How To Secure Your Customers’ Personal Data In The Age Of Biometric

1

How To Secure Your Customers Personal Data
In The Age Of Biometric
2
How To Secure Your Customers Personal Data In
The Age Of Biometric
Amazon is reportedly testing a hand-scanning
payment technology for escalating checkout
process at its Whole Foods outlets. Such a system
will have the capability to complete a payment in
less than 300 milliseconds. Eliminating the need
for a card or even touching the POS, the
hand-scan system leverages biometric information
for payment authentication. In China, WeChat has
recently launched a payment device that allows
customers to pay using their facial identity.
This new POS device, called Frog Pro, was
launched at Chongqing Smart China Expo two weeks
back. With a promise of making payments safe,
fast, and convenient, Frog Pro is rolled out by
WeChat to upgrade its offline payments. With the
technological advancements in AI, voice
recognition, facial recognition, depth geometry,
and computer vision, the perils of identity theft
reach new heights. The consumers today are
standing at the crossroads with safety on one
side and convenience on the other. In order to
enjoy hassle-free and quick transactions, they
are required to divulge sensitive personal
information to the facilitators. The alarming
rate at which cybersecurity attacks are
increasing in breadth as well as depth, data
sharing has become a highly risky affair. While
biometric technology is associated with immutable
physiological characteristics of customers, the
theft of biometric data poses equally serious
threat. As per a ForgeRock report, in the 342
data breaches of 2018, 97 of the attacks were
intended for Personally Identifiable Information
(PII) of customers. Data records of over 2.8
billion customers were exposed in these breaches,
costing an estimate total of 654 billion.
3
How To Secure Your Customers Personal Data In
The Age Of Biometric
Biometric authentication is not a novel security
method. Statista reported that over 75 of
consumers have used some sort of biometric
technology, ranging from fingerprint scanning and
facial recognition to signature dynamics and hand
geometry. In fact, fingerprint scanning has been
one of the most widespread use of biometric for
authentication and verification. The latest
smartphones including iPhones and Android phones
use technologies such as facial recognition and
fingerprint scanning to grant access to the user.
By the end of 2019, it is expected that 100 of
all new smartphone shipments will feature
biometric technology. As of now, biometric is
the most secure form of authentication available.
In terms of safety level, it towers over
first-factor authentication of physical identity
cards and second-factor authentication of
knowledge about a life event. However, being
extremely safe unfortunately does not translate
into being unbreachable. The pros of a biometric
authentication system are definitely heavier than
the cons. Consequently, the biometric security
market is growing at a CAGR of 18 and is
expected to have a worth of 32 billion by 2023.
About 92 of the enterprises rank biometric
authentication as an effective or very
effective way to secure identity data stored on
premises, reported a Ping Identity
Survey. Amidst the glory and acclamation for
being impenetrable, the news of Biostar 2 data
breach broke out. The breach compromised
biometric information including fingerprints,
facial recognition records, and authentication
credentials among other personal details of over
1 million users. This attack cleared the false
sense of security that comes along the usage of
biometric authentication.
4
How To Secure Your Customers Personal Data In
The Age Of Biometric

• In most cases, unless the biometric identity
  links back to a person, the independent data is
  of no use to the hackers or data thieves. Even
  then, any hole the security system will cause a
  two-way blow on reputation of businesses
  storing the data and on the security status of
  the customers whose data is stolen. In order to
  ensure that businesses deliver convenience to the
  customers without compromising their safety, they
  need to follow these best practices
• Encrypt the data When a vulnerability in
  Facebooks security system revealed hundreds and
  thousands of passwords lying in plain sight, the
  focus was centered on the criticality of
  encrypting the stored data. However, it is easy
  to change a password in case of a breach. How
  will the customers change their biometric after
  theft? Thus, it becomes all the more important to
  do everything to prevent biometric theft. If the
  stored biometric information is encrypted, an
  attack will not cause any significant damages.
• Establish governance Before storing any
  personal, sensitive information of customers, it
  is necessary to have a written code of conduct or
  governance policy in place. Such a policy should
  dictate the terms regarding the storage, access,
  usage, and distribution of biometric data.
  Unnecessary, additional information should not be
  gathered. The information collected should not be
  stored beyond the point of use. It should, under
  no circumstances, be distributed or shared
  without proper authorization and permission of
  the customers.

5
How To Secure Your Customers Personal Data In
The Age Of Biometric

• Secure the system Creating a secure system is
  the first step to safeguard biometric PII of
  customers. The interconnected web of IoT devices
  exposes any enterprise to a plethora of threats
  and cyber vulnerabilities. The security plan
  should be comprehensive, taking into
  consideration all the physical, electronic, and
  digital aspects, wherever the biometric
  information is stored. From mobile devices,
  computers, laptops to servers and software,
  everything should be closely monitored. A
  periodic password-change policy should be
  incorporated into the security plan.
• Be prepared Although securing the systems
  proactively is part of being prepared. Yet, if a
  breach does happen, have a response strategy
  ready to minimize the losses. Form a risk
  assessment plan that constantly supervises the
  system for any holes and gaps in security and
  alerts the concerned authorities in real-time in
  case of a breach. Train the employees and educate
  them regarding compliance protocol for maximum
  security.
• In Conclusion
• Drew Bates, Head of Product Marketing at SAP
  Innovation Lab, says, Sure, there are valid
  concerns about intrusion and privacy regulations,
  but follow the rules (such as full disclosure,
  opt-in and appropriately handled personal data
  storage) and the results will be a transparent
  system which only succeeds if it provides value
  to the individuals concerned.
• One can never be too cautious when it comes to
  cybersecurity. It is advisable to deploy all the
  possible measures. The most

6
How To Secure Your Customers Personal Data In
The Age Of Biometric

important thing is to monitor the security system
on a regular basis. By keeping a check on the
vulnerabilities and security gaps, enterprises
can very easily prevent any data
breaches. Cigniti possesses rich expertise in
Security Testing of enterprise applications,
catering to diversified business needs. We have
immense experience in serving clients across
different industry verticals and organization
sizes. We offer end-to-end security testing
services including Network Penetration Testing,
SCADA Network Vulnerability Assessment and
Penetration Testing, Web Application Penetration
Testing, Wireless Network Assessment and
Penetration Testing. Connect with us and get your
security issues resolved.   Read Full Blog at
https//www.cigniti.com/blog/biometric-data-secur
ity-testing/
7