Yes, biometric fraud has been on the rise, and it is increasingly challenging for businesses that rely on biometric verification.
MIT Technology Review recently published an article discussing how cybercriminals can easily bypass face recognition. And liveness checks often deployed by financial institutions during KYC (Know Your Customer) checks. The spoofing tools are available on public Telegram channels and on the dark web, ready for anyone to deploy to bypass KYC facial scans. Virtual cameras can trick institutions into believing the person being verified is legitimate. Only to later discover that the account was actually created by a fraudster who intended to commit crimes such a money laundering or identity fraud.
Key takeaways
- Cybercriminals can bypass facial recognition and liveness detection used in KYC processes.
- Biometrics create a permanent risk once stolen. Unlike passwords, people cannot easily change biometric data such as face, fingerprints, iris, or voice.
- The finance sector (banking and crypto) suffers the most. Meanwhile, biometric systems play a role in other industries such as entertainment, gaming, travel, and tech.
- Biometrics offer a strong security layer that is evolving (e.g., multimodal authentication, stronger AI defenses), but it is not foolproof.
How is this affecting the average American?
Billions of records, such as passwords and names, have been stolen from both small and large companies over the last couple of decades. With the widespread adoption of biometric identification, hackers are targeting this information to steal it too. Sensitive biometric data points can be stolen, duplicated, and then abused by fraudsters. While after a security breach, corporations request that users be vigilant and practice password hygiene, biometrics cannot be easily changed. Once stolen, altering a human’s face, iris, fingerprints, or voice is not really feasible, and the stolen records remain in the wild forever.
Which industries are at risk of biometric fraud?
Face verification for different purposes affects many industries. Biometric verification is used in almost everything, from theme parks to finance to gaming, even to travel. Facial recognition scams have been on the rise, and companies in the finance sector are among the most targeted. Banking, cryptocurrency and other financial organizations have been hammered by cybercriminals attempting to bypass verification. While the finance sector is in the spotlight, other industries, such as the multibillion-dollar gaming and tech sectors are also under fire. This is after people successfully bypassed biometric verification filters.
Why is biometric verification not the holy grail of cybersecurity?
It is a great layer of security, but it is not perfect because it can be bypassed. Virtual cameras can fool banks, a Touch ID fingerprint verification of older iPhones was possible with molds or casts. There have been reports of teenagers drawing a beard or a mustache to bypass gaming filters attempting to verify age. And sometimes even parents help their kids pass biometric verification because they trust them with the content of the desired website or video game. Even though the publisher does not want minors accessing the content. Biometric security is not perfect, but this does not mean that it is going away.
Is this the end of biometric security?
It’s unlikely, but biometric security is evolving to address the loopholes exploited by bad actors. Biometric verification companies are starting to implement multimodal authentication, combining different types of biometric information. Such as fingerprints, voice recognition, and facial scanning, to achieve a multilayered defense. Companies are also deploying AI-powered defenses to detect fraudulent attempts to circumvent the verification process.
No technology is perfect, and biometric fraud will not be stopped, let alone completely obliterated, nor will biometrics verification be the absolute security option. However, this does not mean that biometric security is obsolete either – it is just another layer of security that businesses use to prevent fraud. Similar to having antivirus software, being prepared and covered with layers of security is better than being wide open in hopes to not get targeted. However, folks are advised to treat biometric data more cautiously than passwords because the consequences of a breach are harder to recover from.
