Is the facial recognition system really safe? “New Vision” of the mainland’s Phoenix website reported that after at least 6 Bank of China customers encountered phone fraud, the fraudsters were able to use the bank’s app face recognition function to log in to the account multiple times, change the transfer limit, and transfer the deposit, involving an amount of nearly 200 yuan. Ten thousand yuan (RMB, the same below). The victim client believed that there was a loophole in the face recognition system of BoCom and should be responsible for its losses, and took BoCom to court. However, the court believed that it was the “fault” of the client’s “failure to fulfill the duty of prudent management” and dismissed all claims.
The report quoted the litigant Ma Yue as saying that his wife and at least five other people received fraudulent calls from October 2020 to October last year and were tricked into opening an account with the Bank of Communications. Ma Yue pointed out that the swindler can tell his wife’s name, ID number, work unit, and has his wife’s photo, claiming that his wife’s personal information is leaked, and the bank account is very risky. The security measures are better.” Unexpectedly, shortly after the wife transferred 500,000 yuan to the newly opened Bank of Communications bank card, the money disappeared. After calling the police, I learned that the text message was intercepted by a scammer with an IP address in Taiwan, and the text message was used for verification and face recognition. Turn away.
The report mentioned that Bank of Communications confirmed that Ma Yue’s wife had not left Beijing that day, but the swindlers who were far away in Taiwan passed the face recognition of Bank of Communications 7 times and the living body verification 6 times. In vivo verification is to verify whether a real person is operating by blinking, opening mouth, shaking his head, etc.
Ma Yue said, “If you did recognize my real face, it was with my consent, but what you recognized is not a real face, so you can’t justify it.” He also questioned that the fraudster designated the victim to open a bank card in the Bank of Communications instead of Other banks were found to have loopholes in the face recognition system of Bank of Communications.
Court ruling leaves face recognition flaws untouched
Ma Yue sued Bank of Communications in court, but the court’s decision last Thursday did not touch on the vulnerability of face recognition, and believed that Bank of Communications had used multiple login passwords, verification codes, face recognition and other reasonable methods to identify users. Obvious fault and negligence”, even believing that the case was the fault of the client, Ma Yue said he would appeal. The report quoted scholars from Tsinghua University and Renmin University as saying that the banking system was unable to identify real and fake faces. The report also pointed out that if the users were not careful enough to attribute electricity fraud, and they did not delve into the root causes, more people may continue to suffer losses.
Originally published on AM730 https://www.am730.com.hk/china/fraudsters use face recognition to transfer deposits – Bank of Communications lost nearly 2 million for 6 customers/327655