• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

FPC Explains Why Biometric Cards are So Difficult to Hack

October 23, 2020

Fingerprint Cards (FPC) is once again highlighting the security benefits of biometric payment cards, and fingerprint-scanning cards in particular. In doing so, it identifies the three main strategies that a fraudster could use to attack a biometric card, and explains why the latest generation of cards will be resistant to those efforts.

FPC Explains Why Biometric Cards are So Difficult to Hack

The first point of attack is the fingerprint scan itself. A hacker could attempt to spoof a genuine fingerprint with a latent print or a false print designed to mimic the real thing. Thankfully, doing so is extremely difficult with the latest fingerprint sensors. An active capacitive sensor requires a 3D and conductive print to generate a match, offering liveness detection that returns a false positive rate better than one in 20,000. The comparable figure for PIN codes is only one in 10,000.

If a fraudster cannot beat the fingerprint scan, they could attempt an injection or replay attack, which seeks to compromise the sensor itself. To do so, they essentially need to insert a false image into the authentication process, and convince the card to accept that fake instead of a new fingerprint scan.

In many cases, the image used in the attack will be an image of the user’s finger that was captured legitimately and then replayed to trick the card. However, modern sensors will check to make sure that the image comes from the sensor, and not some other source. They will also check the time that the scan was made to confirm that it is not being replayed.

Of course, the latest cards store the user’s biometric data on a Secure Element built into the card itself. That makes it far more difficult for hackers to get their hands on the template that a hacker would need to attempt a replay attack.

The Secure Element also helps protect the third potential vulnerability, which is processing and template storage. For example, a hacker could try to monitor factors like power consumption or electromagnetic fields to get around card security. More sophisticated algorithms should be able to spot those efforts, while the next generation of cards will not have a separate processor and will instead process prints on the Secure Element itself to mitigate any chance of exposure.

FPC noted that while no system is invulnerable, it is extremely difficult (and expensive) to hack modern fingerprint cards. That makes such hacks virtually impossible to execute at scale, which further reduces the appeal for cybercriminals. As a result, fingerprint-scanning cards offer a much higher level of security, in a way that can support safe and convenient contactless transactions.

Filed Under: Industry News Tagged With: anti-fraud, anti-spoofing technology, Biometric, biometric cards, biometric payment cards, biometrics, Fingerprint Cards, fingerprint scanning cards, FPC, Presentation Attack Detection

Related News & Articles

FIDO Certification Expands with the Help of Three New Testing Labs

FPC’s Under-display Sensor Order Reflects Mobile Biometrics Dynamism, Despite Disruptions

IDEMIA’s Facial Recognition Get’s Top NIST Ranking in Webcam and Selfie Categories

Primary Sidebar

Register For the Next Virtual Identity Summit

Register now!

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • Selfie IDV Innovator Finds Escalating Demand in Q4
  • Another e-Betting Platform Leverages Biometric KYC, Care of Jumio
  • Thai Authorities Approve Mobile ID for Airport Boarding
  • New Yoti Solution Ties Biometrics to e-Signatures
  • Kenya’s New President Pushes for Digital ID By Year’s End

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld