Eric Setterberg, System Design Engineer at Fingerprints
Biometric authentication is highly robust, and the latest solutions offer considerably greater security than their authentication predecessors: PINs and passwords.
But as biometrics moves into new areas such as payments and access control, privacy and security concerns are rising. Biometrics has long been subject to scrutiny, with many elaborate examples of people working to trick biometric sensors to crack devices in the media and online.
To ensure the continued adoption of biometrics, it is important to shine a light on the reality of biometric spoofing.
The Evolution of Biometric Solutions…
The first use of fingerprints as forensic evidence was in an Argentinean court case in the late 1800s. With the technology still in its infancy, this was done manually and by eye, comparing latent residual prints lifted from crime scenes to charts of inked fingerprints obtained from the suspects at arrest.
A few decades later, the FBI began collecting fingerprints of criminals and civilians. They also introduced the automated comparison of fingerprints by computers in the 1970s. These “traditional representations” have now been standardized by ISO and ANSI.
… and their Spoofs
The earliest and simplest of these matching devices were easy to spoof. Really, all you needed was a photocopy or a good image of a fingerprint to make a successful spoof.
But as biometrics moved to more advanced technology, the game for biometric ‘spoofers’ has changed and the task of crafting fake fingerprints is considerably more difficult.
The biggest boost for biometric security, however, came with its introduction into mobile phones.
How Mobile Changed the Game
Before the widespread integration of fingerprint sensors in smartphones, the technology underwent significant evolution. No operator wanted to use large biometric sensors in modern phone designs. Sensors had to become much smaller to reach the perfect price and design point for the mobile world, but this meant needing to capture data from a smaller surface area of the finger.
To maintain the security of these smaller sensors, algorithms evolved significantly in order to utilize a greater amount of data per unit area. These mobile-driven hardware and software changes resulted in the optimized image capture of modern touch sensors.
As a result, tricking these systems now requires a considerably higher level of detail to be reproduced correctly for a match to be successful, far beyond rudimentary gummi bear spoofs and photocopies…
Setting the Perfect Spoofing Scenario
Compromising fingerprint authentication via spoofing can still be done, even with all the technological advancements. However, it now requires considerable care, skill, money, and time. And to start, a good latent print…
To retrieve a latent print that’s high quality enough to work, you either need a willing volunteer to lend you their finger, or the commitment to stalk a victim until a viable fingerprint can be retrieved. Even with a decent latent print, modern spoofs then require advanced photoshop skills and/or a lab to successfully convert latent prints into effective moulds.
So – what about those articles boasting how easily they have hacked the latest smartphone device’s fingerprint sensor?
In fact, there are only two instances of fingerprint spoofing seen in the media nowadays: proof of concept and cooperative spoofs. Lay enthusiasts and media go through the effort of setting up a lab to create spoofs with latent fingerprints either from themselves or cooperative volunteers. Even the most successful of these take months of work, a highly skilled team, and the perfect scenario of circumstances.
Put simply, the effort required for spoofing modern fingerprint sensors cannot be applied at any scale. Each biometric spoof needs to go through the same laborious process and clinical conditions. So, if you can bring together a willing group of spoofing enthusiasts, tricking a biometric device could earn you fifteen minutes of fame on the internet, but it is likely to be conducive to a successful criminal business plan…
A “How” Without a “Why”
Spoofing biometrics remains technically possible, and there will always be those up to the challenge of trying to hack the latest technology. But the reality is that modern biometric solutions require more time, skill, and frankly, luck, to successfully spoof than ever before. Not to mention that tireless R&D work is continuously strengthening spoofing resistance. And, as use cases start to combine multiple biometric authenticators, such as combining fingerprints with face or iris to perform an authentication, spoofing will only become more complex.
By comparison, hacking PINs and passwords is considerably simpler and more scalable, making it far more lucrative. And, criminals generally take the path of least resistance.
For the average consumer, greater use of biometric authentication is not only a means of simplifying authentication, but dramatically improving the security of their devices, applications, and personal data. With PINs and passwords still the most common authentication method outside of mobile, it is imperative that the true security and advanced nature of modern biometric authentication solutions are understood.
COULD COVID-19 BE THE CATALYST FOR DIGITAL TRANSFORMATION IN FINANCE?
