Cybercriminals are becoming more and more innovative in order to exploit ATM authentication technologies planned by banks, according to a new investigation.

While many financial organisations consider biometric-based solutions to be one of the most promising additions to current authentication methods, if not a complete replacement for them, cybercriminals see biometrics as a new opportunity to steal sensitive information.

Experts at internet security firm Kaspersky Lab have been investigating underground cybercrime and have found that there are already at least twelve sellers offering skimmers capable of stealing victims’ fingerprints, and at least three underground sellers already researching devices that could illegally obtain data from palm vein and iris recognition systems.

Olga Kochetova, security expert at Kaspersky Lab, said: “The problem with biometrics is that, unlike passwords or PIN codes which can be easily modified in the event of compromise, it is impossible to change your fingerprint or iris image. Thus if your data is compromised once, it won’t be safe to use that authentication method again.

“That is why it is extremely important to keep such data secure and transmit it in a secure way. Biometric data is also recorded in modern passports – called e-passports – and visas. So, if an attacker steals an e-passport, they don’t just possess the document, but also that person’s biometric data. They have stolen a person’s identity.”

The use of tools capable of compromising biometric data is not the only potential cyberthreat facing ATMs. Hackers continue to conduct malware-based attacks, blackbox attacks and network attacks to seize data that can later be used to steal money from banks and its customers.

Share Story: