social media photos

Biometric Identity Theft

Posted on Updated on

Recently, I have been researching the potential for fraud and identity theft using fingerprints from photos posted on social media. Last week Amazon released its “Amazon One” Palm Scanner to pay for purchases when shopping. That announcement made me wonder, what are the potential implications for fraud and identity theft using biometric data taken from images?

Man's forearm and hand, index finger extended to point to one of a series of "digital keys"
Could Photos posted on Social Media sites become the Key to Digital Identify Theft?

Technology continues to improve rapidly, which often means, “Where there is the will, there’s a way.”

There are a surprising number of ways to accurately identify someone from a photo or video. Moreover, there is technology to copy fingerprints from social media photos taken up to three meters away. New technology has been proven effective at using 3D printing technology to create “fake fingerprints” that bypass many fingerprint scanners.

Since fingerprints can be copied from photos taken up to three meters away, can a palm print be copied from a photo taken 5-10 meters away? That question led to an interesting but unscientific experiment where I took pictures of my hand, enlarged them, measured the distance between the ridges and furrows of my fingers and my palm, and compared the results. Spoiler – probably not (yet) – but likely not far away given the rapid advancement of AI.

There are several areas where that distance was similar for both my fingers and palm. But, there were also areas on my palm where the average distance between “landmarks” was 3-5+ times greater. It turns out that a palm image is often segmented into 3-4 distinct regions for identification purposes, likely due to this type of variation. This link was helpful in understanding the process.

This research led to an idea for a chip-based embedded filter for smart devices and laptops. It would obfuscate key biometric information when extracting the data for display without affecting the integrity of the original stored image. This functionality would automatically provide an additional layer of privacy and data protection. It would require optimized object detection capabilities (possibly R-CNN) that were highly efficient and run on a capable but low-energy processor like the Arm Cortex-M. Retraining and upgrades would be accomplished with firmware updates.

Edit 2020-10-13: This article on “Tiny ML” from Medium.com is the perfect tie-in to the abovementioned idea.

While Amazon’s technology is much newer and presumably at least partially based on their 2019 Patent Application (which does look impressive), it makes you wonder how susceptible these devices might be to fraud given reports of the scans occurring “almost instantaneously.” Speed is one aspect of successful large-scale commercial adoption, but the accuracy and integrity of the system are far more important from my perspective.

Time will tell how robust and foolproof Amazon’s new technology really is. Given their reach, this could occur sooner rather than later. Ultimately, multiple forms of biometric scans (such as a full handprint with shape, palm, and fingerprints or a retina scan 2-3 minutes prior to the palm scan to maintain performance) may be required for enhanced security, especially with mobile devices.

Additional Resources:

This entry was posted in Artificial Intelligence, Data Governance, innovation, machine learning, Technology, Uncategorized and tagged , , , , , , , , , , .