Mid-Sized Banks Are Potential ‘Sitting Ducks’ In Biometric Data Hacks, Security Expert Warns

A massive biometric data hack could destabilize the financial ecosystem, the expert warns.

A cybersecurity veteran is raising the alarm about the potential of a large-scale customer biometric data hack and the massive financial crisis that could follow.

Mid-sized and smaller banks, without the resources of large financial institutions, are especially at risk, cybersecurity veteran Michael Marcotte warns.

Marcotte is the co-founder of the U.S. National Cybersecurity Center. He also served as the CIO, CDO, and president of EchoStar, a satellite communications and internet service company. He also is the founder, chairman and CEO of artius.iD, a provider of identity solutions for S&P 500 firms.

(Michael Marcotte)

Financial institutions are increasingly offering customers biometric ways to login to their accounts, including fingerprint, voice, or facial recognition. Sixty-eight percent of major banks offer fingerprint authentication in their mobile apps, according to a report from Number Analytics. Facial recognition is the second-most widely used banking biometric technology, the report also revealed.

The security issue with biometric data is that the data is stored in a centralized way, Marcotte said in a news release. That centralized data could be subject to a massive attack that could destabilize the financial ecosystem, he asserts.

“The reams of biometric data banks are storing right now on centralized systems is a big red bullseye for hackers. It offers a single vector through which one successful attack could deal catastrophic damage. This is the biggest cyber threat banks face today – and yet bank executives and their regulators are largely blind to it,” Marcotte said in a statement.

He said banks face “operational and reputational costs” in wake of a massive biometric data hack, but the real costs burden would be from “group litigation” from customers who had their biometric data hacked—elements of their actual physical bodies.

In an emailed statement to MES Computing, Marcotte said smaller banks are especially vulnerable to a biometric data hack.

“Mid-sized banks are holding millions of digital identities in one place. Making them sitting ducks when it comes to biometric data breaches. They don’t have the deep budgets or elite cyber teams of global giants, yet they’re still storing biometric data in centralized systems – the same big, blinking targets hackers crave.

"They’re just as appealing to attackers, but far less equipped to recover. One breach could trigger a class action lawsuit from customers amounting to billions, taking them down completely. The truth is, the banking system is only as strong as its weakest link. And mid-sized banks are that link.”

The solution to Marcotte is clear.

"We need to raise the bar – fast. There is an easy fix: decentralize biometric data. Push it out to user devices and eliminate the central honey pots entirely. It’s cheaper, it’s safer, and it’s the only way to stop one weak link from dragging down the whole system."