Various financial apps, including e-payment apps, banking apps, or even trading apps, use the facial scanning feature to facilitate the login process. While the feature is convenient, it comes with an inherent threat of security and breach. Recently, there was an alleged data breach of 3.5 million users of MobiKwik, a fintech unicorn.
Here’s how the facial scanning feature can put you at risk and what you can do to protect your financial transactions and details.
3 things that put you at risk
Lack of robust technology: Not all financial apps may have checks and balances for the facial analysis feature. “Financial apps use this built-in functionality instead of building or integrating their own technology. One of their criteria is that if you own the phone, you own the app,” says Arnab Bhattacharya, data security professional working with Tata Consultancy Services.
Cloning facial features is easy: Bypassing the facial scan feature to log into someone’s account isn’t too difficult via the KYC route, experts warn. “Whether it’s apps like Paytm, Mobiwiki, or even crypto trading apps, these apps use face determination, often based on details (facial features) gathered from photo IDs. such as Aadhar and the PAN card we have to submit for KYC (know your customer).Now it is easy to clone uploaded personal (facial) details and bypass security,” says Viral Parmar, Founder and CEO of Comexpo Cyber Security, a security company.
Bhattacharya cites an example. “In 2016, at the Usenix Security Symposium, a team from the University of North Carolina described how they collected images from social media to create animated 3D models in virtual reality, which were used to circumvent recognition. facial. Some security researchers aim to unlock iPhone X by 3D printing a head. So it’s not entirely safe,” he adds.
Vulnerable to financial data breach: The facial analysis feature of financial apps can put your financial data at risk. Most financial apps ask for KYC information, which can include your bank and other financial information. Hackers could easily access KYC details stored by apps and use them for fraudulent purposes.
“Access to such financial apps can even make banking details linked to the app vulnerable. For example, if Paytm is linked to a bank account and it is hacked, the account details are also at risk,” explains Parmar.
what you can do
Opt for multi-factor authentication: Using the face scan feature is convenient but may not be the safest method. “The best way to maintain the security and privacy of these apps is to opt for multi-factor authentication. A minimum of two-factor authentication is always suggested,” says Parmar.
He also suggests using authenticator apps, which can be synced with whatever financial app you’re using. Once you try to log into the financial app, the authenticator app generates a code to authenticate the login. You will need to use the generated code to log into the financial app.
Choose Genuine Apps: It is important to watch out for fake apps. “It’s better to opt for Google or Microsoft authenticator apps and Apple has its own authenticator. These three should be used to avoid fake apps,” Parmar says.
The same goes for financial applications; opt for those that are recognized by the authorities. “Genuine financial applications recognized by the National Payments Corporation of India (NPCI) or the Reserve Bank of India (RBI) are secure,” he adds. Make sure to log in to a genuine financial app as it is likely to have better security features. Learn more about genuine apps here.