The Fraud Examiner

Brave New World: Can Biometric Security Help Fight Fraud?

Mason Wilder, CFE
Research Specialist, Association of Certified Fraud Examiners                                 

Beginning with movies showing finger or retinal scans being required for access to top-secret files or facilities, biometric authentication technologies have existed in the public consciousness for several decades now. As practical, real-life applications of the technology increased, the familiar tug-of-war between technology and fraudsters ensued and continues to guide developments in the field of biometrics today. Once a form of security technology becomes affordable and effective enough to deploy on a widespread basis, fraudsters determine how to overcome those controls, prompting new and improved versions of the technology designed to eliminate previously exploited vulnerabilities.

 Applications of basic biometric authentication technology have traditionally ranged from physical security access controls — such as a fingerprint sensor or retinal scanner placed at the entrance of an area that contains sensitive information — to consumers authorizing payments from their smartphones through facial recognition as a more recent example. The earliest and most basic forms of these biometric controls inspired fraudsters to come up with surprisingly primitive workarounds. Examples include making molds, casts and prints of fingerprints with rubber cement and liquid silicon, or using high resolution images and prints of eyes or faces to fool infrared-based eye scanners or two-dimensional facial recognition technologies. These “hacks” resemble the sophistication of color-copying $20 bills on a machine at a copy and print store more so than they evoke tactics from a 90s spy movie.

 Current versions of these technologies give fraudsters much more of a challenge; new iPhones feature three-dimensional facial scanning to prevent access from someone using a two-dimensional photograph, while finger or palm print scanning technologies are evolving to include analysis of vein patterns. However, these advances are the exception to the rule. Most smartphones do not use the three-dimensional facial scanning capabilities, relying instead on partial fingerprint patterns. Despite being more effective than the earliest fingerprint technologies, smartphone fingerprint readers can sometimes be tricked by fictitious fingerprints created using common features of human fingerprints. Voice recognition systems in some smartphones and physical access controls can be defeated using voice morphing technology that transforms a speaker’s voice into a victim’s, using only a few minutes’ worth of recordings featuring the victim’s voice. This last example has implications beyond biometric authentication vulnerabilities, potentially enabling any number of fraud schemes involving impersonation.

Sign In

Not a member? Click here to Join Now and access the full page.