Identity News Digest – May 23, 2024

Welcome to FindBiometrics’ digest of identity industry news. Here’s what you need to know about the world of digital identity and biometrics today:

INTERPOL Warns of Deepfakes and ‘Pig-Butchering’ in Financial Fraud Report

INTERPOL’s latest Global Financial Fraud Assessment warns of the growing prevalence and diversification of financial fraud, including deepfakes and “pig-butchering” schemes. Emerging technologies like AI and deepfakes are increasingly used to deceive victims and conceal fraudsters’ identities, with Crime-as-a-Service (CaaS) enabling less tech-savvy criminals to execute sophisticated operations. Identity fraud, including the unauthorized acquisition of biometrics, is highlighted as a significant threat. Cryptocurrencies are prominently used in fraud schemes, particularly in “pig-butchering,” which combines romance and crypto-investment fraud. This method manipulates cryptocurrency trades to show inflated profits, encouraging victims to invest more.

Explainer: The Under-Appreciated Threat of Authentication-in-the-Middle Attacks

Authentication-in-the-middle attacks, a sophisticated form of phishing targeting multi-factor authentication (MFA) systems, are increasingly concerning, according to Marlene Maheu of Telehealth.org. These attacks use tools like evilginx2, Modlishka, and EvilnoVNC to capture MFA codes, allowing scammers to bypass the added security of MFA. The process involves tricking users into entering credentials on fake websites mimicking legitimate services like Okta, Microsoft 365, and Google Workspace. Attackers intercept MFA codes or push notifications, gaining full access to accounts and enabling them to steal sensitive information or alter settings.

Budapest Airport to Pilot FaceBoarding Tech in June

Budapest Airport will is pilot “FaceBoarding” facial recognition technology in June to streamline security procedures. The biometric system will allow passengers who register via an app to pass through security checks and boarding gates using only facial recognition, eliminating the need for traditional identity checks and boarding passes. The technology, developed by Thales and Dormakaba, is also being tested at Milan Linate and Catania airports and is available only to passengers over 18. Those opting out can still use standard procedures.

BAM: Binance’s BIPA Case Goes to Arbitration

A biometric privacy lawsuit against BAM Trading Services, Inc., the operator of Binance.US, will proceed to arbitration following a court ruling. Plaintiff Candice Wilhelm alleged that BAM violated Illinois’s Biometric Information Privacy Act (BIPA) by collecting, storing, using, and disclosing her biometric information without proper consent. BAM sought arbitration based on the Binance.US Terms of Use, which Wilhelm accepted when creating her account in February 2021. Wilhelm contested her agreement to the Terms and the arbitration provision, but the court found no genuine dispute over her acceptance of the Terms, including the arbitration clause.

Ryanair Faces GDPR Complaint Over Biometric Verification Process

Ryanair is facing a GDPR complaint over its biometric verification process from EU Travel Tech and data protection authorities in France and Belgium. Introduced in 2023, Ryanair’s process uses facial recognition to verify customers booking through third-party agents, aiming to prevent unauthorized sales at inflated prices. Customers who refuse the biometric verification must pay an additional €55 fee to check in at the airport. Critics argue that biometric data handling introduces risks such as data breaches and identity theft, and that compromised biometric data cannot be changed. EU Travel Tech has called for immediate measures to halt the process and impose fines under GDPR Article 83, which allows penalties up to €20 million or 4 percent of annual global turnover.

Hong Kong Orders Halt to Worldcoin Operations

Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) has directed Worldcoin to cease operations in the state following a three-month investigation. Initiated on January 31, the probe aimed to determine if Worldcoin breached the Privacy Ordinance during its collection and processing of sensitive personal data. The investigation found that Worldcoin collected unnecessary and excessive biometric data, including face and iris images from 8,302 individuals, without providing essential documents in Chinese or clarifying whether data submission was mandatory or voluntary. This led to the conclusion that the data collection process was unfair and violated the Privacy Ordinance.

—

May 23, 2024 — by Tony Bitzionis and Alex Perala

Related News

Partners

FaceTec’s patented, industry-leading 3D Face Verification and Reverification software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ finally make trusted, remote identity verification possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for 3D Liveness and Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

AuthenticID provides 100% automated identity verification and fraud detection solutions that are leveraged by companies worldwide, including 2 of the top 3 U.S. Banks, 8 out the top 10 wireless providers in North America, and 2 of the 3 credit bureaus. Using proprietary computer vision and machine learning technology, these solutions help companies accurately verify the identity of their users across retail, digital and call center environments for onboarding and ongoing re-authentication events; KYC, IAM, and more. The solutions are easy to integrate and provide customers a large ROI by stopping fraud losses, increasing customer conversion at onboarding, reducing operational costs and allowing quick and cost-effective operational scalability, all while ensuring global privacy regulations are complied with. https://www.authenticid.com/

Anonybit is a privacy-focused technology platform that provides decentralized solutions for securing personal data, particularly biometric information. Rather than storing sensitive data in centralized repositories, which are vulnerable to breaches, Anonybit uses a distributed architecture that breaks data into smaller encrypted bits and stores them across a network of decentralized nodes. This approach ensures that no single entity has access to the full dataset, enhancing privacy and security, even preventing insider threats. Anonybit is used by leading banks, fintechs and other enterprises for critical biometric identity functions like deduplication and blocklist checks, step up authentication, passwordless login and account recovery https://anonybit.io/

Identity Week aims to be a significant identity industry catalyst. It’s our mission is to help accelerate the move towards a world where trusted identity solutions enable governments and commercial organisations to provide citizens, employees, customers and consumers with a multitude of opportunities to transact in a seamless, yet secure manner. All the while preventing the efforts of those intent on doing harm. https://identityweek.net/

The Biometric Digital Identity Prism is a market landscape framework designed to help influencers and decision makers understand, innovate, and implement digital identity technologies and solutions. This innovative framework for understanding and evaluating the rapidly evolving biometric digital identity marketplace is the only market model that is truly biometric-centric based on the foundational conviction that in the age of digital transformation the only true, reliable link between humans and their digital data is biometrics. https://www.the-prism-project.com

ID R&D is an innovator of biometric facial liveness, document liveness, and voice biometrics. Ranked #1 by NIST, our patented passive approach to liveness, and specialized detection of voice clones, injection attacks and deepfakes, empowers KYC and authentication systems with fast, accurate and secure biometric verification technologies. Over 140 partners in more than 70 countries are collectively processing hundreds of millions of identity checks per year. ID R&D solutions easily integrate with mobile, web, messaging, smart speakers, set-top boxes, and IoT devices. Learn more: www.idrnd.ai