Improving ATM Security via Facial Recognition

CPSC510 James Maxlow November 25th, 2002

Proposal 
Cameras in use at automatic teller
machines should take still images of users  A facial recognition scheme should be added to the software used to verify users at ATMs  This scheme should match a picture of the user at the ATM with a picture of the account holder in the bank¶s database
2 of 11

Reasoning 
ATM fraud costs U.S. banks an average of
$15,000 each year« hundreds of millions in total  This cost is borne by bank customers  Current ATM validation schemes are limited to access cards and PINs  Card theft, PIN theft and cracking, stealing of account information by bank employees all contribute to fraud schemes
3 of 11

Algorithm 
Take customer¶s picture(s) when account    
is opened and allow user to set nonnonverified transaction limits At ATM, use access card and PIN to prepreverify user Take user¶s picture, attempt to match it to database image(s) If match is successful, allow transaction If match is unsuccessful, limit available 4 of 11 transactions

Can ATMs Support This? 
Most current generation ATMs run
Windows CE, 2000, XP Embedded, or Linux ± these machines can run facial recognition software locally
1: Image, account no, PIN

2: Account no, PIN

5: User verified

ATM
4: Processing 3: Bank-held customer image

Bank Computer

5 of 11

Can ATMs Support This? 
Older ATMs run DOS or OS/2 ± these
machines can offload the processing to the bank¶s computers

1: Image, account no, PIN

2: Image, account no, PIN

5: User verified message

ATM
4: User verified message

Bank Computer
3: Processing 6 of 11

Is Facial Recognition Reliable? 
Matching a user image with any image in a
database« facial evaluation« is still problematic ± digital airport screenings, public surveillance cameras, etc. have high error rates  But this isn¶t a problem here!  We must only match a user image with one known image from a database« facial verification« this technique has low error rates under good conditions (3% - 10%) 7 of 11

What Variables Affect Verification?
1. 2. 3. 4. 5.
Lighting Angle of view Extreme facial expressions Facial hair Glasses
Please follow these guidelines to help us verify your identity: ‡Face the camera, holding still until you hear the beep ‡Maintain a normal facial expression ‡If you are wearing glasses, please remove them
8 of 11

What Is The Best Verification? 
Local Feature Analysis 
This method analyzes the geometric relationships between facial features  In some versions it builds a 3-D topography of 3the user¶s face and uses this topography for later comparisons

9 of 11

What Would I Actually Do? Do? 
Find open-source LFA recognition programs open Write an ATM black box module  Create two databases of images  Tweak and test recognition programs with ATM
module and images  Rewrite ATM module into client/server version with encryption to emulate ATM/bank interactions  Add USB camera control to client
10 of 11

Summary 
Access card / PIN provides insufficient ATM
security  Adding facial verification to the process can greatly decrease fraudulent transactions  Current ATMs have the power to perform verification locally given a software change  I will create a simulated system using a custom ATM black box and an open-source openLFA recognition program
11 of 11

Sign up to vote on this title
UsefulNot useful