Li Wei, head of the science and technology department of the People's Bank of China, said at a forum on financial cyber security on Monday that relying only on a single feature, such as a human face, to verify financial transactions in cyberspace has serious transaction risks. Financial institutions should inform users in advance of face data collection in relevant transactions and clearly obtain customer authorization. At the same time, do not simply take facial features as the only transaction verification factor, must be based on the risk level combined with user password and other factors for multi-factor authentication.
According to Li Wei, human face is a weak privacy biometric, and the risk of misuse of information is relatively large. In real life, usually a combination of face, voice, body and other weak privacy features to know others, not only to see your face, but also to listen to your voice, see your actions, comprehensive judgment of who you are, to know a person, these characteristics are generally exposed, often easy to remote non-contact way, in my haounaware of the case of silent collection, This is inevitable now. However, the problem lies in that some institutions overestimate the recognition function of weak privacy features, and there are serious hidden dangers in financial transaction verification in cyberspace by relying only on a single feature.
Li Wei said that for face recognition payment application, due to the online open network environment there are many risks, the application conditions are not mature, while offline application risks are relatively controllable, basically have the conditions for pilot application, should follow the following principles:
First, information collection should adhere to the principle of "user authorization, minimum sufficient".Facial features are important privacy, data collection should be informed in advance of the use of information, clearly obtain customer authorization, avoid features unrelated to demand collection, to ensure the rationality and necessity of facial features collection.
Second, payment transactions should adhere to the principle of "expressing willingness and multiple authentication".Considering that the face recognition process is silent, financial institutions should strictly implement the protection law of consumer rights and interests, fully respect the subjective wishes of users, protect users' right to know, right to property security and other legitimate rights and interests, shall not initiate transactions without users' knowledge or authorization, and shall not simply take facial features as the only verification factor for transactions. Multi-factor authentication must be carried out according to the risk level and user password and other factors to balance the security and convenience of financial services.
Third, safety management should adhere to the principle of "risk compensation and full protection".Given that face recognition is highly dependent on artificial intelligence algorithm model and the offensive and defensive technology is constantly iterated and upgraded, it is necessary to actively establish and improve risk compensation mechanisms such as risk compensation funds, insurance plans and emergency treatment, comprehensively use a variety of information technologies, strengthen the end-to-end security protection of the whole chain of face feature information, and effectively protect the security of consumer funds and information.
In the future, the People's Bank of China will strengthen supervision, inspection and safety assessment.
In 2019, the People's Bank of China formulated regulations for the protection of personal financial information. Under this new situation, how should mobile financial institutions do a good job in the collection and protection of personal information, how to guarantee the security of information and data under the open mode, and how to balance the security and convenience of facial payment?
To take this, Beijing mobile finance industry alliance, mobile payment network will be held in Shenzhen on November 5 to "security compliance for the future" as the theme - MFSC 2019 the fourth China Mobile financial security conference, the keynote speech and registration channel has been opened.
For more information, please visit the official website:http://www.mpaypass.com.cn/MFSC2019/
