Cyberattacks, falsification of documents, identity theft, mobile payment, plagiarism of QR codes … SICPA specializes in security, both physical and virtual.
SICPA is a Swiss company specialized in security inks for tickets and sensitive documents, such as identity, transport or lottery tickets, for example. It also offers protection solutions in the field of products and brands, and services to the industry in terms of authentication, anti-theft, identification, etc. This multinational has just inaugurated a Center of Excellence in Madrid. Fabián Torres, Director of Business Development at SICPA, tells us more details about this company and its operations.
Why, being a Swiss multinational, do you support Spain so much by creating a Center of Excellence in Madrid?
The company’s first major transformation occurs when the Spanish Ambassador to Switzerland convinces Maurice Amón, founder of SICPA, to manufacture high-security ink for banknotes. In fact, the first banknote in the world to be printed with high security inks is the 100 pesetas from Spain. Since then, generation after generation, the Amón family has always had a special affection for Spain. Hence, the current president did not hesitate to launch, more than 10 years ago, the group’s first center of competence for the development of digital solutions outside of Switzerland, in Madrid. The enormous professional qualification of the Spanish experts, having the same European culture and being highly competitive has allowed this Competence Center to grow and consolidate itself as the second largest after that of Switzerland. The solutions development area of the new strategic center of excellence in Madrid currently has nine development teams and one support team, made up of more than 130 people, with 21% women (more than ten points above the world average ), out of a total of 14 nationalities. This area actively collaborates with other Group centers in Brazil, the US, Switzerland, Malaysia and Russia, among others, and supports the development of solutions for governments and various industries. Among them, systems of conformity, authentication, aggregation and traceability in a multitude of products (wine, luxury items, museum tickets, food products, Oil & Gas, tobacco and alcohol, among others).
In addition, using cutting-edge technologies based on blockchain and Data Science solutions, it handles significant volumes of data that allow studying trends to develop and refine mobile activation, inspection and verification solutions. At this time, the Spanish team is working on traceability projects for the governments of Turkey, Georgia, Albania, Morocco, Kenya, Tanzania, Uganda, Ecuador, Chile, the Dominican Republic and Malaysia.
In addition, in the new Madrid hub, a team of 24 people is in charge of providing corporate IT technical support to the entire Group worldwide: Service Desk, Collaborative Solutions, Linux, Windows, etc., with different profiles in DevOps, App Security, Digital Workspace and Fullstack Developers, among others.
At the Alcalá de Henares plant, what processes do you carry out?
It has been more than 50 years since we opened our first ink factory here, in Madrid, and later, in 2007, we continued with the opening of a manufacturing center that is the only one outside of Switzerland that has all the capabilities to manufacture the inks and banknote security products as we do in our high security ink factory in Chavornay, near Lausanne, especially for euro printing. Furthermore, the Madrid high security ink factory is a backup facility for the Swiss factory.
A company employee clicks on a fraudulent link in an email that he has received and has unintentionally downloaded a virus that can steal sensitive information. How can these cyberattacks be controlled?
Today, training employees in good practices is essential to avoid being cyber-attacked. The main security gaps are found in the oversights of the employees themselves, for example, when connecting a USB to a computer, when accessing a malicious website, when clicking a link in an email, etc. At SICPA we pay special attention to this issue and all new employees undergo a strict training plan in this regard, since the safety of our clients depends on our own safety. In addition, every year all employees pass a refresher course where we are shown the new techniques that ‘bad guys’ use to carry out their attacks. This year we have changed the format, making it much more enjoyable as if they were episodes of series such as Amazon or Netflix, which has had enormous acceptance among our employees.
Is there a way to effectively prevent someone from stealing your identity on Instagram or WhatsApp?
Indeed, today it is already possible to avoid these identity theft. Everything is based on the new digital identities in which SICPA has been working intensively for more than 3 years. We have developed a program in the US, under the umbrella of the Silicon Valley Innovation Program (SVIP), for the development of verifiable credentials for the famous US Green Card. We are now developing a similar program based on verifiable credentials for the future European digital identity under the European Self Sovereign Identity Framework Laboratory (eSSIF-Lab) program. With the use of this future digital identity shielded with next-generation Blockchain, even proof of quantum computing, it will be practically impossible to usurp our identity. What’s more, we can use that future decentralized digital identity to be able to forget all our access passwords to all websites. We will have a Single-Sign-On at the level of the future Internet of Value where, instead of interacting only with information, we will be able to safely exchange assets.
When the cyberattack has been achieved, what procedures must be followed so that the hacker does not erase confidential information of the company and the workers?
The really complicated thing about cyberattacks is detecting when we have the virus or worm in our installation in a dormant state, waiting to be activated. Hence, the vital importance of prevention and training of all personnel in cybersecurity issues at the level of users of the systems. Once the slightest symptoms of the possible attack are detected, it is best to quickly inform cybersecurity experts to initiate cyber defense procedures and escalate it to the relevant authorities, since these cyberattacks may be occurring in other parts of the geography or of the planet, and national and international early warning systems can help us to resolve them.
Is it easy to plagiarize a QR code? How do you get an “inviolable” code?
We have developed a unique technology that allows us to secure QR codes, protecting them with encryption algorithms and advanced image security technologies that shield them, being able to detect any attempt at falsification or manipulation. Furthermore, we are working on a new generation in which the storage capacity of these QRs will be higher than the current ones on the market, allowing even biometric sequencing with hash algorithms to be housed.
Do you recommend paying via mobile phone, with apps or with a digital credit card, or do we expose ourselves to possible data theft?
With the future decentralized digital identity, which we have discussed, we will be truly safe. At present, especially with the irruption in the market of quantum computers, of which some commercial prototypes are already appearing and which have a few dozen qubits, the current digital signatures and certificates and the current securitization of the current websites will be vulnerable, even https sites, as is already known, breaking all Internet security. For this reason, the career in telecommunications and quantum computing that has started worldwide, and the search for new secure decentralized digital identities to protect information. In the latter case, similar to those that SICPA has developed under the SVIP (US) and eSSIF-Lab (EU) programs.
For online payment for video game downloads, is the QR code the ultimate solution to prevent financial data theft?
The QR code is not enough if it is not shielded with technologies like the ones we have developed at SICPA. In addition, a second proof of identity will always be necessary using biometrics and algorithms that allow the detection of life, such as that of a living being in front of the camera and not a photo, and the detection of a possible identity theft, which is known in English as “liveness and spoof detection”, in addition to sending, for example, SMS codes as proof of verification. Obviously, the level of security of the information or the asset that we are protecting will determine the number and tolerance for failure that we allow the security measures that we want to implement in each case.