22 September 2017
visit www.avoka.com

New ATM skimmers steal fingerprints

28 September 2016  |  9330 views  |  1 digital fingerprints

As banks increasingly turn to biometrics to secure ATM transactions, Kaspersky Lab is warning that crooks are already selling skimming devices that they claim can steal fingerprints.

Old-school skimmers which stole mag-stripe data have made way in recent years to so-called 'shimmers' that can glean enough information from EMV chips for online relay attacks.

In response, some banks are turning to biometric authentication but Kaspersky Lab says that this could simply play into criminals' hands, offering them a new opportunity to steal sensitive information.

The security outfit has found at least 12 sellers offering skimmers capable of stealing victims’ fingerprints. Several other underground crooks are already researching devices that could illegally obtain data from palm vein and iris recognition systems.

The first wave of biometric skimmers was spotted in 'pre-sale testing' last September but developers discovered several bugs, with the main problem being the use of GSM modules for biometric data transfer - they were too slow to transfer the large volume of data obtained.

Kaspersky warns that new versions of skimmers will use different, faster data transfer technologies.

And thieves are also discussing how to fool facial recognition biometrics, looking into the development of mobile applications based on placing masks over human faces and imposing photos taken from social media.

Olga Kochetova, security expert, Kaspersky Lab, says: "The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.

"Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

Comments: (1)

Edward Leong
Edward Leong - DistruptiveHut - Singapore | 03 October, 2016, 02:26

The medical devices and data could be used for the biometric skimmer. I believe is time to secure the medical device 's data and processes. 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

Standard Chartered commits to a biometric future; Qatari bank reads finger veins at ATMs

15 August 2016  |  12150 views  |  0 comments | 19 tweets | 15 linkedin
Taiwan bank trials face-recognition ATM

Taiwan bank trials face-recognition ATM

10 August 2015  |  13079 views  |  0 comments | 29 tweets | 22 linkedin

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.temenos.comvisit www.capgemini.com

Top topics

Most viewed Most shared
HSBC switches on selfie payments in ChinaHSBC switches on selfie payments in China
12473 views comments | 26 tweets | 42 linkedin
Equifax hack: Visa and Mastercard flag 200k compromised credit cardsEquifax hack: Visa and Mastercard flag 200...
10949 views comments | 6 tweets | 17 linkedin
Dutch bank sentences teenage DDoS culprit to community serviceDutch bank sentences teenage DDoS culprit...
9525 views comments | 6 tweets | 3 linkedin
Apple P2P payments service nears launchApple P2P payments service nears launch
8150 views comments | 18 tweets | 26 linkedin
UAE banks pool cyber security dataUAE banks pool cyber security data
8112 views comments | 5 tweets | 4 linkedin

Featured job

London, UK (or flexible)

Find your next job