{"id":2560,"date":"2016-10-25T03:06:01","date_gmt":"2016-10-25T07:06:01","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2560"},"modified":"2019-11-15T14:55:53","modified_gmt":"2019-11-15T11:55:53","slug":"biyometrik-bankacilik-guvenli-mi","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/biyometrik-bankacilik-guvenli-mi\/2560\/","title":{"rendered":"Biyometrik bankac\u0131l\u0131k g\u00fcvenli mi?"},"content":{"rendered":"<p>Biyometrik, yani insanlar\u0131n parmak izi gibi e\u015fsiz fiziksel \u00f6zelliklerini kullanarak tan\u0131mlama i\u015fleminin uzun s\u00fcredir g\u00fcvenli oldu\u011fu d\u00fc\u015f\u00fcn\u00fcl\u00fcyordu. Ayr\u0131ca bu teknoloji bankalara ve banka m\u00fc\u015fterilerine \u00e7ekici geliyor. Bu ikisi, teknolojiyi siber su\u00e7lular i\u00e7in devasa bir hedef haline getiriyor.<\/p>\n<p>Hatta \u00e7o\u011fu banka ATM\u2019lerde biyometrik giri\u015fi denemeye ba\u015flad\u0131.<\/p>\n<p>Kurumsal tarafta, yanl\u0131\u015f reddetme (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Type_I_and_type_II_errors#Biometrics\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">tip 1<\/a>) ve yanl\u0131\u015f onaylama (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Type_I_and_type_II_errors#Biometrics\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">tip 2<\/a>) hatalar\u0131n\u0131 azaltabilmek i\u00e7in iris tarama ve <a href=\"https:\/\/en.wikipedia.org\/wiki\/Vein_matching\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">damar e\u015fle\u015ftirme<\/a> metotlar\u0131 b\u00fcy\u00fck avantaj sa\u011fl\u0131yor. Kullan\u0131c\u0131lar biyometrik taramay\u0131 seviyor \u00e7\u00fcnk\u00fc bu teknoloji h\u0131zl\u0131 \u00e7al\u0131\u015f\u0131yor ve kullan\u0131c\u0131lar\u0131n parola ya da di\u011fer gizli kodlarla u\u011fra\u015fmaktan kurtar\u0131yor.<\/p>\n<p>Ne yaz\u0131k ki, parmak izi taramas\u0131 teknolojisi hem d\u00fcnyaya yay\u0131lm\u0131\u015f durumda hem de olmas\u0131 gerekti\u011finden daha az g\u00fcvenli. \u00d6rne\u011fin, Android ve iOS kullan\u0131c\u0131lar\u0131 d\u00fczenli olarak cihazlar\u0131n\u0131n izinli kullan\u0131c\u0131lar\u0131n giri\u015flerini reddetmesinden veya ba\u015fka insanlar\u0131n giri\u015flerine izin vermesinden \u015fikayet\u00e7i.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/HM8b8d8kSNQ?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p><strong>Ya ATM\u2019ler?<\/strong><br>\nBiyometrik ATM\u2019ler hen\u00fcz her yerde kullan\u0131lm\u0131yor ancak g\u00fcvenlik uzmanlar\u0131m\u0131z Olga Kochetova ve Alexey Osipov \u015fimdiden bir d\u00fczineden fazla biyometrik <a href=\"https:\/\/www.kaspersky.com\/blog\/skimmers-part-one\/7223\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">taray\u0131c\u0131n\u0131n<\/a> kara borsada sat\u0131\u015fa \u00e7\u0131kart\u0131ld\u0131\u011f\u0131n\u0131 <a href=\"https:\/\/cdn.securelist.com\/files\/2016\/09\/Future_ATM_attacks_report_eng.pdf\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">belirtti<\/a>.<\/p>\n<p>Di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 geli\u015ftiriciler, iris taramas\u0131 ve damar e\u015fle\u015ftirmesi yapan cihazlar\u0131n sonu\u00e7lar\u0131na engel olmaya \u00e7al\u0131\u015f\u0131yor. Dahas\u0131, taray\u0131c\u0131lar\u0131 kullanmak veri \u00e7almak i\u00e7in tek yol de\u011fil. <a href=\"https:\/\/tr.wikipedia.org\/wiki\/Man-in-the-middle_attack\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Ortadaki adam sald\u0131r\u0131lar\u0131<\/a> (<a href=\"https:\/\/www.kaspersky.com\/blog\/man-in-the-middle-attack\/1613\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Man in the Middle<\/a>) ve buna benzer y\u00f6ntemler kullan\u0131c\u0131 ad\u0131 ve parola \u00e7alma i\u015flemlerini biyometrik taray\u0131c\u0131lar i\u00e7in kullanabilir.