Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Biometric Authentication. Show all posts
User Privacy
Biometric Authentication Cyber Fraud OTP Scam UAE Banks User Privacy

UAE Banks Ditch SMS OTPs for Biometric App Authentication

 

UAE banks have discontinued SMS-based one-time passwords (OTPs) for online transactions from January 6, 2026, moving customers to app-based and biometric authentication as part of a wider security overhaul led by the Central Bank of the UAE. This marks a significant shift in how digital payments are approved, aiming to curb SIM-swap and phishing-related fraud while streamlining user experience for cardholders across the country.

Since January 6, customers making online card payments are no longer receiving OTP codes via SMS or email to complete their purchases. Instead, banks will push transaction-approval requests directly to their official mobile applications, where users must confirm the payment using in-app prompts.Major UAE lenders, including names like Emirates NBD and others, have started sending alerts to customers, warning that online payments may fail if the banking app is not installed and activated before the deadline.

Role of biometrics and app authentication

The new model relies heavily on biometric verification such as fingerprint and facial recognition, along with secure app PINs or Smart Pass-style codes built into mobile banking platforms. When a customer attempts an online transaction, a notification appears inside the bank’s app, and the user authorises it with their registered biometric data or a secure PIN rather than typing in a texted code.Banks and regulators describe this as “strong customer authentication,” aligning local practices with international standards similar to Europe’s PSD2 framework for secure digital payments.

Authorities and banks point to rising fraud that targets SMS OTPs, especially SIM-swap scams, phishing schemes and interception of text messages over insecure channels. By tying approvals to registered devices and biometrics inside the banking app, the sector aims to sharply reduce the chance that criminals can hijack authentication codes and authorise fraudulent payments in a victim’s name. The Central Bank’s notice (2025/3057) set March 2026 as the outer deadline to phase out SMS and email OTPs entirely, but most major banks accelerated implementation after seeing a spike in such fraud cases last year.

Impact on customers and preparations

Customers are being urged to update their bank apps to the latest version, register biometrics where available, and enable push notifications so they do not miss approval requests during online shopping or money transfers.Those who do not complete these steps risk declined payments or delays, particularly for e-commerce and international transactions that now depend entirely on in-app verification rather than text messages. Employers and community groups in the UAE have been encouraged to educate less tech-savvy users, including blue-collar workers who rely on digital wallets and remittances, to avoid disruption during the transition period.

The move positions the UAE as one of the early markets to rely almost exclusively on biometric and app-based approvals for everyday retail payments, ahead of many more mature banking jurisdictions. Industry analysts see this shift as part of a broader digital transformation strategy in the country’s financial sector, combining enhanced security with faster, more convenient user journeys for online transactions.For customers, the change may require short-term adaptation, but it is expected to deliver stronger protection and a smoother checkout flow once app-based and biometric authentication becomes routine.
Read more »
Privacy
Biometric Authentication Data Employees Privacy

How Biometric Data Collection Affects Workers

 


Modern workplaces are beginning to track more than just employee hours or tasks. Today, many employers are collecting very personal information about workers' bodies and behaviors. This includes data like fingerprints, eye scans, heart rates, sleeping patterns, and even the way someone walks or types. All of this is made possible by tools like wearable devices, security cameras, and AI-powered monitoring systems.

The reason companies use these methods varies. Some want to increase workplace safety. Others hope to improve employee health or get discounts from insurance providers. Many believe that collecting this kind of data helps boost productivity and efficiency. At first glance, these goals might sound useful. But there are real risks to both workers and companies that many overlook.

New research shows that being watched in such personal ways can lead to fear and discomfort. Employees may feel anxious or unsure about their future at the company. They worry their job might be at risk if the data is misunderstood or misused. This sense of insecurity can impact mental health, lower job satisfaction, and make people less motivated to perform well.

There have already been legal consequences. In one major case, a railway company had to pay millions to settle a lawsuit after workers claimed their fingerprints were collected without consent. Other large companies have also faced similar claims. The common issue in these cases is the lack of clear communication and proper approval from employees.

