The use of selfies to verify identity online is an emerging trend in some parts of the world since the pandemic forced more business to go digital. Some banks – and even governments – have begun requiring live images over Zoom or similar in order to participate in the modern economy. The question must be asked, though: is it cyber smart?
Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.
The nation’s residents are not able to opt out of the banking rules, despite Vietnam regularly finding itself ranked poorly when it comes to internet privacy or cyber security.
Local media has weighed in to suggest that selfies will not improve security. And just days into the new regime, some apps have already been called out for accepting still photos instead of a live image of the individual.
I’d opt out of or cancel any service that requires that.
Fuckers at my bank (not Vietnam) just casually asked to record my voice and shoot my face via a webcam at regular changes of expired cards in their office. That wasn’t obligatory, but the clerk’s script required to insist and insist and insist until they gave up. I don’t know if they mark those who declined that shit, they stopped asking that now, but I guess just asking for it was enough for most people.
I have to do this with my ISP whenever I make a change. The most recent was when I wanted to downgrade my internet and I had to send all the details of my licence and do a selfie. Even after 2FA and a bunch of security questions.
Then they wanted me to fill out a form providing details about my employer, if my house is a rental or mortgage among other things. I refused that part. Especially seeing as my ISP had a huge data leak recently. It’s wild.
This is the best summary I could come up with:
Just last Monday the Southeast Asian nation of Vietnam began requiring face scans on phone banking apps as proof of identity for all digital transactions of around $400 and above.
Late last month, US cyber security firm Resecurity flagged similar concerns when it found a spike in leaked identity documents containing selfies of Singaporeans on the dark web.
Resecurity asserted that some were captured by cyber crime groups that run fake telemarketing or customer support scams and gather selfies so they can sell them to other miscreants.
“Using selfies for identity verification has been growing steadily for around the last five years, but the inflection point was during the pandemic when people were forced to engage digitally,” VP analyst at Gartner, Akif Khan, told The Register.
In his experience, businesses that rely on simple still selfies are typically smaller outfits that have experienced fraud and have implemented a selfie-based stopgap as they scramble to put a proper solution in place.
Khan thinks concern about identity theft from still images and picture IDs found on the dark web is overblown, as most entities will require liveness checks for opening bank accounts and other tasks.
The original article contains 973 words, the summary contains 193 words. Saved 80%. I’m a bot and I’m open source!