Criminals can already crack biometric ATMs

Cybercrimnals have claimed that newly-introduced biometric-based ATMs are just as easy to crack open as their older counterparts. Research from Kaspersky Labs has shown that there are at least 12 underground sellers offering skimmers capable of stealing a victim’s fingerprints, while a further three are actively researching how to capture palm vein and iris recognition software.

New security technology is seen by the bad guys as a big opportunity to steal sensitive information, especially when banks might lock more of it away behind biometrics, believing the system to be more secure. Physical skimmers have become more common at ATMs, causing banks to look at other options, inadvertently playing right into the hands of criminals with-ready made biometric fraud software.

There is a huge danger in the compromising of biometric data – a customer can change their PIN if it gets skimmed, but they can’t change their fingerprints or irises. Once their data has been taken it can be used continuously by the hackers and the method of authentication is never again safe for the customer to use.

“The problem with biometrics is that, unlike passwords or pin codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image,” says Olga Kochetova, a security expert at Kaspersky. “Thus, if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way.”

She adds: “Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data.”

[do_widget id=text-34]

Related Posts