22 November 2017
visit www.aciworldwide.com

New ATM skimmers steal fingerprints

28 September 2016  |  9456 views  |  1 digital fingerprints

As banks increasingly turn to biometrics to secure ATM transactions, Kaspersky Lab is warning that crooks are already selling skimming devices that they claim can steal fingerprints.

Old-school skimmers which stole mag-stripe data have made way in recent years to so-called 'shimmers' that can glean enough information from EMV chips for online relay attacks.

In response, some banks are turning to biometric authentication but Kaspersky Lab says that this could simply play into criminals' hands, offering them a new opportunity to steal sensitive information.

The security outfit has found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Several other underground crooks are already researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was spotted in 'pre-sale testing' last September but developers discovered several bugs, with the main problem being the use of GSM modules for biometric data transfer - they were too slow to transfer the large volume of data obtained.

Kaspersky warns that new versions of skimmers will use different, faster data transfer technologies.

And thieves are also discussing how to fool facial recognition biometrics, looking into the development of mobile applications based on placing masks over human faces and imposing photos taken from social media.

Olga Kochetova, security expert, Kaspersky Lab, says: "The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.

"Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

Comments: (1)

Edward Leong
Edward Leong - DistruptiveHut - Singapore | 03 October, 2016, 02:26

The medical devices and data could be used for the biometric skimmer. I believe is time to secure the medical device 's data and processes. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

15 August 2016  |  12361 views  |  0 comments | 19 tweets | 15 linkedin
Taiwan bank trials face-recognition ATM

Taiwan bank trials face-recognition ATM

10 August 2015  |  13241 views  |  0 comments | 29 tweets | 22 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.capgemini.comvisit www.response.ncr.comvisit https://www.niceactimize.com

Top topics

Most viewed Most shared
Ripple boss predicts central bank adoption of blockchainRipple boss predicts central bank adoption...
19979 views comments | 31 tweets | 33 linkedin
AmEx partners Ripple and Santander for blockchain-enabled cross-border paymentsAmEx partners Ripple and Santander for blo...
11970 views comments | 15 tweets | 42 linkedin
UK cryptocurrency exchange startup launches debit card for spending bitcoinUK cryptocurrency exchange startup launche...
9698 views comments | 26 tweets | 38 linkedin
Barclays warns of unprecedented online fraud this ChristmasBarclays warns of unprecedented online fra...
9517 views comments | 16 tweets | 33 linkedin
ING brings data privacy to blockchain transactionsING brings data privacy to blockchain tran...
7043 views comments | 22 tweets | 35 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job