The recent hack attacks and assorted computer worms and viruses have transaction executives thinking a lot these days about software security, a subject some experts say is likely to remain vexed. Software, after all, is simply the product of human code-writing.
“There’s no such thing as secure software,” declares John C. Elliott, a transaction-industry consultant and former executive for MasterCard and ADP. Biometrics, which some see as the best solution to the problem since it controls–or authenticates–access to transaction networks and the Internet, is coming under attack from some as inherently buggy, even after years of development. Many biometric programs, which include fingerprint identification, retina or iris scans, and facial-recognition software, still work best in contained, controlled environments, and other programs still yield too many false denials of access. Still, this is not to say the technology isn’t making progress.
Indeed, the federal government, including the new Homeland Security Department, has become a major prospective user. Slow progress on biometrics, though, leaves a dangerous void for the transaction business, particularly on the Internet. Since perfect software security is an impossible standard, some form of rapid, reliable authentication for network access is crucial. Says Elliott: “The Internet has become a critical part of the information infrastructure that the modern world runs on. We can’t afford to periodically let people blow it up.”