By Simon Bull, Sales Operations & Business Development Manager at Aqilla
We are all now living in a new ‘normal’ where working from home is no longer a luxurious ‘perk’ of the job, but an essential. In the case of many organisations, the transition to flexible, remote working was successful, albeit slightly bumpy. But there is one department that has found it more challenging to transition to the required standards of remote working – the finance department.
The finance department often gets left behind when it comes to digital transformation largely because it is so heavily regulated. And because of this, one of the biggest problems the finance teams face is that it’s sensitive data will likely be stored on a hardware server on office premises. If you look at how organisations update their software as they grow, it’s usually the finance department lagging far behind, or sometimes forgotten about altogether. This is because finance has complex requirements that can lead to the attitude of: if it ain’t broke, why fix it?
Up until now, most finance teams have overcome the challenges this situation presents, but with the repercussions of the pandemic still very much in play, the complications that go hand-in-hand with on-premise technology have been more noticeable than usual. As a result, COVID-19 is becoming a catalyst for a digital transformation in finance, or more specifically moving finance and accounting software away from traditional on-premise solutions to built-for-cloud services. But what are the advantages of this approach, and what should finance teams be looking for in a built-for-cloud solution?
Cost: The Software-as-a-Service (SaaS) approach that is the basis of many of today’s cloud computing businesses generally offers customers a convenient monthly pay-as-you-go model. Given that all that users need to access the software is a desktop, laptop or smart device and internet connectivity, they can also save money on the server hardware that has previously sat in the corner of the office. Hint: compare pricing from several potential providers to make sure there are no unexpected extras before signing up.
- Service: Good cloud-based providers offer extremely strong levels of customer support and service. It should be very easy to get help quickly and conveniently, and they should be in a position to offer advice, identify problems and fix errors without undue delay. Hint: ask for references from existing customers or look for online reviews to assess their service and support capabilities. Also, carefully check their Service Level Agreement (SLA) to clearly understand where their commitments begin and end.
- Security: Established cloud providers offer high levels of security, data protection and backup services as part of their ‘as-a-Service’ package. Customers benefit from the protection afforded by security specialists whose job it is to prevent breaches and keep data completely secure. Hint: Check their security policies and consider talking to existing customers about their security track record.
- Compliance: Cloud providers specialising in the finance industry should have compliance at the heart of their product set. Hint: Check with potential providers about their levels of compliance and certification, particularly if you have specialised requirements.
- Ease of use: today’s built-for-cloud software services are built for purpose, with many offering a high degree of bespoke capabilities so every user can tailor it to their precise needs. This is in contrast to traditional software packages that can be far less flexible, forcing the user to work in a particular way that might not be ideal. Hint: ask potential providers for an online demonstration to check the way the services work meet your needs.
- Performance: In the early days of cloud computing, finance software was too basic for many professionals to consider. Today, there are many entry-level services, while others offer a comprehensive range of capabilities to precisely fit the needs of professional finance departments. Hint: evaluate the range of capabilities offered by a cloud provider, which should include areas such as: extensive analysis, proper periodic management and business calendars, multi-currency, multilingual and multi-company operation, full VAT handling International coding, tax and language flexibility, automatic reconciliation / bank integration, built-in key performance measurement, advanced search, selection and drill-down, document and image scanning. Hint: compare the features of different providers in advance – if anything important is missing, look elsewhere.
- Regular updates: Software developers find it much easier to update and improve their services when they are delivered online, and can more effectively keep up with finance best practice and changes to rules and regulations. Many also encourage users to suggest improvements or new features which are then provided to customers at no extra cost. Hint: ask providers about how often they update their software and whether you can suggest improvements.
For many businesses, these are compelling reasons to adopt cloud-based finance software services, even in normal circumstances. But considered in the context of the current remote working environment, built-for-cloud finance software can help departments to adapt and capitalise on working from home and match the levels of digital transformation seen across many other key business functions.
WE NEED FINTECHS NOW MORE THAN EVER
Lubaina Manji, Senior Programme Manager, Nesta Challenges
Whilst the sun is far from setting on the COVID-19 pandemic, predictions and hopes for a new “normal” are shimmering on the horizon.
