Theft of biometrics data is becoming more frequent. A recent example is the breach of Avanti point of sale systems. Although this is a problem, it isn’t likely as high risk as many believe. Using stored biometrics data is harder to use than is practical, making too high (in most cases) the effort given the attacker’s financial returns. So possible theft of biometrics data shouldn’t be a reason to stop using biometrics as an authentication factor.
When a user registers a physical attribute with a biometrics solution, the attribute’s characteristics are converted to a numeric value. This value is encrypted and stored. According to Larry Greenemeier, in an article written for Scientific American, “Misuse of stolen digital fingerprint files is hardly that straightforward and would involve cracking encryption codes, reverse-engineering data files and several other complicated procedures that are probably not worth the effort.”
The biggest problem is not in the actual risk. It is in the public’s perception of the risk. We have enough challenges trying to get many people to accept biometrics without spreading misinformation about the risk. Yes, we need to protect biometrics data. Yes, theft of this data elevates risk. However, biometrics alone should never be used to protect highly sensitive information, and the effort needed to use stolen customer biometrics data is likely too high for common use.
There is an exception, however, that might elevate the risk above acceptable levels. What if the attacker steals the imprint information passing between the sensor and the biometrics verification algorithm? Any solution selected to protect our customers or our highly sensitive information must be protected and designed in ways to make this kind of attack highly improbable.