Even when health programs are framed as helpful, they can backfire. For example, some workers are offered lower health insurance costs if they participate in screenings or share fitness data. But not everyone feels comfortable handing over private health details. Some feel pressured to agree just to avoid being judged or left out. In certain cases, those who chose not to participate were penalized. One university faced a lawsuit for this and later agreed to stop the program after public backlash.

Monitoring employees’ behavior can also affect how they work. For instance, in one warehouse, cameras were installed to track walking routes and improve safety. However, workers felt watched and lost the freedom to help each other or move around in ways that felt natural. Instead of making the workplace better, the system made workers feel less trusted.

Laws are slowly catching up, but in many places, current rules don’t fully protect workers from this level of personal tracking. Just because something is technically legal does not mean it is ethical or wise.

Before collecting sensitive data, companies must ask a simple but powerful question: is this really necessary? If the benefits only go to the employer, while workers feel stressed or powerless, the program might do more harm than good. In many cases, choosing not to collect such data is the better and more respectful option.


Read more »
User Privacy
Biometric Authentication Cyber Security Facial Recognition Threat Intelligence User Privacy

Ban the Scan - Is Facial Recognition a Risk to Civil Liberties?

 

There are numerous voices around the world opposing the use of facial recognition technology. Many people believe facial recognition poses a severe threat to individual privacy, free speech, racial inequality, and data security. People who oppose it have solid grounds for doing so, and they have strong reservations of employing this technology in any form, citing its extremely high false positive rate and its implications for civil and personal liberties, specifically individual privacy.

Critics argue that facial recognition is biassed towards people of color, women, and children. Surveillance cameras are more common in places where immigrants live, which adds fuel to the flames. The explanation is the greater crime rate in those areas. Facial technology has not matured sufficiently, and its usage under such an environment worsens an already complex situation. The flaws in the justice system will expand as a result of the technology's inefficiency, contributing to harsher sentences and higher bails for those affected. 

Forced deployment

Despite its flaws, facial recognition technologies are used by police and other law enforcement agencies across the world. Surveillance is the key industry in which it is most widely applied. It is also commonly used in airports for passenger screening, as well as for housing and employment decisions. In 2020, San Francisco, Boston, and a few other localities restricted the use of facial recognition. 

According to an article on the Harvard blog by Alex Najibi, “police use face recognition to compare suspects’ photos to mugshots and driver’s license images; it is estimated that almost half of American adults – over 117 million people, as of 2016 – have photos within a facial recognition network used by law enforcement. This participation occurs without consent, or even awareness, and is bolstered by a lack of legislative oversight.” 

Private companies are also attempting to capitalise on biometric scanning in various ways and collecting user data for a variety of purposes. It is not new to blame Google and Meta for collecting excessive amounts of user data. The most recent clamour came when the World Coin initiative, founded by OpenAI CEO Sam Altman, suggested iris scanning as a requirement for coin ownership. These private-sector initiatives are troubling. 

Compared to other biometric systems such as fingerprints, iris scanning, and voice recognition, facial recognition has the highest error rate and is the most likely to cause privacy problems and bias against marginalised people and children.

The Electronic Frontier Foundation (EFF) and the Surveillance Technology Oversight Project (S.T.O.P.) oppose the use of facial recognition in any form. S.T.O.P. is based in New York, and its work focuses on civil rights. It also conducts study and activism on issues of surveillance technology abuse. 

Regarding the ban on the scan movement, S.T.O.P. says, "when we say scan, we mean the face scan feature of facial recognition technology. Surveillance, particularly facial recognition. It is a threat to free speech, freedom of association, and other civil liberties. Ban the Scan is a campaign and coalition built around passing two packages of bills that would ban facial recognition in a variety of contexts in New York City and New York State.”
Read more »
Serco Leisure
Biometric Authentication data security Information Commissioner's Office Privacy Serco Leisure

Serco Leisure Faces Legal Action for Unlawful Employee Face Scanning



Serco Leisure, a prominent leisure firm based in the UK, finds itself at the centre of a regulatory storm as the Information Commissioner's Office (ICO) intensifies its scrutiny. The ICO has raised serious concerns over the alleged illegal processing of biometric data, affecting more than 2,000 employees spread across 38 leisure facilities operated by the company. At the heart of the matter is the contentious implementation of facial scanning and fingerprint technology, ostensibly deployed to track staff attendance. This move has drawn sharp criticism from the ICO, which contends that the company's actions in this regard are not only ethically questionable but also fall short of principles of fairness and proportionality.

