Using facial scan features in financial apps such as Paytm, Phonepe and MobiKwik can be risky. Know the threats and what you can do to safeguard your transactions and financial details
Various financial apps, including e-payment apps, banking apps or even trading apps, are using the facial scan feature to ease the log-in process. While the feature offers convenience, it comes with the inherent threat of security and breach. Recently, there was an alleged data breach of 3.5 million users of MobiKwik, a fintech unicorn.
Here's how the facial scan feature can put you at risk and what you can do to safeguard your financial transactions and details.
Lack Of Robust Technology: Not all financial apps may have checks and balances for the facial scan feature. “Financial apps make use of this inbuilt feature instead of building or incorporating their own technology. One of their criteria is that if you are the owner of the phone, you are the owner of the app,” says Arnab Bhattacharjee, data security professional working with Tata Consultancy Services.
Cloning Of Facial Features Is Easy: Bypassing the facial scan feature to login to someone’s account is not too difficult through the KYC route, caution experts. “Be it apps like Paytm, Mobiwiki or even crypto trading apps, these apps use face determination, often based on the details (facial features) gathered from the photo IDs such as Aadhar and PAN card that we need to submit for KYC (know your customer). Now it is easy to clone the personal (facial) details uploaded and bypass the security,” says Viral Parmar, founder and CEO, Comexpo Cyber Security, a security firm.
Bhattacharjee cites an example. “In 2016, at the Usenix Security Symposium, a University of North Carolina team described how they collected pictures from social media to create animated 3D models in virtual reality, which were used to bypass face recognition. Some security researchers aim to unlock the iPhone X by 3D-printing a head. So, it is not entirely safe,” he adds.
Vulnerable To Financial Data Breach: The facial scan feature of financial apps can put your financial data at risk. Most financial apps ask for KYC details, which may include your bank and other financial details. Hackers could easily access the KYC details stored by apps and use them for fraudulent purposes.
"Accessing such financial apps may even make the banking details linked with the app vulnerable. For example, if Paytm is linked with a bank account, and it gets hacked, then the account details are also at risk," says Parmar.
Go For Multifactor Authentication: Using the facial scan feature is convenient but may not be the safest method. “The best way to maintain security and privacy on such apps is to go for multifactor authentication. A minimum of two-factor authentication is always suggested,” says Parmar.
He also suggests using authenticator apps, which can be synced with the financial app you are using. Once you try to log into the financial app, the authenticator app will generate a code to authenticate the log-in. You will have to use the code generated to log into the financial app.
Choose Genuine Apps: It’s important to watch out for fake apps. "It is better to go for Google or Microsoft authenticator apps and Apple has its own authenticator. These three should be used to avoid any fake apps," says Parmar.
The same goes for financial apps; go for the ones that are recognised by authorities. “Genuine financial apps which are recognised by the National Payments Corporation of India (NPCI) or the Reserve Bank of India (RBI) are secure,” he adds. Ensure you are logging into a genuine financial app as it is likely to have better security features. Read more on genuine apps here.