Financial services vendor BancTec Plexus on how to ensure image security within document and workflow systems.
Companies seeking to supplant traditional methods of storing records of paper-based transactions have grappled with the problem of maintaining provable authenticity during the capture and storage process. Even original paper documents are susceptible to fraudulent alteration and micro-graphics can be “edited” and recaptured, although this is a process requiring some degree of skill and equipment. Nevertheless, detection of such frauds has a historically proven methodology and reliability, and so elimination of them has relied on two approaches – first, limiting physical access to the data in question and second, applying the fraud-detection methodologies when producing the records. The advent of digital mass-storage created many more qualms over security – not all of which have been solved. The mere fact of digitisation, in some minds, makes the authenticity questionable. The fact that a physical paper has been reduced to bytes of data which pass through many internal stages of memory, networks and temporary disk storage means that immutability is hard to guarantee. Nevertheless, most legal authorities accept the difficulty of intercepting and amending a given image in these byte streams, especially given that encryption and error-checking is available and often applied if sensitive data is involved and that physical access to the point of capture of a document is relatively easy to restrict. Attention has focussed much more on the long term storage of the images.
Physical, network access
For many the answer has been WORM disk and WORM systems manufacturers made good earnings in the early development of digitisation process. However, WORM technology has not always proved to be compatible with high data transfer rates, convenient form factors, low cost manufacturing and a host of other commercial and technical constraints. Also the physical access barrier has been lowered with the explosion of demand for network access typified by intranet and internet applications which mean that whilst physical bodies may still be excluded from data centres, prying IP-savvy hackers are not so easy to restrain. Hence the erosion of WORM with the advent of “logical WORM” which is an optical-magnetic technology that is, in theory, exactly the same as an optical re-writable disk except that the disk and the drives that it works with “know” that it should not be changed. This is clearly a less secure option than “true WORM” but has nevertheless seen widespread adoption in many countries as a legally admissible medium of image storage. This has been achieved with the tacit compliance of the legal framework in the US which, when cheque and other financial instruments are produced to support legal argumentation, simply demands that the “best-available evidence” is brought to bear without proscribing or prescribing anything about the storage medium. This in turn drives the technology suppliers and the inevitable near-total globalisation of the IT industry means that the effect has been to drive down evidential standards in other countries, except for the few that have explicitly legislated otherwise.