Despite Serco Leisure claiming it sought legal advice before installing the cameras and asserting that employees did not complain during the five years, the ICO found the firm had failed to provide a clear alternative to collecting biometric data. The company's staff, who also undergo fingerprint scanning, were not offered less intrusive methods, such as ID cards or fobs.

The ICO, led by UK Information Commissioner John Edwards, argued that Serco Leisure's actions created a power imbalance in the workplace, leaving employees feeling compelled to surrender their biometric data. Edwards emphasised that the company neglected to fully assess the risks associated with biometric technology, prioritising business interests over employee privacy.

According to the ICO, biometric data, being unique to an individual, poses greater risks in the event of inaccuracies or security breaches. Unlike passwords, faces and fingerprints cannot be reset, heightening concerns regarding data security.

Serco Leisure, while committing to comply with the enforcement notice, insisted that the facial scanning technology aimed to simplify clocking in and out for workers. The company claimed that it consulted with team members before the technology's implementation and received positive feedback.

After this occurrence, the ICO is releasing new guidance for organisations considering the use of employees' biometric data. This guidance aims to help such organisations comply with data protection laws. The controversial nature of biometric technology has sparked debates, with privacy advocates asserting that it infringes on individuals' rights, especially as artificial intelligence enhances the capabilities of these systems. On the other hand, law enforcement and some businesses argue that it is a precise and efficient method for ensuring safety and catching criminals. 

Serco Leisure's use of facial scanning technology to monitor staff attendance has raised legal concerns, leading to an enforcement notice from the ICO. The incident surfaces the need for organisations to carefully consider the privacy implications of biometric data usage and explore less intrusive alternatives to protect employee privacy while maintaining operational efficiency. The ICO's upcoming guidance will serve as a crucial resource for organisations navigating the complexities of using biometric data in the workplace.



Read more »
UK Firms
Banking fraud Biometric Authentication Cyber Fraud Cybersecurity Financial crime UK Firms

Identity Fraud Affects Two Million Brits in 2023



In a recent report by FICO on Fraud, Identity, and Digital Banking, it was revealed that nearly two million Brits may have fallen victim to identity theft last year. The analytics firm found that 4.3% of respondents experienced fraudsters using their identity to open financial accounts. This percentage, when extrapolated to the adult UK population, equates to approximately 1.9 million people. While this marks a decrease from 2022 when 7.7% reported such incidents, there's a concern that the actual numbers could be higher.

According to Sarah Rutherford, senior director of fraud marketing at FICO, the data only represents those who are aware of their stolen identity being used for financial fraud. Many individuals might not immediately discover such fraudulent activities, and perpetrators often exploit stolen identities multiple times, amplifying the overall impact.

The report identifies this type of fraud as the most worrisome financial crime for UK citizens, with 30% expressing concern. Following closely are fears of credit card theft and bank account takeovers by fraudsters, at 24% and 20%, respectively.


Consumer Preferences and Concerns Drive Financial Organisations' Strategies

FICO's research emphasises the significant impact that robust fraud protection measures can have on financial organisations. Approximately 34% of respondents prioritise good fraud protection when selecting a new account provider, and an overwhelming 73% include it in their top three considerations. However, 18% stated they would abandon opening a bank account if identity checks were too challenging or time-consuming, highlighting the importance of achieving a balance between security and user convenience.

Biometric authentication emerged as a favoured choice among respondents, with 87% acknowledging its excellent security features. Fingerprint scanning ranked highest among biometric methods, preferred by 38% of participants, followed by face scans (34%) and iris scans (25%). In contrast, only 17% believed that the traditional combination of username and password provides excellent protection.

Sarah Rutherford expressed optimism about the shift in attitudes towards new verification tools such as iris, face, and fingerprint scans, as individuals increasingly recognise the benefits they offer in enhancing security.


