News 05 Jul 2024

Buyers Guide

Complete playbook to understand liveness detection industry

Learn More
Over 13 million people have already been authenticated through biometric verification in Vietnam, but the systems seem highly vulnerable to attacks.

Vietnam Biometric Verification Numbers Pass 13M, Yet Systems Highly Insecure

Author: teresa_myers | 05 Jul 2024

In just two days since the implementation on the 1st of July of Vietnam’s new law mandating biometric verification of customers, banks have successfully completed verification for over 13 million people.

As a reminder, biometric authentication is now required for all single transactions valued above VND 10 million, or a total of 20 million VND across a single day. This number reportedly accounted for 8.24 percent of transactions during the period. Biometric verification is also required for all new accounts opened from now on.

Fraud Increasing instead of Decreasing

Concerns are emerging amid reports that the current implementations of biometric security in these banks are not providing adequate levels of protection against attempts at identity theft, and are failing their goal of enhanced fraud prevention.

Instead of a reduction in identity fraud since the adoption of biometric identity verification in banking activities, it seems to only have increased. Vietcombank has in fact issued warnings about how scammers might impersonate banking staff to trick unwary customers and get highly sensitive biometric information from them. Phishing attempts through calls are something to especially be wary of.

Basic Spoofs Are Passing Security Systems

The especially concerning factor is that very simple spoofing tools are successfully getting through these systems. Users have found that even very basic level spoofs, like 2D print-out images, and high-resolution videos of individuals, are successfully able to trick the biometric identity verification systems.

This highlights a major issue with the implementation of these systems. The lack of measures to protect against spoofing attacks mean that they are ineffective at their original goal: enhanced bank fraud prevention and detection.

This also highlights the fact that the systems most likely are running without any form of effective presentation attack detection mechanism, like biometric liveness detection. Implementing such a system that is able to protect a biometric verification system from being tricked using synthetic data is essential for the effective use of biometrics in banking anywhere in the world.

Suggested Read:Highly Stringent Facial Recognition Policies to be Adopted in Michigan