Is Biometric Security Already Obsolete?

October 7, 2016 at 9:24 am Leave a comment

biometricsHere is one more thing to keep your IT department up at night.

An international security consulting firm, has created quite the stir across the pond by reporting that hackers have already figured out not only how to steal biometric data from ATM machines but also how to commercialize the sale of devices facilitating its capture.

On September 22, 2016, Kaspersky Lab reported  there are already at least 12 sellers offering skimmers capable of stealing victims’ fingerprints from ATMs. In addition, at least three underground sellers are already researching devices that could illegally obtain data from palm vein and iris recognition systems. By the way. this is in addition to reports demonstrating  that it is possible for hackers to steal information stored on EMV chip cards.

The news caused one British regulator to write a letter to banks telling them to report on the steps that they are taking to secure biometrics. What makes this report so disturbing is that, whereas compromised ATM and credit cards can be reissued, you can’t change someone’s biometric data.  If it really is as easy to steal this information as it appears it will  be, then the use of biometric passwords will offer convenience to people like  your faithful blogger, who is  frustrated by an ever-growing list of passwords, but  will be an expensive dead-end when it comes to security.

From now on I’m going to tell my wife to follow Kim Kardashian’s lead and take millions of dollars in jewelry with her wherever she goes instead of using a  safety- deposit box.  What could possibly go wrong?

The report also underscores just how behind the curve this country is when it comes to cyber theft. Merchants are merchants are still grumbling about the use of chip readers and a major Presidential candidate is encouraging cyber-hacking his opponent while Europe is already debating the merits of biometric security. I can’t believe that this is the best the country that created Google, Facebook and Microsoft can do.

Which brings me to my proposed one sentence guidance for all regulators , financial institutions and businesses  to follow: “Every business must  have a cybersecurity plan, but one which is tailored to its  size, complexity and  cyber vulnerability. Any mandate more prescriptive than this will be outdated in days and deny institutions the flexibility they need to weigh cybersecurity costs against other expenditures eating away at the bottom line.

Extended Exam Cycle, Right Around The Corner

NCUA announced yesterday that well managed credit unions with assets of less than $1 billion  could move to an extended examination cycle, beginning next year, subject to board approval. The recommendation is among ten put forward by an agency working group on exam flexibility.

On that note enjoy your long weekend, I will be back on Tuesday!

Entry filed under: General. Tags: , .

What Payday Loans And The Mets Have In Common Why Ruling Against The Bureau Helps Your Credit Union

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Authored By:

Henry Meier, Esq., General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 462 other followers

Archives