Commercial Impact

The study suggests that financial institutions incorporating strong fraud protection measures may reap significant commercial benefits. With consumer preferences indicating a growing emphasis on security, financial organisations must navigate the challenge of implementing effective identity checks without compromising the ease of service. Striking this balance becomes crucial, especially as 20% of respondents indicated they would abandon the account opening process if identity checks were deemed too cumbersome.


Amidst growing concerns surrounding identity fraud affecting a significant portion of the British population, there is a discernible shift towards the acceptance of advanced biometric authentication methods. Financial organizations are urged to prioritise formidable fraud protection measures, not only to enhance consumer appeal but also to reinforce security protocols for sensitive information. This imperative reflects the industry's transformation, shedding light on the growing importance of heightened security measures address the increasing challenges of identity theft.


Read more »
W3C standards
Biometric Authentication Cyber Security Decentralized security Digital credentials Passwordless future User-centric Verifiable Credentials W3C standards

Embracing a Passwordless Future: Navigating the Shift to Decentralized Security in 2024

 

The world has swiftly embraced digitalization, empowering individuals to accomplish over 90% of their daily tasks through mobile apps or web interfaces. Activities like bill payments, flight bookings, health consultations, and even exploring one's DNA lineage have become more accessible, thanks to digital platforms.

Despite this progress, the average person manages about 35 accounts with traditional string-based passwords serving as the primary means to protect personal information. In December 2023, biotech company 23andMe experienced a security breach affecting nearly 7 million users, highlighting the vulnerability of string-based passwords, with a Google report revealing that 56% of individuals reuse passwords across various platforms.

To address these challenges, the industry is transitioning towards a decentralized model, envisioning a future where users transact using portable verifiable digital credentials (VCs), eliminating the need for traditional passwords. This shift aims to enhance security, reduce user fatigue from multi-factor authentication (MFA), and simplify the authentication and authorization process.

Governments are exploring the unification of citizens' digital credentials, enabling access to public services with government-issued verified credentials. Similarly, educational institutions are considering VCs to streamline onboarding processes and provide secure access to digital learning content.

This modern approach ensures users have control over their personal details stored in a digital wallet on various devices, secured by biometric gestures such as fingerprint, voice, or face recognition. Users can release or retrieve their VCs, and authentication becomes decentralized, free from traditional passwords.

The adoption of decentralized identity and verifiable credentials extends across sectors, including HR employee management, education, healthcare, government, and fintech. Recognized bodies like W3C are advocating standards for decentralized identity, providing an opportunity for businesses and institutions to create interoperable designs aligned with this new model.

In this architecture, trusted identity providers, potentially serving as decentralized issuers (DID), play a crucial role in certifying digital credentials. While witness ledgers, employing technology akin to blockchain networks, ensure traceability and trust in VC transactions, new vendors and institutions may emerge to compete in this evolving space.

Embracing this approach enhances security and efficiency for organizations, mitigating risks associated with email phishing, brute force attacks, and password breaches. It also streamlines operations, reducing operational costs tied to managing outdated password information and account recovery. This modernized vision of a portable account and passwordless future is essential for businesses to adopt promptly, safeguarding against sophisticated password breach incidents in 2024.
Read more »
secure login
Biometric Authentication Cyber Security Digital Security encryption technology FIDO Alliance innovative authentication Passkeys password alternatives password-free future secure login

Passkeys & Passwords: Here's Everything You Need to Know

In a world tired of grappling with the complexities and vulnerabilities of traditional passwords, a transformative solution is emerging. Despite the advancements offered by the latest password managers, passwords remain a persistent pain and a significant security risk if compromised. However, a paradigm shift is underway, with innovative alternatives like passkeys gradually replacing the age-old password dilemma.

The passkeys, a cutting-edge form of encryption technology designed to streamline the login experience for devices, apps, and services. Developed by the collaborative efforts of major tech, finance, and security giants such as Apple, Google, Microsoft, and others, the FIDO Alliance aims to usher in a future where passwords become obsolete.

Diverging from conventional passwords, passkeys consist of private and public keys, intricate codes that enhance security. The private key, residing securely on the user's device, provides a foolproof means of access. On the other hand, the public key, stored on company servers, reveals minimal information, rendering it useless if stolen. The FIDO Alliance's ultimate goal is to alleviate the challenges associated with password protection and drive towards a more secure future.

