BMA International
Biometric Devices
Introduction
Established in 1997, Dubai-based BMA International operates fashion retail in the Middle East
and Asia across the Kingdom of Saudi Arabia (KSA), United Arab Emirates (UAE), Bahrain,
Oman, Kuwait and Qatar with more than 250 stores offering two major brands — Redtag and
twenty4. BMA’s steady growth is a testament to its focus on building trust with its shoppers,
employees, suppliers and stakeholders to create a company that is people-centric, ambitious
and results-oriented.
The Problem
Fraud is a common problem in the retail sector, particularly within large chains with hundreds
of locations and tens of thousands of employees. BMA’s retail stores were no exception.
Following an internal audit, security of point-of-sale (POS) terminals in retail outlets were
identified as a serious concern, particularly the misuse of floor supervisors’ credentials to
access terminals and modify or cancel transactions.
The problem persisted even after BMA switched from passwords to a smart card-based authentication system. The most common issues involved supervisors leaving smart cards with cashiers to use in their absence and failing to return the cards when a separation from an employer occurs — a frequent occurrence as many of BMA’s retail employees are expatriates who often return to their home countries.
Fraudulent use of the smart card was also a common problem. Once a sale was completed and the customer had left the store with their purchased items, the smart card could be used to improperly access the system so the cashier could void the transaction and pocket the “refund,” resulting in both monetary and inventory losses. “BMA’s internal auditors were concerned with the lack of control over the cards and the potential for fraudulent transactions due to their mishandling. They observed clear gaps in security and authentication practices that led directly to fraud and revenue leakage, resulting in the Internal Audit Committee recommending to the BMA Board of Directors that action be taken to plug the security holes by tightening the authentication process,” said Nainan M. Kurian, CEO of BMA International.
The decision was made to transition authentication to a biometric-based system that would provide the required security at a competitive price which aligned with the aesthetics of the retail stores. The system also needed to be compatible with the Oracle Retail Xstore Office Cloud Service, which BMA International was adopting across its brands.
The problem persisted even after BMA switched from passwords to a smart card-based authentication system. The most common issues involved supervisors leaving smart cards with cashiers to use in their absence and failing to return the cards when a separation from an employer occurs — a frequent occurrence as many of BMA’s retail employees are expatriates who often return to their home countries.
Fraudulent use of the smart card was also a common problem. Once a sale was completed and the customer had left the store with their purchased items, the smart card could be used to improperly access the system so the cashier could void the transaction and pocket the “refund,” resulting in both monetary and inventory losses. “BMA’s internal auditors were concerned with the lack of control over the cards and the potential for fraudulent transactions due to their mishandling. They observed clear gaps in security and authentication practices that led directly to fraud and revenue leakage, resulting in the Internal Audit Committee recommending to the BMA Board of Directors that action be taken to plug the security holes by tightening the authentication process,” said Nainan M. Kurian, CEO of BMA International.
The decision was made to transition authentication to a biometric-based system that would provide the required security at a competitive price which aligned with the aesthetics of the retail stores. The system also needed to be compatible with the Oracle Retail Xstore Office Cloud Service, which BMA International was adopting across its brands.
The Solution
BMA International and its technology partner, Technowave International LLC,
determined that the HID DigitalPersona® 4500 Fingerprint Reader met all their
requirements — a decision supported by recommendations from other retailers
that had deployed the product, and by the fact that competitive solutions were
incompatible with Oracle Retail Xstore, a crucial requirement.
A USB peripheral with a compact design to conserve space, this fingerprint reader from HID is ideal for use by multiple people in a shared environment. Its professional, modern design looks elegant in retail settings while offering superior authentication control via biometric functionality that uses optical scanning technology to achieve excellent image quality and reliability.
With this easy-to-use technology, floor supervisors simply place their finger on the reader window, which rapidly captures and encrypts the fingerprint image, then provides a red flash as a visual cue indicating that it was properly captured. That image is sent to the DigitalPersona FingerJet™ biometric engine for verification, and once the user has been authenticated, access to the POS terminal is granted.
“Deploying the HID DigitalPersona 4500 Fingerprint Reader was simple and caused no disruption to retail operations. It paved the way for significant reduction in the malpractice that had been occurring with the smart card system,” said Kurian.
A USB peripheral with a compact design to conserve space, this fingerprint reader from HID is ideal for use by multiple people in a shared environment. Its professional, modern design looks elegant in retail settings while offering superior authentication control via biometric functionality that uses optical scanning technology to achieve excellent image quality and reliability.
With this easy-to-use technology, floor supervisors simply place their finger on the reader window, which rapidly captures and encrypts the fingerprint image, then provides a red flash as a visual cue indicating that it was properly captured. That image is sent to the DigitalPersona FingerJet™ biometric engine for verification, and once the user has been authenticated, access to the POS terminal is granted.
“Deploying the HID DigitalPersona 4500 Fingerprint Reader was simple and caused no disruption to retail operations. It paved the way for significant reduction in the malpractice that had been occurring with the smart card system,” said Kurian.
The Result
Since deploying more than 1,100 HID fingerprint readers in retail outlets across
KSA, UAE, Oman, Bahrain, Kuwait and Qatar, BMA has eliminated nearly all
POS fraud and abuse. The system has also driven tangible improvements in the
attendance and punctuality of floor supervisors, who must now be physically
present in the store for authentication to take place.
The HID authentication system is also capable of multiple types of authentications — providing flexibility that is appreciated by users who work at multiple locations.
“Because the HID DigitalPersona 4500 Fingerprint Reader requires proof of presence for authentication, there is greater accountability among supervisors which resulted in immediate cessation of POS fraud and stopped both revenue and inventory leakage. The exceptional support provided by HID Global has also allowed BMA to take full advantage of the system’s functionality and flexibility,” said Kurian.
The HID authentication system is also capable of multiple types of authentications — providing flexibility that is appreciated by users who work at multiple locations.
“Because the HID DigitalPersona 4500 Fingerprint Reader requires proof of presence for authentication, there is greater accountability among supervisors which resulted in immediate cessation of POS fraud and stopped both revenue and inventory leakage. The exceptional support provided by HID Global has also allowed BMA to take full advantage of the system’s functionality and flexibility,” said Kurian.