Articles
Life Hack: What Happens When Biometrics Are Compromised?
- By Andrew Deichler
- Published: 4/18/2018
LAS VEGAS – Treasury and finance professionals worry about customer data being stolen by criminals. But what would happen if customers’ biometric data, such as DNA, used to access their accounts was compromised?
Corporates and governments alike have shown interest in biometric authentication recently, due to the enhanced level of security that it offers. Jerome Ajdenbaum, VP, Business Development, IDEMIA, said he expects to see a worldwide rollout of biometrics. “It’s very cultural, so we won’t see the same thing,” he said. “There won’t be the same pressure to adopt it in each country. We’re already seeing it in the U.S., with driver’s licenses being connected.”
A biometric template of a customer is essentially a bunch of computer code that could potentially be altered or sold. For example, India now has 1.3 billion biometric identities that are potentially vulnerable to hackers.
Tom DeWinter, manager of business development for Iris ID Systems Inc., noted that the UIDAI program was started because there were so many people in India that didn’t have any identification. “So right now, the biometrics are stored and they could be compromised. But they each received an ID number—a real number that you could write out and give to somebody, like a social security number that’s based on the biometrics stored,” he said. “So the fact that the biometrics could get compromised is an important issue.”
He added that this may be where technology like blockchain could really help to secure that biometric data. “If the basis of it is compromised, then we can add another layer,” he said. “So I think that’s part of the answer.”
Hacking biometrics may be a long way off, but it raises serious questions about how corporates should address security. For example, what would happen if Apple’s Touch ID technology on iPhones and iPads was compromised? What if hackers steal the data on a user’s right thumbprint? Does that mean the user then can’t use their right thumbprint anywhere else?
DeWinter noted that biometric data like a thumbprint only works on one particular device. So if your fingerprint data at Apple was compromised, it may only be compromised for use on Apple devices. “But you’re probably more worried about when the FBI and the CIA were hacked a few years ago,” he said. “The FBI database has expanded face and fingerprint data that was compromised. But they have countermeasures in place—second and third level steps. So, for example, a person presenting an image at an airport terminal or an NIH lab is going to be date and timestamped. So that creates a challenge to the person presenting a live token or a biometric. I don’t know all the answers but I think we’re trying to move that part forward.”
For more on digital identity, don’t miss the Tuesday Keynote speech at next month’s BreakThrough Treasury and Finance forum. Eric Rosenbach, former Pentagon Chief of Staff, will discuss how digital identity and other fintech will disrupt financial services. Learn more here.
Copyright © 2024 Association for Financial Professionals, Inc.
All rights reserved.