Amid the trail of devastation left by the virus, there has to be some semblance of change and positivity to be taken. One such shift is the increase in digital services usage which poses a huge opportunity for our fintech community. Confinement has forced even the more sceptical of us to dabble in digital, and embrace how it has made many everyday tasks more easy and convenient.
Online and mobile banking has been helping many people stay on top of their finances for some time. Research conducted by Open Up 2020 Challenge last summer found half (48%) of people would like to use online tools and apps to help them manage their money.
Then along came a global pandemic that has undoubtedly forced the hands of even the more sceptical to log on, download and transact – quickening the pace of long-lasting change in terms of how we manage our money. Recent figures from deVere Group suggest the virus is behind a 72% rise in the use of fintech apps in Europe. Never before have we been so reliant on technology in maintaining some sort of normalcy and in helping us continue day-to-day tasks, like everyday banking.
Another unfortunate byproduct of protecting communities from the virus means many people have been left out of work and with less or no income. In times of financial strain, the need for people to engage with their finances – be it budgeting, saving or shopping around for better deals – is far greater.
Issues of trust in traditional banking services and a lack of awareness of the helpful money management services available are some of the barriers preventing people from taking more control of their finances. But the solutions made possible through open banking can provide people with a lifeline to build their financial resilience and better manage their money.
Open banking has the potential to revolutionise financial services, by giving people control over their financial data in order to access innovative products tailored to them. Since it launched in 2018, open banking technology has opened the door for new fintech innovators to create cutting-edge tools designed to help people better manage their money – from budgeting, debt management, comparing and switching banks to automating savings and more. These could have a significant impact – it is estimated that UK consumers could gain as much as £12bn over the course of a year from open banking-enabled tools.
So far, it’s been effective – the UK FinTech’s State of the Nation report totted up more than 1,600 fintech firms in the UK in 2019, whilst predicting this could more than double by 2030. Figures from the Open Banking Implementation Entity showed there were 243 regulated providers, 169 third party providers and 74 account providers as of April 2020. The UK adoption rate of fintech is 42% – higher than the global average of 33% – making it ripe for opportunity. Coupled with lockdown restrictions creating greater dependence on technology – including ATM cash withdrawals falling by half – fintechs are well placed to be part of the solution – and offer help to those struggling to manage.
With more than a fifth (21%) of the adult population saying financial stress is having a bigger impact on their mental wellbeing than physical health concerns during the crisis, and a quarter more stressed about money than usual, fintechs can be part of the support available to them.
However, in order to fully realise the opportunity we need to ensure budding entrepreneurs with bold ideas have the means to turn them into reality. Nesta Challenges exists to design and run challenge prizes that incentivise people to help solve pressing social problems that lack solutions. Through our Open Up 2020 Challenge we are supporting 15 fintech finalists to develop their solutions to enable more people – particularly those underserved by traditional financial products – to manage their finances better, whatever their circumstances.
Of the 15 finalists, some offer app designed to help people budget,, save, switch and invest – aided with alerts and notifications that allow people to stay on top of their finances and make their money work harder for them for the long term. For example, Cleo is an AI financial assistant that is already helping more than 3 million customers monitor their spending, budgeting and saving, while Moneyhub empowers people to do more with their money by offering actionable insights from a review of all of their accounts.
Some of the apps are designed for those with more specific circumstances, such as Mojo Mortgages, which analyses income and transaction data for first time buyers to produce mortgage affordability scores and savings recommendations if they aren’t quite ready to apply. Finalists Portify and Wagestream cater for workers with irregular earning patterns.
As well as monetary grants, Open Up 2020 Challenge provides these companies with non-financial support and promotion to help them on their way to achieving their full potential – which in turn helps them reach many people to help them achieve their monetary goals.
While COVID-19 has created personal finance headaches for many, it has been inspiring to see how quickly fintechs have been able to innovate and develop digital solutions that help solve these problems and equip people to better manage their money.
 Open Up 2020 Challenge
NO SAFE HARBOUR FOR DIGITAL BANKING
by Konstantin Bodragin, Business Analyst and Digital Marketing Officer at Bruc Bond At the beginning of 2020, the future...
CAN TECHNICAL INNOVATION HELP FINANCIAL SERVICES FIGHT BACK AGAINST FINANCIAL CRIME?
