I came across this article today that discussed how banks are aggressively moving towards bio-metric authentication methods while cyber criminals are already coming up and testing ways to defeat these. For the last few years banks have been trying to find another authentication method to protect their pin authenticated ATMs from skimmers. The banks have started to install fingerprint, facial, and palm nerve scanners on ATMs to provide an additional layer of security. Criminals are already implementing ways to fool these scanners. It can be very concerning if your bio-metric security is compromised since you cannot just change it like a password.
It’s a perfect example of how difficult it is to stay ahead of the cyber crime. Bio-metrics technology has been around for quite some time but is just beginning to be rolled out for this use and we already have to determine what’s next from here.
As you’ve state, the article does bring up a very important point about biometrics data. Although biometrics is considered the most secure way to authenticate and individual, it also has it weaknesses. Unlike other authentications methods like username, passwords, and physical tokens, biometrics identity cannot be replaced, Although the banks are trying to use the most secure method of authentication the really must evaluate the risks of the loss of customer’s biometric data. They can’t simply ask a person to change the password, send them a new token, or give them a 2 year credit monitoring the service. A person’s biometric cannot be simply changed or replaced.
It’s alarming to know that even biometric authentication which is supposed to be the most secure means of authentication has its vulnerabilities. The theft of biometric information supports the assertion that nothing is ever completely secure. Even these expensive, cutting-edge biometric systems aren’t completely secure. I think it will be interesting to see what kind of innovations come out of the evolution of authentication methods.
Marcus,
I used to think biometric authentication could be a better way to help people secure their asset. After I read this new, I changed my mind because the point that once criminals obtained your biometric information, you can not even change it as passwords. If the data was breached, what can we do to protect ourselves?