Warning: Do not give your Biometric Data in exchange for money
Posted: Thu Jan 23, 2025 9:03 am
Today, we are experiencing so many technological advances that we cannot count them. In fact, with these advances, we can now reach figures of hundreds of billions of digital operations per day worldwide, many of which involve our personal information. As a result of the above, the use of biometric data has become popular, since they add a security factor to authentication processes in transactions such as financial ones. In particular, authentication through iris pattern comparison or facial recognition is gaining more and more followers; since these models are shown to be safe and difficult to replicate. In fact, today in Colombia, financial institutions are evaluating alternatives to facilitate banking operations in a safer way when using mobile phones, presenting facial recognition or eye authentication as the most reasonable alternatives to the fingerprint that is currently used. However, could biometric identification be the methodology that provides the greatest benefits to holders?
One of the main problems with biometric data is that it is job seekers database immutable; unlike a password or a proximity card that can be changed or blocked if compromised, biometric patterns, such as iris or facial recognition, are permanent and unique to each individual. Once this information is obtained and stored, there is no way to change or reset it, meaning that if this data falls into the wrong hands, the affected individual will not be able to protect themselves against future misuse of their information.
The vulnerability of biometric data is amplified when we consider the possibility of cyberattacks on the systems that store and process biometric data, since in the event of a breach, such information is exposed, thus generating devastating consequences for the affected individuals. While stolen passwords can be changed, a compromised iris pattern database can lead to long-term and irreversible risk.
But… if iris recognition or facial recognition is not yet widely used in Colombia, why are we talking about alerts and concerns?
The answer is simple: there is currently an international company in Colombia that is buying iris pattern data from residents in our country, in exchange for sums of money ranging from 10 to 20 USD. The argument given for making this purchase is the desire to be prepared for the technological changes that are coming in terms of computer security, wishing to create an extensive database with biometric records of tens of millions of people; and although the answer offered is not completely far-fetched, it does raise many doubts. In fact, the Superintendency of Industry and Commerce is conducting an exhaustive investigation of this company to determine whether its procedures are legal, and whether they are aligned with the Personal Data Protection Law.
Given the above, we intend with this blog to expose the risks of giving away our iris pattern in an indiscriminate manner, with the purpose that whoever is tempted to take advantage of the economic benefit offered, thinks very carefully before providing such valuable personal information.
One of the main problems with biometric data is that it is job seekers database immutable; unlike a password or a proximity card that can be changed or blocked if compromised, biometric patterns, such as iris or facial recognition, are permanent and unique to each individual. Once this information is obtained and stored, there is no way to change or reset it, meaning that if this data falls into the wrong hands, the affected individual will not be able to protect themselves against future misuse of their information.
The vulnerability of biometric data is amplified when we consider the possibility of cyberattacks on the systems that store and process biometric data, since in the event of a breach, such information is exposed, thus generating devastating consequences for the affected individuals. While stolen passwords can be changed, a compromised iris pattern database can lead to long-term and irreversible risk.
But… if iris recognition or facial recognition is not yet widely used in Colombia, why are we talking about alerts and concerns?
The answer is simple: there is currently an international company in Colombia that is buying iris pattern data from residents in our country, in exchange for sums of money ranging from 10 to 20 USD. The argument given for making this purchase is the desire to be prepared for the technological changes that are coming in terms of computer security, wishing to create an extensive database with biometric records of tens of millions of people; and although the answer offered is not completely far-fetched, it does raise many doubts. In fact, the Superintendency of Industry and Commerce is conducting an exhaustive investigation of this company to determine whether its procedures are legal, and whether they are aligned with the Personal Data Protection Law.
Given the above, we intend with this blog to expose the risks of giving away our iris pattern in an indiscriminate manner, with the purpose that whoever is tempted to take advantage of the economic benefit offered, thinks very carefully before providing such valuable personal information.