Featured Savings Rates

Popular Posts

Featured Accounts

Biometrics the Batman to Stem Cyber Crime?


Biometrics the Batman to Stem Cyber Crime?

Financial institutions increasingly are turning to technological weapons to battle cyber criminals. Biometrics, (such as fingerprinting, facial recognition, iris scanners, and palm veins) is being used in order to protect your valuable information.

"Banks are looking to replace passwords with biometrics, because passwords are dead. Passwords are not secure. They can be easily stolen or borrowed. With a password, the bank doesn’t really know if the person who is using it is the authorized user. This is why over the next couple of years, all banks will replace passwords with biometrics," predicts Hector Hoyos, CEO of Hoyos Labs. "There are already early signs. Various financial institutions are using Touch ID to enable their mobile apps. This is the first wave to bring biometrics mainstream."

Cyber attacks on major organizations are occurring frequently and make headlines seemingly weekly. "Armed with stolen data from these attacks, cyber criminals are dialing into financial institutions attempting to answer your challenge questions and extract your earnings," says Gary Davis, chief consumer security evangelist at Intel. He says major banks, including JPMorgan Chase and Wells Fargo are employing recorded voice messages to help protect people from scammers. "They are arming themselves with a biometric weapon – your voice. Voiceprinting, is aimed at detecting the bad guys (rather than confirming you are actually who you say you are)," he explains. How have banks obtained these voice samples? "It goes a little something like this: ‘This call may be monitored and recorded.’"

Davis reports that this technology has been effective at countering con artists. In fact, when combined with other fraud detection methods, banks have seen a 90% decrease in the number of calls made by fraudsters. "Voice biometric ‘blacklists’ may just be the way of the future," he says.

The challenge biometrics present

Biometrics, like fingerprint scanning, has the best chance to succeed for a few reasons, says Bill Carey, vice president of marketing for RoboForm, a password manager. "It’s already readily available on many computers and mobile devices. It’s fairly easy to use, and because people have heard and seen it before, they are likely to be more comfortable with it," says Carey.

Trouble is, biometric systems are expensive. "Fingerprint and retina scanning login technology has been around for many years, but there’s a reason it has failed to make significant inroads into everyday login processes – it’s expensive to incorporate biometrics into laptops, desktops and mobile devices," says Carey.

Another challenge is that it is not easy to revoke or change biometric login credentials. In business settings, as well as at home, it’s not unusual for several people to use the same device or for devices to change hands as users replace tablets and laptops. It’s simple enough to make a change for password-protected devices, but biometrics make it complicated, adds Carey.

Then too, biometrics can change. Fingerprints and retinas can be affected by fairly common injuries and medical conditions, which can cause access issues. "People don’t want to be locked out of their devices due to a minor cut on a fingertip," says Carey.

There’s much debate about whether biometrics is safer than passwords?

There are other concerns. "It is possible to acquire an image of the biometric trait of a user and then build a ‘fake’ or ‘spoof’ of that biometric trait. This can be presented to the reader and now an imposter can access the sources," warns Anil Jain, a professor in the Department of Computer Science at Michigan State University.

"What if you are a customer at a bank but the biometric enabled ATM machine or payment system does not recognize you (false reject)? What recourse do you have?" he asks.

There’s much debate about whether biometrics is safer than passwords?

"Passwords are something that you know and something that you have. Biometrics is something that you are. They can’t be stolen as easily as a password. Studies have found that one in five people use the same password for everything they access," points out Hoyos.

The onus, says Todd Inskeep, advisory board member for the RSA Conference, the big event for the info security industry, says that consumers and banks have to remember there’s a time and place for biometrics, and a time and place for passwords and other authentication mechanisms. Fingerprints in particular can be captured and duplicated as demonstrated on MythBusters a couple of years ago, he says. Using biometrics at a distance is often a bad idea, and better used for identification and authentication, he says. "The security community has always talked about gaining strong identity and authentication by using a combination of something you know, something you have, and something you are. That’s why combinations like PINS with credit cards have become popular," says Inskeep.

Finally, says Gasan Awad, vice president, Identity and Fraud Product Management at Equifax, "There is a movement towards biometrics, but they, alone, are not the ‘silver bullet’ to the authentication issues we face. Biometrics is a promising and already adopted form of authentication which, with improved false positives and technology will continue to be a viable vector to assist in authenticating consumers in a convenient and secure manner."

Related Posts

Comments
Anonymous
Anonymous   |     |   Comment #1
A fingerprint is not a replacement for a password.  It's a replacement for a username.
Anonymous
Anonymous   |     |   Comment #3
How so? Everyone has a unique finger print and finger print readers take a living finger to use (a thief couldn't cut off your finger and use it). While they aren't perfect, they are a lot better than a password that can easily be hacked or forgotten. Fingerprint readers are already becoming standard on higher-end phones, and are starting to come to laptops. 
Anonymous
Anonymous   |     |   Comment #4
Fingerprint readers CAN be fooled, and you leave your fingerprints everywhere.  Passwords can be changed if stolen, fingerprints cant.
Anonymous
Anonymous   |     |   Comment #5
Sure, but it is not a simple process that your everyday thief is going to be able to do quickly enough before I can brick my phone and put stops on accounts.
Anonymous
Anonymous   |     |   Comment #6
How would you know that your finger prints are stolen?
How would you know that your iris picture is stolen?
Bio-metrics is more dangerous than passwords and pins. Just try calling you bank and tell them your finger prints have been appropriated by someone else and see what happens with your accounts, the bank will close them all and ban you from ever opening new accounts.
DCGuy
DCGuy (anonymous)   |     |   Comment #10
I saw a movie recently where a secured facility used retinal scans for access to secured areas.  The secret agent went into the facility and subdued someone inside the building.  He then peeled open the eye of the knocked out individual and placed his head against the retinal scanner and got inside the top secret room.
cumulus
cumulus   |     |   Comment #2
Good article, thank you. Unfortunately, every new technology brings with it (often unforeseen) new problems.
Anonymous
Anonymous   |     |   Comment #7
Biometrics, batman or mark of the beast.
Anonymous
Anonymous   |     |   Comment #9
I think it is a conspiracy by NSA to finger print all of us and to include even the DNA into our government control d-base, that way you can not hide if you are honest, but the criminals will never give their bio-metrics and use our or impersonate any one of us. Good for NSA and the bad guys, bad for the honest people.
robertjohnsonn
robertjohnsonn   |     |   Comment #11
I feel biometrics is quite effective way to prevent cyber crime but we can't replace passwords with the biometrics. We have to make our system more strong with additional passwords along with daily updation of passwords and make web more secure. The need of the hour is to create awareness among the people about the various techniques they must know in order to protect themselves from cyber crime.