Biometric ATMs vulnerable?

November 2016 Access Control & Identity Management

A number of recent articles indicate that illegal technology can easily be purchased that can allow criminals to ‘steal’ biometric information at ATMs. The implication is that biometric technology is not as secure as previously thought. Nothing could be further from the truth, provided the right scanning technology is used, says Nick Perkins, divisional director: Identity Management at Bytes.

Nick Perkins.
Nick Perkins.

Perkins explains that the banks have successfully used biometrics inside branches to reduce fraud by providing assurance that those applying to open accounts are who they say they are. With that avenue closed to them, fraudsters are now targeting ATMs.

“Because ATMs are unmanned, there is no doubt that the technology is being subjected to a tough test – but the correct biometric technology is up to the job,” says Perkins.

For banks, the key issue is to be certain that the person presenting him- or herself at the ATM is the account-holder in person. Biometrics such as fingerprints, face or iris, provide a unique physical identifier. However, it is true that technology is available that can steal the biometric data and use it to produce a facsimile.

“This type of fraud has actually been around for a long time – remember the movies in which the spy uses sticky tape to lift a fingerprint from a glass, and using it to create some sort of facsimile to gain entrance to the secret laboratory. The technology is a bit more sophisticated, but the idea is still very much the same,” says Perkins. “A basic optical scanner can be fooled by these facsimiles because it works simply by matching one image with another. However, different scanning technologies have been developed to combat this kind of attack.”

Multi-spectral fingerprint scanners are designed for ATMs and Point of Sale (POS). They have built-in protection against fraudsters, and also offer a much lower incidence of failed scans as well. Three capabilities they offer are critical, Perkins says. One is liveness detection, which enables the scanner to detect whether or not the fingerprint is part of a living body. This means that a fingerprint image, no matter how accurate, will not work.

The second, related capability is the ability to detect spoof fingerprints or other biometrics constructed out of artificial substances like silicon or glue.

Finally, these scanners must be able to operate in what is called secure endpoint mode; this means any information is encrypted and the device itself is designed to resist tampering and intrusion, just as ATM keypads are currently.

“South African banks have been doing their homework and some are already piloting biometrics at ATMs using multi-spectral technology, with other banks about to begin pilots,” Perkins concludes. “The principle that biometrics offer an accurate way to confirm identity remains true, and biometric technology has evolved to overcome the challenges posed by criminals.”

For more information contact Bytes Systems Integration, +27 (0)11 205 7643,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Paxton10 for smart buildings
Issue 5 2020, Paxton Access , Access Control & Identity Management
Paxton10, offering access control and video management on one simple platform, is available in the South African market.

Suprema enhances cybersecurity
Issue 5 2020, Suprema , Access Control & Identity Management
Suprema BioStar 2 is a web-based, open and integrated security platform that provides comprehensive functionality for access control and time and attendance.

A wizz at visitor management
Issue 5 2020 , Access Control & Identity Management
WizzPass is a locally developed software platform for managing visitors to businesses, buildings or business parks.

Contactless at the game
Issue 5 2020, IDEMIA , Access Control & Identity Management
IDEMIA partners with JAC to successfully test frictionless biometric access technology at Level5 Stadium in Japan.

Focus on touchless biometrics
Residential Estate Security Handbook 2020, Hikvision South Africa, Saflec, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management
The coronavirus has made touchless biometrics an important consideration for access control installations in estates and for industries globally.

Providing peace of mind
Residential Estate Security Handbook 2020, ZKTeco , Access Control & Identity Management
Touchless technology embedded with face and palm recognition sensors provide 100% touchless user authentication for a variety of applications.

Frictionless access with a wave from IDEMIA
Residential Estate Security Handbook 2020, IDEMIA , Access Control & Identity Management
Platinum Sponsor IDEMIA displayed its frictionless biometric reader, the MorphoWave Compact, at the Residential Estate Security Conference.

Cost effective without compromising security
Residential Estate Security Handbook 2020, Bidvest Protea Coin , Access Control & Identity Management
Bidvest Protea Coin offers a range of services, all integrated to offer a future-proof and cost-effective security solution for estates.

Broad range of estate solutions
Residential Estate Security Handbook 2020, Hikvision South Africa , Access Control & Identity Management
Hikvision offers residential estates a range of systems and solutions that deliver security, from the gate to the individual’s own home.

Excellerate looks beyond traditional guarding
Residential Estate Security Handbook 2020, Excellerate Services , Access Control & Identity Management
Excellerate Services has a suite of best-of-breed technologies that have been integrated into a sophisticated SLA, incident and people management system.