my timesThe Korea Times

Apple's biometric flaw another headwind to fintech

Listen

Apple's Senior Vice President Craig Federighi demonstrates “Face ID” authentication technology during the launch ceremony of iPhoneX at Steve Jobs Theater in California in September 2017. / Screen capture from Apple's Youtube channel

By Park Jae-hyuk

A recent alleged glitch in Apple's “Face ID” has raised concerns among consumers, who have been wary of using biometric authentication for financial transactions on mobile devices since similar errors were found in Samsung and Google smartphones, according to industry officials, Friday.

Last Thursday, several local news outlets, including MBN and JTBC, reported that a child made payments of 9.6 million won ($8,200) after unlocking the facial recognition system in his father's iPhone X smartphone.

Although the father in his 40s registered his facial information to his smartphone, the son was able to access the device as his own face resembles his father's, the broadcasters said.

The iPhone user surnamed Kim asked Apple for a refund but was denied, according to the reports.

“The probability that a random person in the population could look at your iPhone or iPad Pro and unlock it using Face ID is approximately 1 in 1 million with a single enrolled appearance,” the U.S. tech giant wrote on its official website.

“The statistical probability is different for twins and siblings that look like you and among children under the age of 13, because their distinct facial features may not have fully developed.”

Apple's biometric verification methods are the basis of the Apple Pay mobile payment system and part of the recently launched Apple Card, a virtual credit card the tech firm released in the United States, Aug. 20, through its partnership with Goldman Sachs and Mastercard.

In addition, most commercial banks here allow their customers to use Face ID as a method to log in to their mobile apps, although they were reluctant to adopt the system when it was first introduced. Some of them even enable their customers to use the facial recognition system for a limited remittance amount.

They have yet to come up with measures against the identification method which is likely to have flaws.

However, they are expected to counteract the security concerns soon, considering that they recommended their customers use other authentication methods when Samsung smartphones' in-screen fingerprint scanners were found to be vulnerable to unauthorized access.

Experts advise financial consumers and companies to be aware of potential security flaws in biometric technologies.

“Just like other authentication methods, errors can occur in biometric technologies, so the basic principle of any security system design is layered security, which refers to a system using multiple measures,” said Kim Seung-joo, a professor at Korea University's School of Cybersecurity.