Face information has been repeatedly lost, and it is urgent to strengthen the line of defense
According to media reports, recently, an 80-year-old man in Xi’an, Shaanxi received a call claiming to be a public security officer in Beijing, claiming that he was suspected of money laundering, demanding that he transfer 2.38 million yuan to a so-called "secure account" and instructed her to use remote The control software completes the facial recognition authentication and then transfers the money away.
The old man realized that he was deceived and called the police. The case has now been solved.
In essence, this case is still a traditional telecommunication fraud, that is, the fraudster manipulated the victim to transfer money through telephone fraud.
But the difference is that scammers use the very popular face recognition method.
As we all know, mobile banking transfers can be set up with security verification links, such as fingerprints, faces, digital passwords or pattern passwords, etc. This is originally to make funds safer, but it has been maliciously used by some scammers.
In the past, scammers either defrauded the victim's password and operated the transfer by themselves, or directed the victim to transfer to the bank window or ATM machine. However, after the bank increased the transfer confirmation and delayed the payment link, the scammer's chance of success was greatly reduced.
The "password" of manipulating the face can be transferred in real time, which can reduce the "excessive branches".
The above-mentioned deceived elderly people simply "blink" and "moose" as required because they don't know what face recognition is, and help the scammer submit a "password".
A series of property loss cases related to face recognition have caused people's anxiety about information security, especially the security of immutable biological information such as fingerprints and faces.
Not long ago, more than a dozen property owners in Nanning, Guangxi entrusted an agency to sell their houses. After they swiped their faces to check real estate information without their knowledge, the houses were transferred to others inexplicably.
Now, although the case has been solved, the shadow it brought to people may be difficult to dissipate for a while.
The abuse of new technologies represented by face recognition and the excessive collection of personal information must be regulated with "strong medicine".
At present, the relevant parties have a clear understanding of the harm of the abuse of face recognition technology, and relevant policies and laws are constantly improving. For example, the Cyber Security Law stipulates that network operators should follow the principles of lawfulness, fairness, and necessity in collecting and using personal information. , Public collection and use rules, clearly indicating the purpose, method and scope of the collection and use of information, and with the consent of the person being collected.
However, some regulations and constraints are still relatively thick lines. In some cases and practices, there is still a “lack of specific reference and basis”.
At the level of information use, face information collectors often do not explain the rules and scope of use to users, and subsequent storage and other links lack effective measures, or even have the ability to resist related risks.
In this regard, the supervisory authority should regulate the excessive collection of personal information from the source, clarify the subjects that can collect personal information, supervise the use and circulation process, and at the same time focus on exploring the remedy and stop loss mechanism after personal information leaks.
In March this year, the State Administration for Market Regulation and the National Standardization Administration issued the "Information Security Technology Personal Information Security Specification", which clearly requires that personal biometric information be separately notified of the purpose, method and scope of use.
Previously, Nanjing, Jiangsu required many sales offices to remove face recognition systems, and some cities also planned to legislate to protect personal information such as faces.
These are positive signs that regulate excessive collection of personal information.
I hope that the relevant lines of defense can be built as soon as possible.
Liu Bing