The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Credit card fraud has been a persistent problem in recent years, particularly in the U.S. where the transition to EMV chip-enabled credit cards has only just begun. To try to address this issue (and stem their losses) many financial institutions, startups and bank partners have been experimenting with new ways to protect payments. One security measure gaining some steam is the use of a digital fingerprints to authenticate transactions. Mobile payments platform Apple Pay and Samsung Pay, for example, use fingerprint scans, and MasterCard has been experimenting with using this particular biometric (and a few others) to protect credit cards.
But should you be worried about such a sensitive piece of biological info ending up the wrong hands? And what could happen if it did?
The answer, it seems, is a bit tricky. For starters, the information being used to authenticate phones and cards isn’t yet as sensitive as you may think. Major biometric authenticators, like Apple Touch ID, currently don’t capture your full fingerprint. Instead, they scan small sections to create a mathematical representation of it.
This algorithm is what gets stored on your device or card. And, thanks to these and other security measures, “you can’t reverse-engineer a fingerprint by stealing the device,” Jason Oxman, CEO of the Electronic Transactions Association, said. (Whether you can hack into a device by reverse-engineering a fake fingerprint is a bit more up in the air, since it has, apparently, been done before.)
Right now, there’s not much someone could do, should they get ahold of these fingerprint algorithms since they’re not in widespread use (when it comes to authenticating financial accounts or otherwise.) But that’s not to say thieves won’t find a way to monetize the information in the future.
“We don’t know what can be done with it yet,” Eva Velasquez, CEO of the Identity Theft Resource Center, said. She correlates early use of the biometric to the initial introduction of Social Security numbers. Originally intended to identify a person for government benefits and taxation purposes, it was ultimately adopted by the financial services industry as a way to authenticate someone applying for a loan or bank account. As such, now, should someone get hold of your government-issued nine digits, they could easily take out a loan or apply for credit and run up debts in your name.
Right now fingerprints are used sparingly (largely by law enforcement or government agencies for crucial security purposes), but “we really have to proceed with caution when we think about that historic issue,” Velazquez said. If biometrics were ever used to verify a host of things — from bank accounts to home security systems to travel verifications — there could be an equally long list of how they (and you) could be compromised. And, should a thief get a hold of your fingerprints, they aren’t exactly easy to change.
“There is a process in place to change your Social Security number,” Velazquez said. “It’s hardly ever used … but we know it is exists.” Your fingerprint, however, is “unchangeable,” she said.
That’s not to say exactly that you should shy away from biometrics completely, since as a replacement password, “the finger is certainly a more secure implementation of security,” Oxman said. But if you are trying these methods out, you need to go in with your eyes open.
It’s also in your best interest to read all the terms and conditions associated with the biometric in use so you know, among other things, what exactly is being scanned, where it is being stored and what security features are in place to lock down the information should your device get stolen or the information be otherwise compromised.
And, no matter what security features you have in use on your payment cards, you will still want to monitor financial account statements for signs of fraud. You can also monitor your credit to spot signs of new-account fraud. (You can pull your free annual credit reports at AnnualCreditReport.com and see your credit scores for free each month on Credit.com.) Signs of your identity has been stolen include a sudden drop in credit score, mysterious accounts or high balances you weren’t aware of.
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams