28 May 2018
Visit www.fingerprints.com

New ATM skimmers steal fingerprints

28 September 2016  |  9952 views  |  1 digital fingerprints

As banks increasingly turn to biometrics to secure ATM transactions, Kaspersky Lab is warning that crooks are already selling skimming devices that they claim can steal fingerprints.

Old-school skimmers which stole mag-stripe data have made way in recent years to so-called 'shimmers' that can glean enough information from EMV chips for online relay attacks.

In response, some banks are turning to biometric authentication but Kaspersky Lab says that this could simply play into criminals' hands, offering them a new opportunity to steal sensitive information.

The security outfit has found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Several other underground crooks are already researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was spotted in 'pre-sale testing' last September but developers discovered several bugs, with the main problem being the use of GSM modules for biometric data transfer - they were too slow to transfer the large volume of data obtained.

Kaspersky warns that new versions of skimmers will use different, faster data transfer technologies.

And thieves are also discussing how to fool facial recognition biometrics, looking into the development of mobile applications based on placing masks over human faces and imposing photos taken from social media.

Olga Kochetova, security expert, Kaspersky Lab, says: "The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.

"Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

Comments: (1)

Edward Leong
Edward Leong - DistruptiveHut - Singapore 03 October, 2016, 02:26

The medical devices and data could be used for the biometric skimmer. I believe is time to secure the medical device 's data and processes. 

Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

15 August 2016  |  13159 views  |  0 comments | 19 tweets | 15 linkedin
Taiwan bank trials face-recognition ATM

Taiwan bank trials face-recognition ATM

10 August 2015  |  13792 views  |  0 comments | 29 tweets | 22 linkedin

Related blogs

Create a blog about this story (membership required)
Visit response.ncr.comVisit iliad-solutions.com/

Who is commenting?

Top topics

Most viewed Most shared
satelliteAnt Financial provides tech for China Ever...
37075 views comments | 3 tweets | 2 linkedin
Digital banking transformation creating new systemic risksDigital banking transformation creating ne...
9352 views comments | 18 tweets | 26 linkedin
ING opens developer portalING opens developer portal
7953 views comments | 18 tweets | 23 linkedin
MUFG to roll out blockchain payment network next yearMUFG to roll out blockchain payment networ...
7940 views comments | 13 tweets | 13 linkedin
PayPal and Google bind payment railsPayPal and Google bind payment rails
7613 views comments | 11 tweets | 17 linkedin

Featured job

Find your next job