Authentication and Authorization Problem in Cyprus
By Naresh Persaud on Mar 31, 2013
If you are following the Cyprus bailout story, you will sympathize with the extraordinary situation faced by Cypriots coping with unprecedented banking regulation. Faced with a risk of capital outflow, the government placed limits on domestic and foreign currency transactions. After the restrictions were lifted, it was discovered that there were loopholes that allowed withdrawals from subsidiary banks in London where the controls were not enforced. For controls to work they have to be consistent. The limits are very specific and very difficult to enforce. As institutions and governments try to apply fiscal or regulatory controls over large groups of people, the controls are only as effective as the identity management capabilities of the institution. The problem is latency. The longer it takes for an endpoint or in this case a bank subsidiary to get updated, the more security risk. In this case Cyprus loses a significant fraction of foreign deposits.
The problem is not unique to Cyprus. During the American financial crisis, the breakdown in trust almost froze the credit system. When a credit card is swiped at the local retailer, the authentication does not always go directly to the bank that issued the credit card. The transaction flows to a merchant bank. The entire system depends on keeping the merchant banks in synch. Every transaction we make without cash has an element of identity involved. The economic cost of identity authentication, while not explicit, is a factor in every credit card transaction and every purchase online. The Cyprus crisis demonstrates what can happen if identity controls break down or fail. In Cyprus the consequence is failure of the banking system.
Authentication failure at an individual level ends in fraud or theft. As the customer experience becomes more digital the consequences are more drastic. Authentication failure can hurt an individual, a business or in this case compromise the future of a nation.