Cybercriminals looking to exploit biometrics

Cybercriminals are becoming more and more innovative in order to exploit ATM authentication technologies planned by banks, according to a new investigation.

While many financial organisations consider biometric-based solutions to be one of the most promising additions to current authentication methods, if not a complete replacement for them, cybercriminals see biometrics as a new opportunity to steal sensitive information.

Experts at internet security firm Kaspersky Lab have been investigating underground cybercrime and have found that there are already at least twelve sellers offering skimmers capable of stealing victims’ fingerprints, and at least three underground sellers already researching devices that could illegally obtain data from palm vein and iris recognition systems.

Olga Kochetova, security expert at Kaspersky Lab, said: “The problem with biometrics is that, unlike passwords or PIN codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus if your data is compromised once, it won’t be safe to use that authentication method again.

“That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”

The use of tools capable of compromising biometric data is not the only potential cyberthreat facing ATMs. Hackers continue to conduct malware-based attacks, blackbox attacks and network attacks to seize data that can later be used to steal money from banks and its customers.

    Share Story:

Recent Stories


Sanctions evasion in an era of conflict: Optimising KYC and monitoring to tackle crime
The ongoing war in Ukraine and resulting sanctions on Russia, and the continuing geopolitical tensions have resulted in an unprecedented increase in parties added to sanctions lists.

Achieving operational resilience in the financial sector: Navigating DORA with confidence
Operational resilience has become crucial for financial institutions navigating today's digital landscape riddled with cyber risks and challenges. The EU's Digital Operational Resilience Act (DORA) provides a harmonised framework to address these complexities, but there are key factors that financial institutions must ensure they consider.

Legacy isn’t the enemy: what FSIs can do to keep their systems up and running
In this webinar we will examine some of the steps FSIs have already taken to rigorously monitor and test systems – both manually and with AI-powered automation – while satisfying the concerns of regulators and customers.

Optimising digital banking: Unifying communications for seamless CX
In the digital age, financial institutions risk falling behind their rivals if they fail to unite fragmented communications ecosystems to deliver seamless, personalised customer experiences.

This FStech webinar sponsored by Precisely explores vital strategies to optimise cross-channel messaging through omnichannel orchestration and real-time customer data access.