Cape Town - Biometrics systems in South Africa could be rolling out a "red carpet" to criminals, says an expert in smart identification.
If the rollout of biometrics technology such as fingerprint readers comply with international standards, they can be trusted, but locally, there may be problems, Marius Coetzee, MD at Ideco told Fin24.
"Most South African banks, however, utilise fingerprint scanners that do not meet all the international standards," said Coetzee.
"In a closed and controlled environment such as at the teller, there should not be much risk to the public and any potential risk of account fraud will remain with the bank.
"Should the banks decide to extend this biometric technology to ATMs as an example, there would be great risk to the public," he added.
International trends
South African banks are following international trends in biometrics technology asserted Gemalto, an international digital security specialist.
"In South Africa, leading retail banks have adopted biometrics for their mobile apps and the concept is neither new, nor is SA slow in adopting biometric security for the digital channels," said Ammar Faheem, Gemalto Solutions Expert for Digital Payment for Africa.
He said that multi-factor security encompassed "What I know" (password or PIN), "What I have" (smartphone or PC), and "Who I am" (biometrics).
"However, the biometric card or biometric access to ATM is something new generally speaking, and also has issues of customer convenience versus security. Banks are still weighing those options of enabling biometrics at the card or ATM level, which also has a high dependency on the quality of biometric readers as well," said Faheem.
Many banks have employed biometrics systems linked to the department of home affairs, which is used to verify customers.
This verification is used in conjunction with documentary identification such as IDs, driver's licences or passports.
While the technology has been piloted with ATMs in SA, there has been no national rollout.
Internationally, multiple sites have documented how fingerprint sensors on mobile phones could be hacked through relatively simple technologies such as printing.
Some security experts have also demonstrated silicon and other material that could be used to fool a mobile phone fingerprint scanner.
"False acceptance (where a biometric system matches you to someone else on its database) is quite a common risk in some biometric systems. This typically happens when the technology is simply not smart enough or when the crooks deliberately spoof the technology by introducing false minutiae," said Coetzee.
More advanced fingerprint readers employ additional sensors than just reading the fingerprint. They are also able to read whether the finger is "live".
Juniper Research in 2017 predicted that mobile payments authenticated by fingerprints will rise to two billion, up from 600 million in 2016.
Follow @Duncan025
* Sign up to Fin24's top news in your inbox: SUBSCRIBE TO FIN24 NEWSLETTER