Atlanta, GA, Feb. 16, 2024 (GLOBE NEWSWIRE) -- Trust Stamp (Nasdaq: IDAI), the Privacy-First Identity CompanyTM, providing AI-powered trust and identity services to global customers in both the governmental and private sectors issued a warning to financial institutions and their customers regarding the emerging dangers of Trojans that are being used to gain unauthorized access to bank accounts.
In October of 2023 Group-IB (https://group-ib.com) researchers released a report regarding a newly discovered Android Trojan which they named “GoldDigger”. Subsequent to that report, Group-IB’s threat intelligence unit identified a cluster of aggressive banking Trojans targeting the APAC region. On February 15, 2024 Group-IB announced the discovery of “GoldPickAxe”, the first known iOS Trojan harvesting facial biometric data used for unauthorized access to bank accounts.
Scott Francis, Trust Stamp’s Chief Technology Officer commented, “Although these specific Trojan attacks currently appear to be confined to the APEC region, cybercrime is global and we have to assume that these attacks will spread very quickly. With fast evolving attacks such as these Trojans, being a good steward of biometric data demands systems that do not require that data to be stored on potentially vulnerable devices. Until the emergence of these Trojans, we worried about Android vulnerabilities, and iOS device security was treated as unquestioned, but now that has to be reconsidered.”
Scott Francis went on to say, “The work of organizations such as Group-IB is critical to countering sophisticated cybercriminals. As a D-Seal labeled company; we take data security and responsible use very seriously and we have developed AI-powered, privacy-centric systems to counter attacks such as those implemented by these Trojans. These include both our Stable IT2 TM technology and biometric multi-factor authentication. The Stable IT2 is revolutionary in that it does not save or retain any biometric data anywhere, in addition to which, no identifying data is stored on the user device. As a biometric cryptographic system, it provides authentication without leaving biometric breadcrumbs that could later be used by criminals. Biometric MFA combined with device authentication not only uses biometric authentication with proof of life but also ensures that the user is in possession of the authorized device, disrupting the transaction flow utilized by the attackers behind these Trojans”
Stable IT2 is a groundbreaking facial recognition technology designed for identity authentication, secure system access, and account protection. It derives a cryptographic token generated from a user’s facial biometrics to respond to cryptographic challenges and authenticate messages, enhancing security and user control over personal information.
At registration, Trust Stamp’s binding process combines a cryptographic key and biometric information to produce sketch and helper data that can be stored anywhere, including on edge wallets, mobile devices, or a distributed ledger. During authentication, the stable token is derived directly from a live scan of biometrics as opposed to storing the biometric template. The ultra-secure feature of Stable IT2 means that neither the secret nor the biometric information about the user is ever stored therefore it cannot be stolen. This process is highly efficient, providing quick and accurate identity verification thereby reducing the risk of account takeover by attackers.
Dr Norman Poh, Trust Stamp’s Chief Science Officer commented, "When a financial institution adopts Stable IT2, Trust Stamp's technology integrates into their existing back-end system to overhaul the facial recognition process. During registration a user's facial image is captured – typically via a selfie video, and this process generates a unique stable cryptographic token from the user’s face using Trust Stamp’s proprietary algorithm. This token, with at least 128 bits of entropy derived from the user's facial data, is further diversified and then used for all subsequent identity verifications across different accounts. During the authentication process, the system does not compare raw biometric data or traditional templates. Instead, it attempts to generate the same unique, stable cryptographic token from another liveness-assessed probe biometric sample. Since only the registered user can reproduce this unique token, the technology can be used to prove the presence of the registered user over the internet remotely, using standard cryptographic protocols including public key infrastructure. In other words, this is an ideal zero-knowledge proof solution for remote identity proofing applications."
Enquiries
Scott Francis, Chief Technology Officer: sfrancis@truststamp.ai
Norman Poh, Chief Science Officer: npoh@truststamp.ai
About Trust Stamp
Trust Stamp the Privacy-First Identity CompanyTM, is a global provider of AI-powered identity services for use in multiple sectors, including banking and finance, regulatory compliance, government, real estate, communications, and humanitarian services. Its technology empowers organizations with advanced biometric identity solutions that reduce fraud, protect personal data privacy, increase operational efficiency, and reach a broader base of users worldwide through its unique data transformation and comparison capabilities.
Located across North America, Europe, Asia, and Africa, Trust Stamp trades on the Nasdaq Capital Market (Nasdaq: IDAI). The company was founded in 2016 by Gareth Genner and Andrew Gowasack.
Safe Harbor Statement: Caution Concerning Forward-Looking Remarks
All statements in this release that are not based on historical fact are “forward-looking statements” including within the meaning of the Private Securities Litigation Reform Act of 1995 and the provisions of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. The information in this announcement may contain forward-looking statements and information related to, among other things, the company, its business plan and strategy, and its industry. These statements reflect management’s current views with respect to future events-based information currently available and are subject to risks and uncertainties that could cause the company’s actual results to differ materially from those contained in the forward-looking statements. Investors are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. The company does not undertake any obligation to revise or update these forward-looking statements to reflect events or circumstances after such date or to reflect the occurrence of unanticipated events.