Credit card fraud has been a persistent problem in recent years, particularly in the U.S. where the transition to EMV chip-enabled credit cards has only just begun. To try to address this issue (and stem their losses) many financial institutions, startups and bank partners have been experimenting with new ways to protect payments. One security measure gaining some steam is the use of a digital fingerprints to authenticate transactions. Mobile payments platform Apple Pay and Samsung Pay, for example, use fingerprint scans, and MasterCard has been experimenting with using this particular biometric (and a few others) to protect credit cards.
But should you be worried about such a sensitive piece of biological info ending up the wrong hands? And what could happen if it did?
The Anatomy of Your Digital Fingerprint
The answer, it seems, is a bit tricky. For starters, the information being used to authenticate phones and cards isn’t yet as sensitive as you may think. Major biometric authenticators, like Apple Touch ID, currently don’t capture your full fingerprint. Instead, they scan small sections to create a mathematical representation of it.
This algorithm is what gets stored on your device or card. And, thanks to these and other security measures, “you can’t reverse-engineer a fingerprint by stealing the device,” Jason Oxman, CEO of the Electronic Transactions Association, said. (Whether you can hack into a device by reverse-engineering a fake fingerprint is a bit more up in the air, since it has, apparently, been done before.)
Primed for the Hacking?
Right now, there’s not much someone could do, should they get ahold of these fingerprint algorithms since they’re not in widespread use (when it comes to authenticating financial accounts or otherwise.) But that’s not to say thieves won’t find a way to monetize the information in the future.
“We don’t know what can be done with it yet,” Eva Velasquez, CEO of the Identity Theft Resource Center, said. She correlates early use of the biometric to the initial introduction of Social Security numbers. Originally intended to identify a person for government benefits and taxation purposes, it was ultimately adopted by the financial services industry as a way to authenticate someone applying for a loan or bank account. As such, now, should someone get hold of your government-issued nine digits, they could easily take out a loan or apply for credit and run up debts in your name.
Right now fingerprints are used sparingly (largely by law enforcement or government agencies for crucial security purposes), but “we really have to proceed with caution when we think about that historic issue,” Velazquez said. If biometrics were ever used to verify a host of things — from bank accounts to home security systems to travel verifications — there could be an equally long list of how they (and you) could be compromised. And, should a thief get a hold of your fingerprints, they aren’t exactly easy to change.
“There is a process in place to change your Social Security number,” Velazquez said. “It’s hardly ever used … but we know it is exists.” Your fingerprint, however, is “unchangeable,” she said.
What You Should Know
That’s not to say exactly that you should shy away from biometrics completely, since as a replacement password, “the finger is certainly a more secure implementation of security,” Oxman said. But if you are trying these methods out, you need to go in with your eyes open.
It’s also in your best interest to read all the terms and conditions associated with the biometric in use so you know, among other things, what exactly is being scanned, where it is being stored and what security features are in place to lock down the information should your device get stolen or the information be otherwise compromised.
And, no matter what security features you have in use on your payment cards, you will still want to monitor financial account statements for signs of fraud. You can also monitor your credit to spot signs of new-account fraud. (You can pull your free annual credit reports at AnnualCreditReport.com and see your credit scores for free each month on Credit.com.) Signs of your identity has been stolen include a sudden drop in credit score, mysterious accounts or high balances you weren’t aware of.
More on Identity Theft:
- Identity Theft: What You Need to Know
- 3 Dumb Things You Can Do With Email
- How Can You Tell If Your Identity Has Been Stolen?