, memorization of passwords or pin codes are eliminated and thwarts off the perpetrators, thieves or hackers.
Let’s tackle automated teller machine (ATM) skimming, phishing and even ComeLeak cases in explaining CogID to eradicate these cybercrimes. In ATM skimming, hackers place a card reader over the ATM’s real magnetic card slot to capture and replicate the user’s card number and personal identification number (pin) code into a counterfeit copy for theft. As perceived to be the ultimate solution to ATM skimming, the Bangko Sentral ng Pilipinas (BSP) mandated the banks to migrate to EMV technology by January 2018 though banks were given until June 30, 2018 to fully comply. EMV stands for Europay Mastercard Visa (EMV), a chip-based or smart card technology that stores their data on an integrated circuit inside the thin card, aside from the usual magnetic stripe on it. However, EMV technology is still prone to hacking contrary to the common understanding of the BSP and the banks that it is not hackable. The new way of taking information from the EMV card is called ATM shimming.
Shimming attacks are not new abroad but they are likely to become more common in due time as a greater number of our local banks are migrating to issuing EMV cards. As the transition takes place, the ATM thieves are getting ready to employ ATM shimming to continue their identity theft malpractices. To understand ATM shimming, you may watch “Shimmers: The new undetectable way to steal your chip-card info” at https://www.youtube.com/watch?v=nrvqk1XJy54. So, is the migration to EMV technology safe? Nope! Banks will still face the same ATM thieves in 2018.
With CogID system, there’s no need for card identifier and pin code, but the user would be prompted with recognition object. The attributes of a focus object may vary from time to time from various ATM transactions. The CogID system would generate a random sample of attributes. Hence, there won’t be a pattern generated by the system. That makes the ATM transaction secure and prevents either ATM skimming or ATM shimming.
What about phishing? Phishing is also a common hacking method used to obtain sensitive information such as usernames, passwords, and bank account details from Internet users. It is typically launched by sending an email that looks as if it is from a legitimate banking website, but contains a link to a fake website that replicates the real one. When a victim enters his username and password, that gives the hacker the opportunity to capture and use it to amass the deposit balance. The BSP warned internet banking users not to reply to suspicious emails by ignoring and deleting the message and by not giving personal and financial information requested through email. Be that as it may, the phishing incidents are still happening until now!
Last but not the least, ComeLeak and other hacking incidents related to the intrusion in enterprise computer systems are the results of poor system and database administration. Access to the databases is still controlled by the famous combination of username and password. It has never been changed in spite of sophisticated technologies that have been introduced in the market.
Hence, the BSP may consider the CogID system that would permanently mitigate the ATM banking fraud and phishing. For ComeLeak and related incidents, the Department of Information and Communications Technology may tap Alex to explore the possibility of implementing his invention, the Filipino way, to protect ICT-related systems of the government, as well as those private institutions linked with it.