It is common knowledge that skimmers and similar devices gather the data on your bank card when swiped through the machine, or even just placed near it. To combat this, a number of changes to bank security have been made, including the introduction of chipped cards, while these are harder to clone, it is not impossible. And it seems biometrics are no better.
A recent Kaspersky Lab report found that at least 12 sellers in the cybercrime world are already offering skimmers capable of stealing victims’ fingerprints.
“While many financial organisations consider biometric-based solutions to be one of the most promising additions to current authentication methods, if not a complete replacement for them, cybercriminals see biometrics as a new opportunity to steal sensitive information,” revealed Kaspersky Lab.
The technology
A Kaspersky Lab investigation discovered that there are at least three underground sellers who are already researching devices that could illegally obtain data for palm vein and iris recognition systems.
In September 2015, the first wave of biometric skimmers appeared in ‘presale testing’. However, evidence suggested that there were several bugs in the early designs, among them the slow transfer of the large volume of data obtained. Kaspersky Lab highlighted that due to this, new versions of these devices will use data transfer technologies.
Furthermore, there are indications of ongoing discussions in underground communities relating to the development of mobile applications based on placing masks over a human face, according to Kaspersky Lab. “With such an app, attackers can take a person’s photo posted on social media and use it to fool a facial recognition system.”
Olga Kochetova, security expert at Kaspersky Lab, highlighted: “The problem with biometrics is that, unlike passwords or pin codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus if your data is compromised once, it won’t be safe to use that authentication method again. That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports – called e-passports - and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”
Other threats to ATMs
Kaspersky Lab has noted that compromising biometric data is not the only potential cyber-threat facing ATMs. According to them, hackers will continue to conduct malware-based attacks, as well as blackbox and network attacks to capture data that can later be used to steal money from banks and their customers.
Handy tip: You can compare banking products on Justmoney by clicking here.