24 March 2018
visit www.nextgenbanking.co.uk

New ATM skimmers steal fingerprints

28 September 2016  |  9802 views  |  1 digital fingerprints

As banks increasingly turn to biometrics to secure ATM transactions, Kaspersky Lab is warning that crooks are already selling skimming devices that they claim can steal fingerprints.

Old-school skimmers which stole mag-stripe data have made way in recent years to so-called 'shimmers' that can glean enough information from EMV chips for online relay attacks.

In response, some banks are turning to biometric authentication but Kaspersky Lab says that this could simply play into criminals' hands, offering them a new opportunity to steal sensitive information.

The security outfit has found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Several other underground crooks are already researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was spotted in 'pre-sale testing' last September but developers discovered several bugs, with the main problem being the use of GSM modules for biometric data transfer - they were too slow to transfer the large volume of data obtained.

Kaspersky warns that new versions of skimmers will use different, faster data transfer technologies.

And thieves are also discussing how to fool facial recognition biometrics, looking into the development of mobile applications based on placing masks over human faces and imposing photos taken from social media.

Olga Kochetova, security expert, Kaspersky Lab, says: "The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.

"Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

Comments: (1)

Edward Leong
Edward Leong - DistruptiveHut - Singapore | 03 October, 2016, 02:26

The medical devices and data could be used for the biometric skimmer. I believe is time to secure the medical device 's data and processes. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

15 August 2016  |  12921 views  |  0 comments | 19 tweets | 15 linkedin
Taiwan bank trials face-recognition ATM

Taiwan bank trials face-recognition ATM

10 August 2015  |  13616 views  |  0 comments | 29 tweets | 22 linkedin

Related blogs

Create a blog about this story (membership required)
Register your place todayVisit www.vasco.comVisit http://info.nice.com

Top topics

Most viewed Most shared
hands typing furiouslyBitcoin at 50,000 USD?
14858 views 0 | 8 tweets | 5 linkedin
BBVA tests 'invisible payments' technology at inhouse cafeBBVA tests 'invisible payments' technology...
12347 views comments | 16 tweets | 35 linkedin
RBS hatches plan to create digital challenger bankRBS hatches plan to create digital challen...
11979 views comments | 12 tweets | 23 linkedin
Barclays partners seven watch brands for contactless timepiecesBarclays partners seven watch brands for c...
10791 views comments | 14 tweets | 32 linkedin
Germany's N26 readies for US launch with EUR110 million capital injection led by Allianz and TenCentGermany's N26 readies for US launch with E...
8861 views comments | 15 tweets | 11 linkedin

Featured job

Find your next job