Russian banks are going to introduce customer identification by the pattern of veins on their hands. It is assumed that this method of authentication will help to prevent unauthorized access to the savings of citizens. Meanwhile, experts were skeptical about the initiative. In their opinion, the system has significant disadvantages which can be used by criminals.
It is worth noting that Russian banks already have biometrics that allow them to identify customers by voice and face. "The palm vein pattern will remove barriers to biometric identification for people with hearing and speech problems due to various reasons," the Central Bank explained.
Nikita Durov, Technical director of Check Point Software Technologies in Russia and the CIS, said that with the introduction of the new identification system there are new risks of data substitution by intruders.
"Recently, we have witnessed how attackers used neural networks to replace people's faces in photos and videos. The same thing can happen with the substitution of the vein pattern," added he.
According to Durov, banks should be prepared for potential attacks.
"Scans should be done with the latest modern scanners to avoid mistakes and distortions," Durov added. He stressed that sometimes companies save money and buy cheaper storage and data protection systems that are not able to provide the necessary level of security.
Martin Hron, a leading cyber threat researcher at Avast, said that hackers always try to be one step ahead and look for ways to bypass even the strongest security systems, including biometrics.
The expert clarified that the creation of a fictitious pattern of veins is a matter of time.
Alexey Kuzmin, an expert of the Jet Infosystems company, agreed with the opinion that it is possible to deceive the identification system by scanning blood vessels, but it is much more difficult than systems with voice, face or finger detection.