Can biometric data be “stolen”? This is a frequently asked question that is often met with an inaccurate response.
The typical incorrect answer looks something like this:
While you can change your password or PIN if it is compromised, you cannot change your biometric information. Once stolen, it is not possible to be revoked and can be used for repeated fraud.
In this post we provide 4 reasons why this thinking is flawed.
4 reasons why biometric data is safe from hackers:
- Unlike a password, our biometric data is not a secret
- Biometric data is secured by Liveness
- Biometric templates are useless to fraudsters
- Biometrics are typically not the only authentication factor
#1 Unlike a password, our biometric data is not a secret
At the most basic level, our biometric data is inherently public, so what does it mean to be stolen? Our fingerprints are left on everything we touch, our voices are easily recorded, and modern mobile cameras are capable of capturing high resolution images and video. Most notably, the majority of us intentionally post photos and even videos of ourselves on publicly accessible social media and web sites.
As such, it’s quite simple for fraudsters to obtain the information needed to create synthetic artifacts, such as printed photos or masks, for use in hacking or “spoofing” a biometric identification system. This initiative doesn’t require hacking into a company database to obtain biometric data — a simple Google search is all it takes to obtain data that can be used to attack face, voice, and even iris biometrics.
However, unlike a password or PIN, authentication based on biometric data does not depend on information that is a secret. That is, there’s no need for the biometric to be secret. Why? Because modern biometric authentication systems either (1) have a person supervising the biometric check, such as when going through a gate at an airport, or (2) use liveness technology to ensure that the biometric is from a real person and is not a spoof attack. Therefore, the threat of stealing something that’s already public is not much of a threat.
#2 Biometrics are secured by Liveness
As mentioned in point #1, biometric matching is only one component of today’s identity verification and authentication systems. While biometrics answer the question, “Is this the right person?”, liveness detection is necessary to answer the question, “Is this a real person?” Confirming the presence of the real person when presenting a biometric is critical in use cases that are remote or unsupervised, such as signing up for a new bank account on a mobile app instead of in person at a branch. In other words, liveness detection prevents biometrics from being hacked.
For example, for facial biometrics, facial liveness technology distinguishes between the presence of a live person at the point of verification (presence in front of the camera) and spoofing attacks, such as those that use printed photos, video replays, and masks. The same ideas about liveness apply to fingerprints and voice where someone uses silicone to spoof a fingerprint or a recording to spoof a voice biometric.
With liveness in place, you are protected even if your biometric data is hacked. Facial liveness is the most commonly deployed anti-spoofing technology today, which is logical given the growing use of face biometrics for remote onboarding and authentication. Today’s leading facial liveness detection products offer proven accuracy and extremely low occurrence of a fraudster fooling the biometric system.
As more use cases emerge for voice-enabled IoT devices, we expect to see similar adoption of voice liveness to enable secure voiced authentication for in-app payments, access to personal information, and more.
While fingerprints may not be as accessible, the technology is also protected by liveness. For example, Precise Biometrics supports face liveness with ID R&D IDLive™ Face as well as fingerprint liveness with their BioLive solution. BioLive accurately Identifies a fake fingerprint by analyzing several fundamental image differences between a live fingerprint image and one from a spoof.
To summarize point #2, liveness detection significantly limits the concern of biometric data falling into the wrong hands.
#3 Biometric templates are useless to fraudsters
What about the threat of someone hacking a company’s database of biometric information?
Biometric systems convert the biometric sample, such as a picture or a voice recording, into a template. These templates are not reversible back into the original sample. A modern biometric system only stores the templates, not the original biometric information. The templates do not include any personal information about the human — such as the age, gender, or unique physical characteristics. Even if someone steals a template, there is nothing they can do with it. On top of this, applying best practices of encrypting data at rest ensures that any hacker who steals the templates will have two layers of useless bytes.
#4 Biometrics are typically not the only authentication factor
Regulated industries and high assurance applications put multiple security checks in place to protect personal information and transactions. Strong customer authentication requires the use of two of three factors: something you know (like a PIN), something your have (like your phone), or something you are (a biometric). For example, a bank may enable the use of face biometrics with liveness to log into their mobile app. However, they will also rely on your mobile device as a token and may even ask for a second biometric modality or One Time Password for certain high risk transactions. This is on top of sophisticated artificial intelligence that may be in place to identify unusual behavior.
No authentication technology is foolproof. In the rare occurrence of a successful attack on a biometric system, damages will be mitigated by additional security factors, fraud tools, and commonly used application security practices to protect against man in the middle and other attacks.
Rethinking the question: Can biometric data be stolen?
Based on the information above the question of whether or not biometric data can be stolen isn’t a very good one. The better question is, “What is the risk of someone compromising my identity using my biometric data?” In terms of identity verification and authentication, the risk of a fraudster creating an artifact and successfully spoofing your identity is extremely low with liveness detection in place. The fraudster will be stopped and cannot commit repeat fraud even if they have your biometric data.
While few people would post a photo of their password to Facebook, we don’t think twice about posting a selfie. We don’t actively watch out for people taking photos, video or audio recording of us. And we certainly don’t wipe down everything we touch to prevent our fingerprints from being lifted. That’s okay because liveness detection combined with good practices in modern biometric systems protect our biometric data from being hacked and used when we are not present.