How Foolproof Is Your Biometric Security?
Posted: Thursday,April 02,2015
In a recent article published in Popular Science, technology writer, Dan Moren, in response to Alibaba’s news that consumers would soon be able to authorize payments to purchase goods using facial recognition, asked himself the question, “how hard would it be to spoof the facial recognition?”
The answer: Easier than you think.
Moren first tried using a high-quality photo of himself – with the eyes cut out so he could hold it up to his face and blink, as most systems require that the person blink in order to verify that a real person is using the scanner – and was not authenticated.
Undaunted, he proceeded to shoot a quick video of himself using his smartphone and positioned the phone in front of a monitor displaying the video. Sure enough, it worked, and he gained access to his bank account.
“So much for high security,” he writes.
Moren notes that “There are plenty of better options, including two-factor authentication, voice recognition and fingerprint scanners, that are just as easy to implement.” We, at AGNITIO, agree that multi-factor authentication is critical in a world where data breaches occur almost weekly.
No doubt, as biometric authentication proliferates, fraudsters will develop techniques to steal biometric data in order to gain access to information and assets. However, a biometric modality should not be able to be spoofed with the use of copies, recordings or personal identifiable information that has not been supplied by the original owner. The biometric technology should be able to recognize imitations and therefore deny access.
In the case of voice, spoofing is a technique in which a fraudster obtains a recording of a user’s voice and commands, then replays it into a device or during a call center conversation in order to imitate that user. AGNITIO has spent many years researching this area and has developed advanced, patented anti-spoofing voice biometrics technology that learns the unique individual characteristics of the human voice to consistently identify and differentiate the speaker’s real voice from recordings to prevent this type of fraud.
If you’re interested in learning more, download our anti-spoofing white paper here.
Post a Comment