Blog article
See all stories ยป

An article relating to this blog post on Finextra:

UAE banks to roll out iris scanning

Banks in the United Arab Emirates are reportedly set to introduce iris scanning technology at the ATM, following a recent surge in cash machine fraud across the country.

See article

Important Announcement of Iris Scanning Security in the UAE

This kind of news actually make the Central Bank of UAE and authorities in the UAE truly 'seem' uninformed. Anyone in the payment security business (fraudsters as well) know that this will not solve the ATM fraud problem.

IRIS scanning is a costly solution as it is quite expensive to equip ATM machines with this capability. But what makes it a non-feasible solution is that (iris-scanning security) will only work if ALL of the ATM machines in the world will require authentication by scanning the IRIS.

What will iris scanning accomplish? How will it solve the ATM fraud?

So what if a UAE cardholder can authenticate himself when doing an ATM transaction with his Iris? How would he authenticate himself when he does an ATM transaction outside of the UAE? Answer : Back to pincode. Where are fraudsters using these cloned cards? Mostly outside of the country the cards were issued. So will IRIS scanning stop fraudsters from skimming cards? Answer is NO.



Comments: (4)

Dave Kershaw
Dave Kershaw - Ulster Bank - Belfast 05 December, 2008, 08:27Be the first to give this comment the thumbs up 0 likes

My guess is that it will be an opt-in service: "Do not authorise any withdrawals from my account unless accompanied by an iris scan verification".

So, it's up to the customer whether they want to make the extra step to protect themselves.

A Finextra member
A Finextra member 05 December, 2008, 12:56Be the first to give this comment the thumbs up 0 likes

The rate at which ATMs are exploding in Sydney lately would make me nervous about investing so much in something which might easily be vandalised.

I would also consider  - Can you trust a bank with your biometric data, and do you really need to?"

Will we see skimming of biometric data?

A Finextra member
A Finextra member 08 December, 2008, 12:27Be the first to give this comment the thumbs up 0 likes

Consumers aren't really given the choice.  But I also doubt the veracity of this story. Because, most security experts know that there are more economical ways of providing strong authentication that do not require changes in an ATM kiosk. It truly would be surprising if the CB of UAE isn't properly and adequately informed of what is truly feasible.

A Finextra member
A Finextra member 16 December, 2008, 04:33Be the first to give this comment the thumbs up 0 likes

You are right.  It is a very expensive method of dual factor authentication.  They can as well go for SMS PIN or Tokens.  Still, this can only prevent them within UAE.  Customers can request their banks to disable withdrawals outside UAE and enable for a short period during travel.

Blog group founder

Member since




More from member

This post is from a series of posts in the group:

Transaction Fraud Systems and Analysis

A community for discussion of Transaction Fraud systems and anlaytical techniques for bank card and financial services organisations.

See all

Now hiring