In view of the rising incidents of cyber attacks, many businesses are using biometrics-based authentication systems to authenticate users before allowing them access to a network or device. The common biometric parameters used for authentication purposes include fingerprints, retina, voice, facial features, and veins.
Theft of biometric data poses a grave threat
Businesses collect and store their customers’ biometric data to facilitate seamless transactions in the future. However, biometric data is like any other personally identifiable information of a customer, used to verify the identity of a user. Therefore, like any other form of data stored with organizations, stored biometric data of the consumers is equally vulnerable to theft and subsequent misuse.
Biometric data can enable cyber criminals to easily spoof identities and fuel many other crimes. It is certainly safe to say that the theft of biometric data poses a much serious danger to the consumers, as it does not afford them a chance to change the credentials for future use. While it is possible to get a new credit card issued or change the password of a compromised bank account, it is not possible to change biometric parameters.
Stolen biometric data opens the doors to many crimes
Aware of the greater vulnerability of biometric data and the legacy data protection mechanisms currently in use, cyber criminals have already succeeded in stealing biometric data of millions of consumers, putting their digital identities in jeopardy.
They can exploit this data to make money and hold organizations—especially in the healthcare sector—to ransom. They can make multiple copies of the stolen biometric data and use them to fool authentication systems and gain unauthorized access to multiple user accounts. For instance, using a silicone finger that carries a consumer’s stolen fingerprint, they can break-in to devices and restricted areas. Even vein-based authentication—which is difficult to emulate and was considered pretty safe—has been demonstrated to be vulnerable.
Matters become worse with easy availability of commoditized tools that enable even relatively inexperienced cyber criminals to manipulate biometric data and exploit the authentication systems to launch such complex attacks. When it comes to businesses, they are woefully lacking in their preparedness to identify crooks from genuine users. As a result, the biometric data of consumers is at a greater risk and the business of cyber crime is thriving.
Use behavioral biometrics with other authentication methods
Instead of storing biometric data, businesses may consider using behavioral biometrics, also called passive biometrics to monitor the subtle behavior of users during their digital interactions. These include how the user holds a device, how she types, the strength of a keystroke, movement of the mouse, time spent on a webpage, and so on.
These behavioral patterns are unique to each user and are difficult—although not entirely impossible—to mimic. Since behavioral biometrics facilitates monitoring user behavior passively, it can be a good supplement for other defense/authentication mechanisms in use.
When used with other digital intelligence including device and network IPs, identity elements, KYC data, and so forth, behavioral biometrics can help increase the accuracy with which a crook can be identified from a genuine user. This will allow businesses to maintain a seamless user experience and enhance protection against impersonation and fraud attempts.
The article has been written by Neetu Katyal, Content and Marketing Consultant
She can be reached on LinkedIn.