When Biometrics Versus Photo Spoofing Technology

A week ago today, countless people came to banks in Hai Duong to ask for support and guidance on installing biometrics on electronic banking applications.

After "5 times, 7 times" of not being able to install for various reasons, now, adding biometric information has become basically easier. The banking system is no longer overloaded, those who know help those who don't know...

If you successfully install biometrics, do you no longer have to worry about fraud when transferring money on electronic banking applications? Are you sure when there have been cases of "still photos bypassing biometrics"? A few days ago, someone tried to take a portrait photo and let the banking application or e-wallet scan it instead of scanning their face directly. Some banks have electronic applications that cannot recognize which is the photo and which is the real face of the account owner. And so the application is "tricked". According to some people, scanning photos is even faster than authenticating with a real face.

According to the leaders of the State Bank as well as some cybersecurity experts, the biometric situation on some banks' applications being fooled by a pre-taken photo is not a bug. It is because the "liveness detection" feature, a technology to detect fake faces, has been turned off. Due to the large number of people setting up biometric information on the first day, even increasing dramatically, some banks have temporarily turned off this feature to ensure the stability and smoothness of the system. This feature has been restarted, the authentication vulnerability using a still photo has been "plugged".

So, we can rest assured that the authentication error that has caused a lot of discussion and commotion among many people in the past few days has been explained. We can rest assured.

But that's the problem with still images, what about image forgery technology? The term DeepFake appeared publicly on the internet around the end of 2017, with the original meaning of this word being a combination of "Deep learning" and "Fake". This technology became widely known when a user on the online forum Reddit used it to swap the face of a celebrity into another face with quite high accuracy without much effort. Since then, DeepFake has been followed and even developed by both experts and "novices".

Up to now, this AI technology is developing more and more. It is no longer the faceless fake faces, soulless eyes, but the faces are surprisingly real. In fact, many cases have been fooled by this technology and have to exclaim that this year's DeepFake scam is completely different from last year's. What if the scammers use DeepFake to bypass biometric technology?

In the context of cashless payments becoming a habit, even in rural areas, the situation of fraud and theft of money in people's accounts will increase, with increasingly sophisticated tricks. Because today online fraud has become a "profession". Therefore, each individual needs to build their own "firewall". It is best to use each person's own phone, do not lend it to anyone you do not know. Do not install any software on anyone's advice if you do not know clearly.

At least with biometrics, even if a bank account is hijacked, the maximum amount lost in a day is only 20 million VND. Because anything larger than this amount will require facial authentication.

Biometrics is arguably the most advanced technology available today. But it is important to understand that DeepFake is also an extremely modern technology. So it is never too much to be vigilant.