Kaspersky Lab has investigated how cybercriminals can exploit new ATM-authentication technologies planned by banks.
Financial organisations consider biometric-based solutions to be one of the most promising additions to current authentication methods.
However, cybercriminals see biometrics as an opportunity to steal sensitive information.
According to Kaspersky Lab, there are at least 12 sellers offering skimmers capable of stealing victims’ fingerprints.
At least three sellers are already researching devices that could illegally obtain data from palm vein and iris recognition systems.
The first wave of biometric skimmers was observed in “presale testing” in September 2015.
During the initial testing, developers discovered several bugs.
The main problem was the use of GSM modules for biometric data transfer – they were too slow to transfer the large volume of data obtained.
As a result, new versions of skimmers will use other, faster data transfer technologies.
There are also ongoing discussions in underground communities regarding the development of mobile applications based on placing masks over a human face.
With such an app, attackers can take a person’s photo posted on social media and use it to fool a facial recognition system.
“The problem with biometrics is that, unlike passwords or pin codes which can be modified, it is impossible to change your fingerprint or iris image,” said Kaspersky Lab.
“If your data is compromised once, it won’t be safe to use that authentication method again.”
It said hackers will also continue to conduct malware-based attacks, blackbox attacks, and network attacks to seize data that can be used to steal money from banks and their customers.