Samsung, Google biometric flaws mar fintech innovation
A series of errors found recently in biometric software in Samsung and Google smartphones have dealt a blow to the nation’s financial industry which has sought innovation through authentication technology using biological characteristics, according to industry officials, Wednesday.
In line with the trend of digital transformation, financial services companies here have enabled their customers to utilize fingerprint or facial recognition systems when making financial transactions on their mobile devices.
Rapid-growing mobile payment service providers especially have allowed customers to make payments or send money by using biometric authentication only, without requiring additional verification.
In addition, the nation’s financial authorities have pushed ahead with more use of biometrics in financial transactions, regarding the technology as one of the safest identification methods.
The Financial Services Commission (FSC) announced in June it would allow financial transactions using fingerprints or vein patterns, instead of identification cards, if customers’ identities had been initially verified by banks a single time.
In October, the financial regulator designated Shinhan Card’s facial recognition-based payment system as an innovative financial service.
The trend, however, is facing a huge obstacle as Samsung and Google have shown that the use of biometrics is an imperfect identification method which still has a long way to go.
Samsung Electronics’ Galaxy S10 and Note10 smartphones have been embroiled in controversy, since their in-screen fingerprint scanners were found to be vulnerable to unauthorized access because the attached screen protectors retained an imprint of the owner’s finger, thus allowing anybody to then access the phone by touching the protective screen lightly. Doing this tricks the scanner into reading the imprint on the protector not the fingerprint of the person touching the scanner.
Google’s recently released Pixel 4 smartphone was also found to have a major privacy weakness, as its face unlock system allowed access to the device even when its owners had their eyes closed.
Although the two global tech giants promised software updates to address the security issues, those who have made financial transactions via their smartphones using biometrics have become concerned about possible losses through such “unauthorized” access.
Amid growing concerns, banks in the U.K., China and Israel, as well as Chinese mobile payment service providers, have begun disallowing the use of fingerprint authentication on Samsung’s smartphones.
Korean banks, card issuers and brokerages, which have fostered fintech innovation in biometrics, also recommended their customers to use patterns, passwords or authorized certificates for their transactions.
Some of them have stopped temporarily allowing fingerprint authentication.
FSC Chairman Eun Sung-soo told lawmakers during a National Assembly audit Monday, “We will monitor both Samsung and financial companies, so that no one suffers losses.”