Can Bank Biometrics Be Broken?
Using facial recognition to log into bank accounts could present security vulnerabilities, according to a security researcher quoted by Business Insider.
Other people could access researcher Meaghan Johnson’s account by using the live photo feature on iPhones, which shows limited movement, the article said. She works for fintech consulting firm 11:FS and said that: “Once you log in to the secure site on the app, just blink a few times and it records you blinking. We got a picture of me blinking, which then was a Live Photo. We pressed down on the Live Photo facing my phone with the facial recognition screen open. After five seconds, it picked it up and it logged us straight into the app.”
The security vulnerabilities reportedly applied to two banks—one in the U.S., one in the U.K.—though Johnson did not identify them. One U.K. bank that offers facial recognition for consumers, Atom Bank, told Business Insider that those consumers also need PINs for account access, as well as another level of authentication to send payments to new payees.
The security news comes as financial institutions and payment providers continue to take steps toward biometrics. Samsung’s upcoming Galaxy 7 phone, for instance, reportedly will offer iris scanning.