For hackers, biometric data is the Holy Grail.
In a move fraught with risk, Mexico, a country that has become a haven for the black market of stolen personal data of all kinds, is about to build a big biometric database to be used not just for the benefit of government institutions but also for the nation’s banks.
Last year a law was passed that gave Mexican banks until the end of August 2018 to collect biometric data (finger prints and iris scans) on all their customers. Foreign-owned subsidiaries of global banks like Citi and BBVA were thrilled with the initiative arguing that it would help them combat identity theft. It could also help lenders fulfill their “know your client” (KYC) anti-money laundering checks, at much lower cost.
The ultimate goal is to develop a unique identification system that will work alongside the government’s national ID scheme, which is apparently in the final stages of development. But Mexico’s banks — in particular the smaller ones — struggle to develop the infrastructure needed to comply with the new rules by the end of August.
So in the past week, the banks were granted a nine-month extension to harvest their customers’ biometric data — and not just their fingerprints and iris features. The lenders will now also be collecting their customers’ facial and voice characteristics, all of which will be stored on a super-secure, highly centralized platform that no hacker, no matter how skilled, resourceful or Russian, will be able to penetrate. At least that’s the plan.
But what happens if the database on which all this data is stored is itself not secure? Mexico has hardly proven itself to be a safe place for valuable data…