IPVMU Certified | 04/10/16 03:49pm
I always thought that fingerprint readers might be bad , for that reason.
Another creepy thought is if they went to retina scans.
I'm assuming that a severed hand would not gain access due to lack of blood flow.?
Hopefully the criminals who would sever a digit to spoof a biometric test will quickly realize that a dead digit will not be accepted by a modern biometric system. And if I were working over at Diebold I’d raise my hand and suggest the best way to combat this kind of ignorance is to release a press campaign, at least in the affected area, to reinforce what the criminals will learn the first time they walk up to an ATM with something in a napkin. Otherwise, what’s next? Escalation? Dielbold’s approach of switching to palm recognition is flawed. So they would put the hands at risk instead of the finger? Besides from what I know palm rec is not as effective as fingerprint rec, so the efficacy of the whole system takes a hit even when it’s being used properly. Finally, if a dead digit does in fact pass the current biometric test in use, then migrating to a modern biometric system is the first order, and probably more cost effective than switching biometric types wholesale.
The most despicable form of bank "hacking" known.
I'm having a hard time finding any specific reported incidents of people's fingers being severed for use in Brazilian ATM's.
Not that I would put anything past some elements of society, but it would be nice to know the details surrounding the incident, e.g. was the finger actually tried, was it successful?
And how many times has it happened? Surely, even once is too many times, but people are violently attacked for their ATM and PIN codes all the time. Would a criminal really prefer this messy hack over the tried and true?
Also since the source is Diebold, and Diebold is likely not giving these palm scanners away for free, it's worth verifying how bad this problem really is, no?
IPVMU Certified | 04/10/16 07:22pm
Like Skip mentions above, even cheap fingerprint sensors these days aren't fooled by severed digits. The methods of defending against this range from simple (heatbeat detection) to complex, multi-spectral images that employ layers of 'unnaturalness detection'.
See our: Fake Fingerprints - Liveness Detection Solutions note for more.
Frank Natoli is a Diebold executive, both listed on Diebold's website and on his own LinkedIn page.
It could be that Businessweek got this wrong, though (mainstream publications sometimes are unclear about niche technology).
Forget Brazil, I'm having a hard time finding ANY time someone's finger was severed to use in a fingerprint reader, save this one example of a Malaysian businessman who was carjacked and the car could only be driven after being authenticated thru it's built-in reader!
Anybody know any others?
They probably look on the experience of Japanese banks that employed palm vein readers for ATMs many years ago.
Palm vein biometric modality is more accurate than fingerprints and more robust to spoofing.
At the ISC West I saw Diebold prototype of the new generation ATM (IRVING) with the iris scanner. (Retina is outdated as a biometric modality because of the complexity of getting image and possible harm to eyes.) Iris is even better from the point of accuracy. Reliability depends on the type of sensor. Anyway, the representative of Diebold on a show told me that it was a modular system and they can add almost any modality by choice of customer.
Several years ago I heard a story like this, but instead of Brazil it was India and Pakistan. I don't think that it was true, and it was just something I heard - not read. Seems like a bit of a ghost story to me.
Most of the fingerprint biometrics require a live finger with blood flowing through the fingers
I've asked the author of the article. https://twitter.com/johnebredehoft/status/722457649346785284
Couldn't find Diebold on Twitter.
"..criminals began severing the fingers of account holders to gain access to their money, says Frank Natoli, chief innovation officer at Diebold."
Personally, I'm skeptical when I see claims like this. Is Frank able to name specific cases where this has happened? How frequently has this occurred? (I wonder how the villain knows they're going to need your fingerprint and must take your fingers while they steal your card). While I don't doubt it may be possible or have occurred on an occasion, I suspect it's more likely to be a strawman argument designed to pimp their new product. Kind of like how ppl talk about chain of custody of video evidence lest the video get thrown out of court--yet are unable to cite a single specific case of evidence being thrown out in a real court case.