By Charlie Roberts, Head of Business Development, UK, Ireland & EU at IDnow It’s no secret that the financial...
ARE MIDDLE EAST ENTERPRISES PREPARED FOR THE FUTURE?
Deloitte releases 2020 tech trends report Deloitte’s 11th annual report on technology trends captures the intersection of digital technologies, human...
ONLINE STOCK BROKERS ARE BENEFITING IN 2020
2020 has changed our lives in dramatic ways. Thanks to COVID-19, many of us now work from home. Rather than...
COULD COVID-19 BE THE CATALYST FOR DIGITAL TRANSFORMATION IN FINANCE?
By Simon Bull, Sales Operations & Business Development Manager at Aqilla We are all now living in a new...
WHY OPEN BANKING SHOULD BE EVERY MARKETER’S BEST FRIEND
By Kathryn Wright, CSO, Upside To date, Open Banking has been mainly utilised to help consumers with account switching...
TOP TECHNOLOGY TRENDS FINANCIAL INSTITUTIONS SHOULD INVEST IN TO BRIDGE THE GAP IN REMOTE WORK
Chirag Shah, Senior Vice President, Fintech & Innovation Lead, Publicis Sapient More than ever before, technology is critical to...
TOP 5 LINKEDIN PROFILE OPTIMIZATION HACKS FOR ASPIRING BANKERS
According to Firmex, finance professionals cannot afford to be not on LinkedIn. A significant number of organizations acquire talent in...
TAPPING INTO THE DATA GOLDMINE: THE FUTURE OF DATA-DRIVEN CREDIT MANAGEMENT
Willand Brienen, product owner at Onguard Data, and the insights it reveals, can offer organisations a vast number of...
ENLISTING TECHNOLOGY TO HELP FIGHT FINANCIAL CRIME
By Rachel Woolley, Director of Financial Crime Fenergo Million-dollar properties, private jets and parties on luxury yachts with celebrity...
TRANSFORMATION IS NON-NEGOTIABLE FOR BANKS LOOKING TO DELIVER VALUE IN A POST-PANDEMIC WORLD
Andrew Warren, Head of Banking & Financial Services, UK&I, Cognizant In addition to responding to changing customer expectations, higher...
HOW MILLENNIALS CAN GET AHEAD WITH THEIR MONEY
Granville Turner, Director at company formation specialists, Turner Little. Millennials are often painted as globe-trotting creatures that spend more...
STOPPING THE CHARGEBACKLASH
By Gabe McGloin, Head of Intl. Merchant Sales @ Verifi Brands have been encouraging consumers to move their shopping...
CONSUMERS ARE READY FOR BIOMETRIC PAYMENT CARDS
Lina Andolf-Orup, Head of Marketing at Fingerprints We’ve come a long way in the evolution of digital payments. Magnetic...
WHY IT PAYS TO MAKE CYBER SECURITY PART OF THE M&A DUE DILIGENCE PROCESS
Anurag Kahol, CTO at Bitglass Mergers and acquisitions (M&As) enable business leaders to adapt fast to new opportunities. Whether...
GOING FOR INVESTMENT IN CENTRAL EUROPE: START-UP LIFE OUTSIDE A TRADITIONAL TECH HUB
A Q&A with Bence Jendruszak, Co-founder and COO at SEON At what stage did you realise you were going...
CLOUD ALLOWS BANKS TO BASK IN CHANGE
by: Elliott Limb, Chief Customer Officer at Mambu As a new era of banking takes off, the cloud is...
COVID-19 WILL DRIVE FINTECH ADOPTION – BUT AT WHAT COST?
By Ian Bradbury, CTO – Financial Services at Fujitsu UK Even before the impact of Covid-19, the financial services...
HOW TECHNOLOGY IS POSITIVELY IMPACTING COMPLIANCE AND HOW IT IS HELPING TO STREAMLINE PROCESSING TIME AND COST FOR FIRMS
By Joe Woodbury, Director – Investment Management Solutions at Lawson Conner (part of IQ-EQ) Private Equity & Real Estate...
TECHCOMBANK AND COMPASS PLUS CELEBRATE 15 YEAR MILESTONE IN BANKING PARTNERSHIP
Since issuing the first Visa card 15 years ago using solutions provided by trusted partner Compass Plus, Techcombank, one of...