Financial Crime World

Here’s the article rewritten in markdown format:

Biometric Authentication in Finance: A Risky Game in Namibia

The Rise of Biometric Authentication Globally

The use of biometric authentication in finance is on the rise globally, but in Namibia, it’s a different story altogether. Despite the country’s efforts to comply with international best practices, its laws must reign supreme, and the current regulatory framework falls short.

What are Biometrics?

Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguished biological traits, including:

  • Fingerprints
  • Facial recognition
  • Hand and earlobe geometries
  • Retina and vein patterns
  • Voice prints
  • Written signatures

Cloud technology has made biometric information more accessible and portable, but vulnerabilities remain.

Risks of Biometric Authentication

Biometric authentication holds several risks, including:

  • False matches: incorrect identification of an individual
  • False rejections: a legitimate individual being denied access or service
  • Algorithmic bias: the inherent biases in algorithms used for biometric analysis
  • Biometric spoofing: attempting to deceive a system by mimicking another person’s biometric data

Hackers can target biometric databases, putting people at risk for identity-based attacks. If this happens, individuals may not be able to do anything about it.

The Law in Namibia

In Namibia, the Communications Act of 2009 requires operators to collect basic information such as names, dates of birth, addresses, and copies of identification documents to register a SIM card. However, there is no mention of biometric information being legally required for SIM card registration.

MTC Namibia’s Biometric Database

Despite this, MTC Namibia has been scanning fingerprints and taking face photos of subscribers for SIM registration as part of its “Verifi” service. The Communications Regulatory Authority of Namibia (Cran) recently issued a directive that telecommunications operators should discontinue capturing clients’ biometric data in the absence of a data-protection legislative framework.

The Conundrum

MTC Namibia has stated that it will continue offering its Verifi service as part of the biometric data-capturing process, and as a condition of service for customers. This is a conundrum for law experts, who argue that MTC must either follow the directive or challenge it in court.

What Now?

In summary, Namibia does not have an online privacy and data protection law. Consultations around such a law have been ongoing since 2019, but so far, the draft law doesn’t deal in depth or appropriately with biometric data management systems. It remains to be seen what measures will be taken to address these concerns.

Experts Weigh In

Major General JB Tjivikua, who served in the Namibian Police for 27 years, warns that if a database containing identification records is compromised, the biometric system tied to the data will be vulnerable. “Once your biometric data is stolen or lost, it could be permanently compromised,” he says.

The use of biometric authentication in finance is a complex issue, and Namibia must ensure that its laws and regulations keep pace with this technology.