Alcatraz AI is offering web-based mobile enrollment and privacy consent management to optimize the onboarding process for its facial recognition building security system. Credit: Thinkstock Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration.The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors to register remotely and securely through their own mobile devices and tablets, according to Blaine Fredrick, vice president of products at Alcatraz AI.The updated privacy consent management process is designed to offer an opt-in choice via mobile devices, allowing Alcatraz’s enterprise customers to inform end users about the usage and management of their personal data, which they can choose to accept or decline. With the two new enhancements to the Rock, Alcatraz AI expects to reduce the overall cost and complexity of the enrollment process and also enable corporate compliance with privacy laws such as the EU’s General Data Protection Act (GDPR), the US’ Biometric Information Privacy Act (BIPA), and India’s Central Consumer Protection Authority (CCPA) guidelines. The system has been designed to initiate enrollments by sending QR codes and links directly from the security teams at organizations that have installed the Rock system, using multifactor authentication, including via emails, to reconfirm access, according to Blaine.Mobile enrollment raises security concernsEnabling distributed access with the mobile enrollment feature, however, may raise concerns about malicious attempts to impersonate valid visitors, said Michael Sampson, an analyst at Osterman Research. “There are definitely security concerns if they are relying on the future employee’s personal mobile device and personal email address (to which a a link or QR code is sent),” said Sampson. “If the future employee’s email account had been compromised through phishing or other credential compromise avenues, then it is possible that a threat actor could enroll as the employee and gain building access. There’s a few hoops they’d have to jump through, but there are weaknesses in the security chain when personal devices and personal addresses are utilized.”Otherwise, Alcatraz AI’s new privacy consent management capability is expected to allow for transparency in the usage of user data.“The privacy consent is a good angle, and an essential one. There’s lots to get right in that, including the process for revoking consent and providing optics to the employee on where their biometric data is being processed,” Sampson said. The Rock features a range of compliance and security tools, including real-time event log monitoring, customizable data retention schedules, and hard data deletes.The new mobile enrollment and privacy consent management features will be generally available in the second quarter of 2023 to all Alcatraz AI customers using the cloud-based version of the Rock. The company did not immediately specify whether the new features will be rolled out to the on-premises version of the product. Related content news Kroll cyber threat landscape report: AI assists attackers AI is simplifying all sorts of tasks — and not always for the better: cybercriminals, too, are adopting it. By Lynn Greiner May 24, 2024 4 mins Threat and Vulnerability Management Cybercrime Vulnerabilities news analysis Windows Recall — a ‘privacy nightmare’? The Windows AI feature announced by Microsoft this week quickly drew criticism for recording regular screenshots of a user’s screen; one security expert compared it to keylogging software. By Matthew Finnegan May 24, 2024 1 min Privacy feature What is spear phishing? Examples, tactics, and techniques Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack. By Josh Fruhlinger May 24, 2024 14 mins Phishing Cyberattacks Fraud news analysis Emerging ransomware groups on the rise: Who they are, how they operate New and developing ransomware gangs move to fill the void left by the shutdown and law enforcement disruption of big players, with differing tactics and targets. By Lucian Constantin May 24, 2024 6 mins Ransomware Cybercrime PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe