Concerns about biometric theft and fraud

According to the report on authentication experience on banking applications in Vietnam published by VinCSS Cyber ​​Security Services Joint Stock Company on September 15, biometrics is taking a central position in the digital authentication trend in Vietnam.

Not only is it the most widely used, biometrics is also considered the most convenient authentication method today by users of all ages.

Most used, most worried

Specifically, according to the report, 58.3% of users are using biometric authentication methods. This number far exceeds the second most popular method, SMS OTP (one-time SMS authentication) with only 12.1%. Followed by the methods: pin code (9.8%), Smart OTP (6.6%), password (5.8%)...

However, the top 3 reasons why users are dissatisfied with the authentication experience on banking apps today are all related to biometrics.

Specifically, 1 in 3 users worry about biometric theft and counterfeiting; 1 in 6 people think biometrics are not sensitive.

Additionally, ¼ of users are concerned about their login information being stolen.

Notably, 1 in 37 users said their account had been hacked for authentication reasons. This rate was higher among seniors, with 1 in 19 people having their account hacked for the same reason.

According to the report, most users of all ages are concerned about where their facial and fingerprint data goes, where it is stored, how it is managed, and whether it could fall into the wrong hands.

Many users believe that biometric authentication is not enough to protect their digital assets, especially in the current context of increasing AI attacks, data breaches and privacy concerns.

By context, not by technology

According to experts from VinCSS, part of the reason comes from the lack of clear distinction between the role, implementation method, and context of biometric use in modern authentication systems. Biometrics are not always the main key. Depending on the integration method, biometrics can be a standalone or complementary form of authentication.

When used as a standalone form of authentication, biometrics directly determine access, such as scanning a fingerprint to open a door, or facial recognition to open a device. Each time a user verifies their identity, the system compares the biometric data the user just scanned with previously registered and centrally stored biometric description data.

However, in many cases, biometrics only serve as an additional form of authentication for local verification, i.e. an input interface layer for the user to unlock another authentication mechanism operating behind the scenes.

For example, many applications today use biometrics to automatically log in. Users scan their biometrics to automatically send their previously saved username and password to the system to verify their identity and successfully log in.

Therefore, VinCSS experts believe that the risk of biometrics does not lie in the technology itself, but in the application context. The core of any controversy about biometrics often revolves around the possibility of theft, counterfeiting or bypassing.