Biometric ATMs vulnerable?

November 2016 Access Control & Identity Management

A number of recent articles indicate that illegal technology can easily be purchased that can allow criminals to ‘steal’ biometric information at ATMs. The implication is that biometric technology is not as secure as previously thought. Nothing could be further from the truth, provided the right scanning technology is used, says Nick Perkins, divisional director: Identity Management at Bytes.

Nick Perkins.
Nick Perkins.

Perkins explains that the banks have successfully used biometrics inside branches to reduce fraud by providing assurance that those applying to open accounts are who they say they are. With that avenue closed to them, fraudsters are now targeting ATMs.

“Because ATMs are unmanned, there is no doubt that the technology is being subjected to a tough test – but the correct biometric technology is up to the job,” says Perkins.

For banks, the key issue is to be certain that the person presenting him- or herself at the ATM is the account-holder in person. Biometrics such as fingerprints, face or iris, provide a unique physical identifier. However, it is true that technology is available that can steal the biometric data and use it to produce a facsimile.

“This type of fraud has actually been around for a long time – remember the movies in which the spy uses sticky tape to lift a fingerprint from a glass, and using it to create some sort of facsimile to gain entrance to the secret laboratory. The technology is a bit more sophisticated, but the idea is still very much the same,” says Perkins. “A basic optical scanner can be fooled by these facsimiles because it works simply by matching one image with another. However, different scanning technologies have been developed to combat this kind of attack.”

Multi-spectral fingerprint scanners are designed for ATMs and Point of Sale (POS). They have built-in protection against fraudsters, and also offer a much lower incidence of failed scans as well. Three capabilities they offer are critical, Perkins says. One is liveness detection, which enables the scanner to detect whether or not the fingerprint is part of a living body. This means that a fingerprint image, no matter how accurate, will not work.

The second, related capability is the ability to detect spoof fingerprints or other biometrics constructed out of artificial substances like silicon or glue.

Finally, these scanners must be able to operate in what is called secure endpoint mode; this means any information is encrypted and the device itself is designed to resist tampering and intrusion, just as ATM keypads are currently.

“South African banks have been doing their homework and some are already piloting biometrics at ATMs using multi-spectral technology, with other banks about to begin pilots,” Perkins concludes. “The principle that biometrics offer an accurate way to confirm identity remains true, and biometric technology has evolved to overcome the challenges posed by criminals.”

For more information contact Bytes Systems Integration, +27 (0)11 205 7643,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cloud-based or on-premises access control
Salto Systems Africa Access Control & Identity Management Products
Choosing between cloud-based and on-premises access control solutions can be a difficult decision, however, the best solution for your organisation, property, or building type will depend on a range of factors.

Improved security health check tool
Gallagher Access Control & Identity Management Products
Gallagher Security has streamlined its free Security Health Check tool, making it easier than ever to protect against potential system risks and improve business efficiencies.

Suprema showcases integrated security solutions
Suprema Access Control & Identity Management Products
Apart from being an access terminal that supports multiple credentials such as facial recognition, RFID, mobile and QR codes, the BioStation 3 also supports VoIP Intercom and real-time video monitoring features to make it a truly multi-functional reader.

Local electronic locks
Access Control & Identity Management
YeboTech is an electronics manufacturing company, founded in 2005, which designs, markets and sells an electronic key and locking systems, aimed at replacing all conventional mechanical locks.

Selecting the correct access control system
Enkulu Technologies Access Control & Identity Management
Frazer Matchett, Managing Director of Enkulu Technologies, suggests the right questions to ask when selecting an access control solution; not just the access system, but the integrated solution that fits your requirements.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.

Paxton secures multi-tenant office in Cape Town
Paxton Integrated Solutions Access Control & Identity Management Products
Cecilia Square in Paarl, Cape Town is an office building from where several businesses operate. The multi-tenant site has recently undergone a full refurbishment, including a complete upgrade of its security system for access control.

AI face recognition OEM module
Suprema News Access Control & Identity Management Products
Suprema AI, a company specialized in artificial intelligence–based integrated security solutions, recently launched its high-performance face recognition OEM module called ‘Q-Face Pro’ in response to the growing need for contactless security solutions.

KWAL raises a glass to security upgrade
Turnstar Systems Access Control & Identity Management Products
The Kenya Wine Agencies Limited (KWAL) was in need of an integrated security upgrade. This is where Turnstar came into the picture to provide a solution that would keep KWAL secure and efficient.

Dahua Insider Series for touchless access
Dahua Technology South Africa Access Control & Identity Management Products
The Insider Series Access Control Solution offers touchless access (via Bluetooth) using the DMSS mobile app; it has three distance modes and two trigger modes (normal and shake).