18 December 2017
visit www.aciworldwide.com

Bank regulators urged to address security of biometric data

30 September 2016  |  12129 views  |  2 digital fingerprints

Andrew Tryie, the chair of the UK government's influential Treasury Select Committee has called on banking industry regulators to develop action plans and policies to protect consumer interests in light of the increasing use of biometric technology to access accounts.

In letters to the Prudential Regulators Authority and the Financial Conduct Authority on the resilience and security of bank IT systems, Tyrie raises concerns about the growing trend for biometric access to customer accounts.

The letter says that the Committee has heard evidence that biometric data can be "relatively easily obtained by fraudsters".

Noting that compromised biometric data cannot be changed by the customer, Tyrie writes: "Banks and regulators will need to plan for what they will do if biometric details are lost and/or illegally obtained by third parties. They will also need to consider how affected customers will be compensated; they may be unable to persuade their banks to release all the technical details needed to pursue their claim in court. Are you concerned about this? if so, what is being done?"

The letter comes to light just days after Kaspersky Lab said it had uncovered evidence that members of the criminal undergound are offering to sell ATM skimming devices capable of stealing victims’ fingerprints. Several other underground crooks are also researching devices that could illegally obtain data from palm vein and iris recognition systems, says the firm.

Thieves are also discussing how to fool facial recognition biometrics, looking into the development of mobile applications based on placing masks over human faces and imposing photos taken from social media.

Olga Kochetova, security expert, Kaspersky Lab, says: "The problem with biometrics is that unlike passwords or pin codes, which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image.

"Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way."

In September last year, the US Office of Personnel Management warned that hackers who breached its systems over the summer made off with the fingerprint records of 5.6 million individuals, raising questions over the security of biometrically-protected identities.
KeywordsBIOMETRICS

Comments: (2)

A Finextra member
A Finextra member | 30 September, 2016, 14:44

You can change your finger-print a few times - nine times in most cases.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 30 September, 2016, 17:59

For a frictionless login process, many fingerprint scanners encourage enrolment of *all* fingers at one time e.g. iPhone, Lenovo ThinkPad laptop. And many users, including me, accept the suggestion to do so in order that we can swipe any finger without having to remember which finger we enrolled on which reader. If fingerprint creds are stolen - creepiness alert! - another hand is the only choice for many people.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

New ATM skimmers steal fingerprints

New ATM skimmers steal fingerprints

28 September 2016  |  9489 views  |  1 comments | 19 tweets | 25 linkedin
Brits trust banks more than government on biometrics

Brits trust banks more than government on biometrics

19 September 2016  |  9653 views  |  0 comments | 25 tweets | 18 linkedin
Biometric security alarm raised as hackers steal 5.6 million fingerprints

Biometric security alarm raised as hackers steal 5.6 million fingerprints

24 September 2015  |  11095 views  |  3 comments | 29 tweets | 39 linkedin
One in four would share DNA with their bank to secure personal information

One in four would share DNA with their bank to secure personal information

16 June 2015  |  8363 views  |  0 comments | 20 tweets | 15 linkedin
Brits back biometrics for banking authentication

Brits back biometrics for banking authentication

29 July 2014  |  14114 views  |  8 comments | 26 tweets | 14 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.atos.netvisit www.response.ncr.comvisit www.aciworldwide.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
11359 views comments | 3 tweets | 4 linkedin
Banks tap Ethereum smart contracts for MiFID II complianceBanks tap Ethereum smart contracts for MiF...
10551 views comments | 21 tweets | 26 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
7849 views comments | 19 tweets | 22 linkedin
Digital banking startup Loot secures £2.2 million seed roundDigital banking startup Loot secures £...
7710 views comments | 5 tweets | 11 linkedin
Nordea takes Open APIs into live productionNordea takes Open APIs into live productio...
7525 views comments | 6 tweets | 26 linkedin

Featured job

Competitive
New York, NY - USA (some flexibility on location)

Find your next job