16:57 GMT +323 July 2019
Listen Live
    Passengers pose for a selfie as they wait for the Night Tube train service at Oxford Circus on the London underground system in London, Britain August 20, 2016.

    HSBC Plans to Let Customers Use Selfie IDs, But Experts Say Data Can Be Hacked

    © REUTERS / Paul Hackett
    Tech
    Get short URL
    0 73

    Prospective HSBC customers will be able to provide a selfie picture taken via their iPhone or Android device which will act as verification. One of the world's biggest banks will use facial recognition technology and cross-reference the selfie against more formal identification such as a driver's license or passport.

    However, questions have been raised about how secure this new method of identification really is. Biometric data is used heavily by global corporations.

    Biometric refers to computer data that is created during a biometric process and includes fingerprints, and all verification or identification data, excluding the individual's name and demographic.

    "Biometric data can be hacked in many different ways. Most famously the iPhone's Touch ID was trivially broken by German hackers," an anonymous information security source told Sputnik.

    ​However, the main issue with biometric technology isn't how easy it can be hacked, but how easily it can be changed, according to Sputnik's source.

    "If you use a username and password, you can always change the password. But you can't change your fingerprint, and you can't really change your face. If they're using this to verify you once, it's probably not that bad. But if they're going to use this to verify you forever, you could encounter problems later on if someone else recycles your facial image," they said.

    This new system by HSBC is supposedly meant to make life easier for the customer, but clearly there are pitfalls.

    "The issue comes from how we use selfies and how often our images are taken. Will people use the same images that they post to social networks to authenticate to HSBC? If so, that would be a little like sharing a credit card PIN," an anonymous source told Sputnik.

    Even if the person doesn't use the same picture, the biometrics rely on a picture of that person to identify them. This means that anyone who can take a picture of you could submit it for verification.

    So, if your wallet is stolen, the thieves might be able to set up a new HSBC account using your ID and pictures you post on social networks, and according to Sputnik's source, you'll never know until the police come round.

    "If someone takes a picture and you're in the shot, they have a picture of your face."

    "Of course, in somewhere like London your facial image is captured everywhere you go on CCTV. When you want to verify something, it's best to use a secret. Your face is not a secret," they added.

    Equally, if someone has a fake photo ID for verification, then they don't really need to take a picture of the person on the ID. They just need to find multiple pictures of the person they want to impersonate, which is pretty easy to achieve online.

    "Ultimately, the bank needs to know that it's you that they're dealing with, and if you send an image from a phone they'll need to find another way to make sure it's really you, which kind of defeats the point. If the verification ID can be forged, so can the photo," an anonymous source told Sputnik.

    However, most importantly, according to Sputnik's source selfies are not the most secure way of identifying someone and they themselves would be able to bypass the system and hack into it:

    "Most of the biometric picture-based systems we've assessed work by analyzing specific data points on an image of a face. Often when you present the system with a printed image of the same face, they'll let you straight through. We've unlocked laptops, tablets and even physical building doors by abusing this. With the hardest system we came across, it scanned your face using two cameras, but we were able to bypass it using two videos, some mirrors and basic maths."

    Related:

    Currency Scheme Prompts Criminal Charges Against HSBC Trading Chief
    Too Big to Fail: Report Suggests AG Eric Holder Unwilling to Prosecute HSBC
    Lawmakers Say UK Financial Authorities Intervened in HSBC Fraud Probe
    Protect or Spy? Top UK Court Found 'Government Hacking Lawful'
    Tags:
    biometric identification, data, passwords, facial recognition, fingerprints, banking, hacking, security, HSBC, Europe, United Kingdom
    Community standardsDiscussion
    Comment via FacebookComment via Sputnik