Alessandro Chiarini is a senior vice president of enterprise authentication for Burlington, Massachusetts-based Aware, which provides biometric software and services. He is based in Miami.
Across the globe, biometric technology is booming. More and more companies are using people’s unique characteristics – including their fingerprints, irises, faces, and voices – to verify individual identities.
By 2027, biometric technology will authenticate $1.2 trillion of remote mobile payments, one research group estimates – that’s a monumental jump from $332 billion in 2022.
This surge is overwhelmingly beneficial. After all, biometrics offer some of the most effective tools we have to authenticate and protect peoples’ identities throughout the payment process.
But hackers are also taking note – and are diligently searching for and taking advantage of loopholes. Left unchecked, these nefarious actors could unleash a world of financial and personal trouble for people relying on biometric authentication for payments.
It’s crucial to stay ahead of these attacks. That requires constant monitoring for potential threats and advancing tools and techniques to stamp them out. Critically, that also means fortifying security systems with multiple levels of defense.
Hackers are using all sorts of sophisticated methods to trick and bypass biometric technology – like capturing audio clips of individuals’ voices, making fake fingerprints using putty and gelatin, and downloading photos and videos of people from the internet. Social media and Generative AI are making this all the more common, as hackers can often easily snag a few pictures or an audio clip from individuals’ platforms.
Consider just one telling example of a hacking attempt that captured international headlines: a man opened his ex-girlfriend’s eyelids while she was sleeping and stole $24,000 to pay off his gambling debts.
Hackers are also employing injection attacks – which use malicious codes to manipulate or compromise the very core of the authentication system. In doing so, the computer is tricked into believing that the company or organization initiated the command, rather than an external bad actor.
Additionally, there are growing attempts to create synthetic identities, in which hackers slowly piece together a fake identity using different tidbits of verified information.
To ensure a robust security system, biometrics should be treated as a tool in our arsenal – not a silver bullet solution. The best security systems have multiple layers of defense – often in the form of multi-factor authentication.
So, for example, if someone gets past the first layer of a security system by creating a lifelike 3D mask, they might then encounter another verification prompt – like a password or a specific code sent to their phone or email. These extra barriers to entry can provide a powerful way to stop unwelcome intruders and deter them from trying again.
To be sure, additional safeguards can be time-consuming and cumbersome. But given how ingenious hackers have become, we may still need a few extra seconds and a small administrative headache to avert the potentially devastating consequences of a compromised security system.
Every authentication technology in history has been subject to attacks by nefarious actors. It’s par for the course. Now, biometrics have become a focal point. It’s critical to fortify our defenses now and protect people and businesses from catastrophic harm.