Firms’ biometrics records ‘can be hacked’

The growing use of biometrics to identify individuals is “insecure and in need of immediate attention,” according to an IT systems company.

Fujitsu Siemens said biometrics is increasingly being used in the business world to verify whether individuals really are who they say. By 2013, Fujitsu Siemens predicts biometric identity technology will be so widespread in the private sector that the number of people included would rival that of the proposed national ID schemes.

Within five years, 95 percent of the UK population will be identifiable through biometrics and other means.

But the tracking and monitoring of people could be a risk if security controls were not tightened up, the IT company said.

“From a security perspective, we have already seen that criminals can create a number of different personae for themselves and more methods of identification means more openings for them. Whether it’s issued by a company or a government, once an individual can associate their biometric characteristics with an identity, they effectively own that identity,” said David Pritchard, senior technology analyst.

“People are already carrying around several identifying documents or artefacts — car keys, passports, driving licences, bank cards,” said Pritchard.

“Biometrics are being added to these items, making them uniquely identifiable and traceable to the individual.”

The government recently commissioned a report in which former banker Sir James Crosby said that within five years people were likely to be carrying several biometric identifiers. In the report, Crosby called on the government to work with banks to create a universal ID assurance scheme, led by the private sector, which would result in a more secure system.

Computerworld UK