Passwords. They’re a necessary evil; remembering dozens of different passwords is one of the biggest hassles of the internet age.
While it’s easy to acknowledge the need to keep accounts and devices, passwords almost seem like more trouble than they’re worth sometimes. Well, there’s good news on that front: new technologies like biometrics promise to help ease the password problem.
Not only are they easier to use, but biometric security tools are remarkably more secure than traditional passwords. But still, “more secure” doesn’t mean “100% safe.”
Biometrics can still be spoofed. That’s why, in this post, we’re looking at how biometric spoofing works. We’ll see why it’s a problem, and explore some new technologies that promise even greater security.
Biometric spoofing occurs when bad actors attempt to defeat biometric authentication systems by providing fake biometric samples, like high-resolution images or silicone fingers. Biometric spoofing may also involve the use of AI-enabled technologies, such as voice cloning or deepfake tools.
Read MoreBiometric spoofing is a three-step process. Before creating a replica or conducting an attack, a fraudster gathers biometric data on victims through illegal and often covert means.
Once in possession of this biological information, the bad actor creates physical replicas of stolen biological traits. This may involve the use of deepfaked images, cloned voices, or contact lenses with printed iris patterns. The fraudster can now use these devices to defeat biometric identification systems and gain access to victims’ accounts.
Read MoreBiometric payments are becoming increasingly popular, with estimates suggesting that the industry could reach $90 billion by the end of the decade. As biometrics become more widely used, attempts to defeat these authentication systems will also increase.
Recent data is already showing a substantial rise in AI-enabled attacks, with deepfaked images, videos, and voices being the most widely-used tactics by fraudsters.
Read MoreBiometric spoofing is far from science fiction. From silicone fingerprints used to fool biometric authentication systems in border checks as early as 2012 to more recent voice cloning attacks that cost a British firm more than $240,000, spoofing attacks that target known vulnerabilities in biometric security systems are happening in the present-day — and they’re dealing billions of dollars in annual losses to innocent merchants and consumers alike.
Read MoreActive and liveness detection systems, when layered on top of biometric authentication infrastructure, can help businesses identify and block biometric spoofing attacks before they lead to chargebacks or return abuse.
Active liveness checks are typically the most accurate and secure, though they do add significant friction to the authentication process because they require active participation from the user. Passive liveness checks, which occur in the background, are a less invasive way merchants can secure their sites against biometric spoofing attacks.
Read MoreMerchants interested in adding biometric payments to their stores do not have to opt for expensive, standalone biometric kiosks. Simply accepting biometric payment cards or mobile wallets like Apple Pay or Samsung pay can already put sellers ahead of the curve.
Before launching biometric payments, merchants will also want to ensure that it addresses real customer needs, either in terms of convenience or fraud prevention. Following a structured roadmap for implementation can help sellers weigh the pros and cons of biometric payments in a methodical and intelligent manner.
Read More
Yes. At the moment, fingerprint spoofing is technically possible, but biometric technology continues to evolve, and new techniques – combining multiple biometric authenticators, for example – promise additional protections. For now, most fraudsters still gravitate to more easily hacked protocols, such as passwords.
Biometric spoofing is a term for illegally gaining access to user data by faking biometric identifiers (fingerprints, facial recognition, etc.).
In a manner of speaking, yes. Biometrics are among the best data protections available, but to date, no form of authentication has proven to be 100% secure. With the right tools and knowledge, hackers may still be able to access information by duplicating someone's biometric signature.
Leaked credit card or account data can be reported and fixed by changing numbers; stolen biometric data is trickier, since people can’t easily change their face or fingerprints. Admittedly, that feature makes it hard for fraudsters to use the information, but, if the metadata associated with the bio-data were also leaked, cyber thieves might be able to access accounts in that manner.
Biometrics can cover a wide range of methods. The two main categories are physiological biometrics and behavioral biometrics. The former is more common, and refers to unique physical characteristics, such as facial recognition, fingerprints or finger geometry, retina or iris scan, and finger/hand veins. A type of behavioral biometrics would be keystroke dynamics, which measures the time it takes to press each key, delays between keys, characters typed per minute, and so on.
