Selfie Authorization Not So Good? Experts Raise Concerns

Selfie-based authentication is required for more and more activities. It is a new trend in the world, becoming more and more common. Some banks and institutions have started to require this type of authorization. Vietnam and Singapore already require it for some purchases. But what was supposed to make shopping safer is now raising questions from experts.

Selfie – is it safe?

This week, Vietnam introduced mandatory facial scanning in online banking apps as proof of identity for digital transactions over $400. Revolut also recently introduced similar security for some transactions, although it is optional there.

But there are some arguments in the background that selfies won’t improve security at all. Some apps have already been criticized for accepting still photos instead of live ones, just days after the new system was introduced.

The concerns aren’t limited to Vietnam, with the US cybersecurity agency also raising concerns about the procedure. Many of these selfies have been shared with fintech and e-commerce providers and then leaked. Fraudsters are collecting these selfies to sell to other criminals.

Taking a selfie for customer recognition purposes is not a problem in itself – the problem is that this data is not handled properly and in many cases is not deleted after verification. If it has any value to criminals, someone will try to steal it.

– says Kevin Reed, chief information security officer at Acronis.

The latest authentication procedures are constantly being updated and new ideas are coming to the fore. Often, they require a video recording, asking the person to make a specific facial expression or turn their head, which seems like a reasonable idea.

Selfie authorization in Poland

It is true that no one in Poland has yet come up with the idea of ​​making a selfie an additional layer of authorization for individual transactions, but banks often use this method for authentication when opening an account. This solution has replaced the process of signing a contract at the courier’s and is available in the largest institutions, including Pekao SA, which was the first to introduce it to Poland.

Institutions do not disclose how many customers use selfies, but they undoubtedly prefer this method. For example, Santander at one point completely abandoned couriers. The banks themselves assure that in terms of security, the novelty does not differ from previous standards.

In practice, it is not the method itself that seems to raise concerns, but its implementation. If the financial industry decides that a selfie alone is enough for more serious transactions and does not take care to eliminate the risk of planting a static image, we may indeed have a problem. Another thing is that such a scenario may be considered unlikely in European realities.

See: The first banks are starting to abandon SMS codes