Biometric data breaches could kick off a global banking crisis, Industry expert warns 

By Puja Sharma

• A successful and large-scale attack to expose a bank’s customer biometric data could kick off the next financial crisis, according to cybersecurity veteran Michael Marcotte.
• Banks currently hold biometric data in centralised systems, making it highly vulnerable and attractive to hackers – and Marcotte believes a successful attack could result in group litigation on a large enough scale to destabilise a leading bank and the surrounding financial system.
• He is urging banks to decentralise the storage of customers’ biometric data – pushing it onto customers’ devices and local clouds to remove this target on their backs.

Michael Marcotte, the founder, chairman, and CEO of the enterprise-grade digital authentication firm artius.iD, was warned that a successful biometric data breach at a leading bank could put the world on the brink of the next global financial crisis.

The intervention follows recent comments by the CEO of HSBC UK, Ian Stuart, who last month told UK policymakers the bank is “being attacked all the time” by online criminals, leading to cybersecurity becoming the bank’s biggest expense, amounting to hundreds of millions of pounds. This highlights the imminent danger banks are currently facing and the necessity for urgent action.

However, Marcotte, who co-founded the US National Cybersecurity Centre and Chaired its Rapid Response Centre, believes the risk posed by banks’ biometric data is being overlooked. Banks are currently storing this data in a centralised way, providing a single avenue through which hackers can expose vast volumes of highly sensitive data.

He argued that a large-scale breach of this data could lead to group litigation from customers on a scale large enough to destabilise a bank and the wider financial ecosystem – and urged banks to decentralise this data by pushing it onto customers’ devices.

Michael Marcotte is, founder, chairman, and CEO of artius.iD, said: “Banks are spending hundreds of millions to bolster their cyber defences – everything from zero trust architecture to AI-driven threat detection, and even quantum-resistant cryptography. But sometimes it’s far better, and vastly cheaper, to remove the need for protection in the first place.

“The reams of biometric data banks that are being stored right now on centralised systems is a big red bullseye for hackers. It offers a single vector through which one successful attack could deal catastrophic damage. This is the biggest cyber threat banks face today – and yet bank executives and their regulators are largely blind to it.

“The operational and reputational costs to a bank of a large-scale biometric data hack would be enormous – but this would be nothing compared to the cost of the group litigation they could be hit with by the customers whose fingerprints and facial and vocal data are breached. If this were to happen at a JPMorgan or an HSBC, it would bring them to their knees, and the fallout for our entire global banking system could be apocalyptic.

“And yet the solution is simple. All that’s needed to de-risk this data is to decentralise its storage, pushing it onto customers’ own devices where it belongs. The technology is available to do this, and we need to see the banking industry catch up, and stop putting our biometric data and our financial security at risk.”