1. Field of the Invention
The present invention generally relates to a method, system and program product for auditing electronic transactions based on biometric readings. Specifically, the present invention identifies potentially fraudulent activity based on a high degree of similarity between biometric readings that pertain to the electronic transactions.
2. Background Art
As the use of computer technology becomes more pervasive, the need for improved security is growing. Specifically, many of today's systems rely on user authentication as a primary form of access control. Typically, a user attempting to access a system will provide a user name and password that are checked against a list of authorized users. Unfortunately, this type of access control can be easy to circumvent by obtaining the user name and password of an authorized user. Moreover, password-based access control provides no way to definitively determine the identity of the accessing user. For example, if an electronic mail message is transmitted from the account of user “A,” it could actually have been generated and transmitted by user “B.” Unless there is video evidence that depicts user “B,” it will be assumed that user “A” actually transmitted the message.
In an attempt to avoid such issues, the use of biometric readings (e.g., fingerprints, retina scans, signatures, etc.) has been implemented. Because biometric readings are unique to each individual, they not only provide better access control than a user name and password, but they also identify a particular individual. For example, when attempting to access a particular workstation, user “A” might have to provide his/her thumbprint. Once provided, the thumbprint will be used to identify and authenticate user “A” (e.g., Joe Smith). In general, a user is authenticated when his/her biometric reading is sufficiently similar to a previously provided “baseline” reading (e.g., taken upon commencement of employment). Although a best case scenario for authentication is to have an identical match between a biometric reading and a baseline biometric reading, most authentication systems allow for a certain degree of variation. This is to recognize that each biometric reading, although authentic, may not be completely identical. For example, if a user signs his/her name several times, each signature will likely vary from the others in certain, minimal ways due to, for example, the angle of the writing implement, the speed at which the signature is made, etc. Even fingerprints vary in appearance due to, for example, the type of reading device, the angle at which the finger is held, etc.
Unfortunately, because current authentication systems rely on biometric readings be similar or identical, they fail to account for counterfeited biometric readings. For example, assume that a counterfeiter copied user “A's” thumbprint and attempted to access user “A's” workstation multiple times using the copied thumbprint. Existing authentication systems would ignore the fact that all of the thumbprint readings were identical. Accordingly, each access attempt would likely be permitted simply because the thumbprints would be sufficiently similar to user “A's” baseline thumbprint. Thus, existing authentication systems ignore the fact that the biometric readings should in fact have some variation from each other.
In view of the foregoing, there exists a need for a method, system and program product for auditing electronic transactions based on biometric readings. Specifically, a need exists for biometric readings taken in conjunction with electronic transaction to be collected and stored in a secured fashion. A further need exists for the biometric readings to be compared to each other to identify potentially fraudulent activity.