Selfie-based authentication raises eyebrows among infosec experts
Selfie-based authentication gains global momentum, Vietnam mandates face scans for transactions over $400. Concerns arise over leaked Singaporean selfies on the dark web. Experts note increased interest in selfie verification but highlight challenges in data protection and privacy laws. Organizations enhance security with liveness checks, biometric comparisons, and machine learning. Inclusivity and security balance remain crucial considerations.
Read original article
Selfie-based authentication is gaining traction globally, with Vietnam mandating face scans for digital transactions over $400. Concerns arise as leaked selfies of Singaporeans surface on the dark web, potentially exploited by cybercriminals. Experts like Gartner's Akif Khan and consultancy New World Advisors' Katie Mitchell acknowledge the growing interest in selfie-based verification due to increased digital engagement. However, challenges persist regarding data protection, privacy laws, and the handling of biometric data. While some organizations implement liveness checks to enhance security, vulnerabilities remain, as highlighted by Resecurity's findings on leaked identity documents. The use of selfies for identity verification is evolving, with vendors incorporating liveness checks, biometric comparisons, and machine learning to combat fraud. Despite efforts to enhance security measures, concerns linger about inclusivity and potential workarounds that threat actors could exploit. As the trend continues to evolve, the balance between security and accessibility remains a key consideration for organizations implementing selfie-based authentication methods.
Related
ID verification service for TikTok, Uber, X exposed driver licenses
A cybersecurity researcher found AU10TIX's admin credentials exposed online, risking data breach for TikTok, Uber users. Concerns rise over ID verification services' vulnerability to cyberattacks, emphasizing the need for enhanced security measures.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
Half of Singapore's e-commerce scams happen on WhatsApp, Facebook, or Instagram
Nearly half of Singapore's e-commerce scams in 2023 were on WhatsApp, Facebook, and Instagram. Authorities criticized Meta for insufficient fraud prevention. Singapore faced a surge in scams, with losses totaling $480 million. Measures include the Online Criminal Harms Act and enhanced prevention efforts by Meta and e-commerce firms.
Remote work powered fraud – How to prevent
Remote hiring offers a wider talent pool but also raises fraud risks. Recent cases reveal elaborate schemes involving stolen identities. To counter this, companies should enhance background checks, use multi-factor authentication, conduct security audits, and provide fraud awareness training.
11 commentsBut aren’t all those checks just running against videos? Why can’t those videos also be stolen/mocked?
All in all: yikes.
The place has lots of activities for kids to run around and do, but Mexicans are scared of child kidnapping (rightly or wrongly I do not know).
So upon entry to the restaurant, the whole family has to take a selfie (on their device), and they need to show it when exiting. So in theory kids can only leave with the people they came in with.
Of course, the staff doesn't really check the timestamp, so I suppose a kidnapper could just take a selfie with the target kid, rendering the whole thing useless... but I nonetheless find it interesting how businesses in emerging markets roll their own half-baked, low-tech security solutions.
Related
ID verification service for TikTok, Uber, X exposed driver licenses
A cybersecurity researcher found AU10TIX's admin credentials exposed online, risking data breach for TikTok, Uber users. Concerns rise over ID verification services' vulnerability to cyberattacks, emphasizing the need for enhanced security measures.
Identity Verification Used by X, TikTok, and Uber Exposed Driver's Licenses
An identity verification firm, AU10TIX, exposed login credentials, risking access to sensitive data like driver's licenses. Despite claims of prompt revocation, functional credentials were found. AU10TIX partners with major platforms.
How MFA is falling short
Multi-factor authentication (MFA) faces challenges from cyber attackers exploiting weaknesses. Breaches despite VPN, SSO, and Google Authenticator usage show risks like phishing, vishing, and Man-In-The-Middle attacks. Recent developments include "Tycoon 2FA" targeting Microsoft 365 and Gmail accounts, emphasizing the need for stronger authentication methods.
Half of Singapore's e-commerce scams happen on WhatsApp, Facebook, or Instagram
Nearly half of Singapore's e-commerce scams in 2023 were on WhatsApp, Facebook, and Instagram. Authorities criticized Meta for insufficient fraud prevention. Singapore faced a surge in scams, with losses totaling $480 million. Measures include the Online Criminal Harms Act and enhanced prevention efforts by Meta and e-commerce firms.
Remote work powered fraud – How to prevent
Remote hiring offers a wider talent pool but also raises fraud risks. Recent cases reveal elaborate schemes involving stolen identities. To counter this, companies should enhance background checks, use multi-factor authentication, conduct security audits, and provide fraud awareness training.