Episode 8.5 -- FIDO, PCI fighting the good fight for security with payment cards

Biometric multi-factor authentication is all the rage in security. And yet it is also the cause of terror for security-minded folk. For every breakthrough we get a news story about how it has caused harm.

Some systems can’t identify people of color as well as it can caucasian people, which has been a problem of photographic technology for decades. Police using the systems have ended up surveilling if not arresting the wrong people. Using DNA to get an AI to develop a suspect’s face has similar weaknesses.

Most recently in Southeast Asia, thieves set up a video call employing deep fake videos to pose as a CFO and financial team and get an employee to transfer $25 million to the thief’s account. In Thailand and Vietnam, hackers stole biometric data to drain accounts in local banks.

The last example demonstrates the need for industrywide cooperation in establishing safeguards. The theft was facilitated by the banks using their facial ID recognition software, not that has been developed to industry standards or even state-of-the-art software from companies like Apple.

Two organizations have taken the lead in securing the use of biometrics in payment cards (credit, debit, and gift): The PCI (Payment Card Industry) Security Standards Council and the Fast Identification Online (FIDO) group. Both are separate but have worked together for about a decade. We talked with Dennis Gamiello, executive VP for identity products and innovation at Mastercard, about their involvement with FIDO and what it means for all of us.

---

Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message
Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support