Is a passkey more secure than a traditional password? 

In essence, yes. Passkeys eliminate the need for users to memorize passwords and mitigate the risk of weak passkeys being compromised. In the event of a data breach, the public keys alone are insufficient for unauthorized access. Moreover, passkeys often incorporate biometrics, such as facial recognition or fingerprints, to verify the user's identity, adding an extra layer of security.

The benefits of passkeys extend beyond security. Quick to set up and use, passkeys minimize the need for physical inputs, enabling convenient features like swipe-to-pay and secure digital wallets. Users are freed from the burden of remembering complex passwords or master passwords for password managers.

To obtain a passkey, users are prompted to set up a Personal Identification Number (PIN) or utilize biometric information, such as fingerprints or facial recognition. While passkeys offer significant benefits, they are not yet universal. Companies within the FIDO Alliance, such as PayPal, Google, and Microsoft, are more likely to adopt passkey technology, but widespread acceptance is still in its nascent stages.

Despite the advantages of passkeys, traditional passwords endure due to their simplicity, universality, and cost-effectiveness. Passwords do not require the intricate tech infrastructure needed by passkeys, making them a more affordable option for businesses. Moreover, passwords are universally understood and can be used across different devices and browsers.

While passkeys are revolutionizing cybersecurity, they are not replacing password managers. Notable password managers like LastPass and Dashlane, also part of the FIDO Alliance, leverage WebAuthn technology to secure passwords and other essential security information.

Overall, passkeys represent a promising future for enhanced cybersecurity, addressing the shortcomings of traditional passwords. As this groundbreaking technology gains wider acceptance, users are encouraged to embrace passkeys for heightened security and convenience in their digital interactions. The era of password-free security is on the horizon, and passkeys are leading the way.
Read more »
WhatsApp security features
Biometric Authentication cryptographic keys Cyber Security Passkey Security Passkeys Passkeys authentication WhasApp WhatsApp security features

WhatsApp Announces Passkey Support for its Users


The modern digital landscape is witnessing an upsurge in cybercrime activities, and users can no longer rely on strong passwords to protect themselves. 

Thankfully, even on the best low-cost Android phones, biometric authentication is becoming mainstream and easily accessible. This has led to the adoption of passkeys for user authentication by a number of well-known social networking platforms and password manager apps. WhatsApp is the newest application to offer passkey support for all of its users after a month of beta testing. 

Passkeys replace conventional passwords with a unique cryptographic key pair, such that only the users can log in. Only after a successful biometric authentication, the key is made accessible to the respective users, negating the requirement for two-factor authentication techniques like OTP distribution through SMS and email. Passkeys shield users from the risks associated with password reuse and phishing attacks. Google disclosed the new technology supports more rapid user authentication after revealing support for passkey storage in its password manager.  

WhatsApp’s effort in adopting passkey technology came to light in early August. Also, beta testing on the same commenced in late September. 

Now, around a month later, WhatsApp announced support for passkeys was coming in the stable channel on X (formerly Twitter). The feature makes the login process significantly more secure by taking the place of the one-time password (OTP) sent via SMS. The app enables users to authenticate themselves using screen lock options, including their on-device fingerprint, face unlock, PIN, or swipe pattern. In the meantime, Google Password Manager automatically stores the cryptographic key. 

The login system, with no password requirement, turns out to be quite time-efficient for users when they are setting up WhatsApp on a new phone. Commendable enough, WhatsApp is also explaining to online users how passkeys work, in order to secure their accounts.  

Moreover, it is important for users to see the difference between passkeys for logging into WhatsApp and in-app features like WhatsApp chat lock, which still requires biometric authentication. Importantly, passkeys and passwords for traditional user authentication will both be available on WhatsApp.

However, WhatsApp has not yet clarified whether the feature will be made immediately accessible everywhere. Nonetheless, Passkey support, like every other major WhatsApp feature, is anticipated to be implemented gradually in the stable channel. But it is still great to see WhatsApp reiterate its dedication to user security and privacy with features like this.  

Read more »
Subscribe to: Comments (Atom)