Fraud and Identity Battle Moves to the Biometrics Stage
July 14, 2017
As mobile devices become more complex and their capabilities continue to evolve, users are led to believe better security measures are part of that evolution, including the use of biometrics for access and authorization, with the understanding that fingerprints and retina scans are harder to hack than passwords. Here’s the problem: that is only as accurate as security profiles of the access networks and data centers where scan details are stored and, of course, the ability of users to follow prescribed security standards and protocols.
As users of Avanti – a self-service food and beverage kiosk vendor – discovered, a breach of Avanti’s networks resulted in customers’ personal information and account details becoming accessible to hackers thanks to a sophisticated piece of malware pushed to the vending machines. While breaches like this have become common, the alarming element to this particular breach is it also gave access to users’ biometric data, which on its own may not be particularly useful, but when paired with mobile device details and credit card accounts, could give criminals access to any accounts that have been secured biometrically.
“Having physical biometrics stolen could have a serious impact on Avanti customers as credit cards, passwords and other information can be changed, but fingerprints cannot,” said Lisa Baergen, Marketing Director, NuData Security, A MasterCard (News - Alert) Company. “Now that this information is in the hands of fraudsters and likely for resale on the dark web, it will be too easy to breach and take over more accounts, create synthetic identities and more.
She reasons that the Avanti breach mandates a new approach to identity verification and fraud protection in a digital economy, suggesting techniques like passive biometrics and behavioral analytics would help combat the advanced methods used by cybercriminals today.
“Using a multi-layered approach of integrating device intelligence, active and passive biometric analysis and behavioral analytics is the key to truly understanding the user behind the device,” she explains. “It will effectively devalue the stolen identity data to any other person or entity.”
Because biometric data is becoming a very common form of identity verification, now that both Apple and Samsung (News - Alert) are featuring fingerprint scanners, one can expect an increase in attacks targeting sources of biometric data. These attacks could target the mobile users themselves, or they could go after the data through other sources that could just as easily compromise users and give access to their mobile devices and accounts.
Regardless, this is merely the next phase in an endless crusade pitting identity and security against fraud and malicious actors. It also serves as a reminder that no single part of the ecosystem is responsible for security – everyone is, from the user to the application developer to the data center provider to the network operator.
Edited by Alicia Young
Article comments powered by