<\/p>\n<p>Ve tabiki su\u00e7lular verinin tipine bakmaks\u0131z\u0131n kullan\u0131c\u0131 verilerinin bulundu\u011fu sunucular\u0131 hackleyebilirler. \u00d6rne\u011fin bu sene Dropbox 60 milyona yak\u0131n kullan\u0131c\u0131n\u0131n verilerini kaybetti ve sonras\u0131nda Yahoo 500 milyon veri s\u0131zd\u0131rd\u0131. Bu ikisi d\u0131\u015f\u0131nda daha bir\u00e7ok \u00f6rnek var.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"tr\" dir=\"ltr\">Yahoo\u2019dan k\u00f6t\u00fc haberler devam ediyor <a href=\"https:\/\/t.co\/2Bz15PdXJO\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/2Bz15PdXJO<\/a> <a href=\"https:\/\/t.co\/uDXRersJgh\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/uDXRersJgh<\/a><\/p>\n<p>\u2014 Kaspersky T\u00fcrkiye (@KasperskyTR) <a href=\"https:\/\/twitter.com\/KasperskyTR\/status\/781022755395428352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 28, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u015eimdi, kullan\u0131c\u0131n\u0131n biyometrik verilerini saklayan \u015firketlerin sunucular\u0131n\u0131n hacklendi\u011fini d\u00fc\u015f\u00fcn\u00fcn. Parola de\u011fi\u015ftirmek can s\u0131k\u0131c\u0131 olabilir ancak DNA\u2019n\u0131z\u0131 de\u011fi\u015ftiremezsiniz.<\/p>\n<p>Ek olarak, biyometrik taray\u0131c\u0131lar\u0131n yard\u0131m\u0131yla su\u00e7lular <a href=\"https:\/\/www.kaspersky.com\/blog\/fingerprints-sensors-security\/10951\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">sahte kimlikler yaratabilirler<\/a>. Bankalar biyometrik ATM\u2019leri kullanmaya ba\u015flamadan \u00f6nce g\u00fcvenlik standartlar\u0131n\u0131 iyice g\u00f6zden ge\u00e7irmeliler.<br>\n<strong><br>\nBiyometrik g\u00fcvenli\u011fin d\u00fc\u015f\u00fc\u015f\u00fc<\/strong><br>\nBiyometrik taray\u0131c\u0131lar ilk olarak devletler, g\u00fcvenlik g\u00fc\u00e7leri ve savunma end\u00fcstrisi taraf\u0131ndan kullan\u0131ld\u0131. Bu alanlarda biyometrik taray\u0131c\u0131lar g\u00fcvenliydi \u00e7\u00fcnk\u00fc bu gibi alanlarda y\u00fcksek kalite ekipman al\u0131nabiliyordu.<\/p>\n<p>Biyometrik taray\u0131c\u0131lar k\u00fcreselle\u015ftik\u00e7e g\u00fcvenlik a\u00e7\u0131klar\u0131 yakalanabilir oldu. Teknolojinin pop\u00fclerli\u011fi g\u00fcvenlikteki d\u00fc\u015f\u00fc\u015fe neden oldu. Birincisi, m\u00fc\u015fteri memnuniyeti i\u00e7in al\u0131nan \u00f6nlemler kritik alanlarda al\u0131nan \u00f6nlemlerden daha azd\u0131. \u0130kincisi ise su\u00e7lular biyometrik taray\u0131c\u0131 bulunan cihazlar\u0131 sat\u0131n alabilir ve \u00fczerinde testler uygulayabilirdi. 3D yaz\u0131c\u0131lar\u0131n h\u0131zl\u0131 geli\u015fmesi de biyometrik taray\u0131c\u0131lar\u0131n <a href=\"https:\/\/www.kaspersky.com\/blog\/stealing-digital-identity\/10386\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131<\/a> g\u00f6z \u00f6n\u00fcne seriyor.<\/p>\n<p>Ge\u00e7en sene insanlar parmak izi taramas\u0131n\u0131n oldu\u011fu 6 milyona yak\u0131n mobil uygulama indirdi. Juniper Ara\u015ft\u0131rma\u2019ya g\u00f6re, 2019 y\u0131l\u0131na kadar insanl\u0131k <a href=\"https:\/\/www.juniperresearch.com\/press\/press-releases\/biometric-authentication-app-downloads-to-reach-77\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">bunlar gibi 770 milyon uygulama<\/a> kullanacak. Bu zamana kadar, biyometrik taray\u0131c\u0131lar s\u0131radanla\u015facak. Ba\u015fka uzmanlar olaya \u00e7ok daha iyi y\u00f6n\u00fcnden bak\u0131yorlar: Acuity Market Intelligence\u2019a g\u00f6re 2020 y\u0131l\u0131nda 2.5 milyar insan 4.8 milyar biyometrik taray\u0131c\u0131 kullan\u0131yor <a href=\"http:\/\/www.acuity-mi.com\/GBMR_Report.php\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">olacak<\/a>.<br>\n<strong><br>\nGelece\u011fe dair umutlar ve \u00f6neriler <\/strong><br>\n\u0130yi ki biyometrik veri oldu\u011fu gibi saklanm\u0131yor, sunucu sadece <a href=\"https:\/\/www.kaspersky.com\/blog\/the-wonders-of-hashing\/4441\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">karma<\/a> sonu\u00e7lar\u0131 tutuyor ve su\u00e7lular i\u00e7in daha az ilgi \u00e7ekici oluyor. Yine de, yukar\u0131da bahsetti\u011fimiz su\u00e7lular ortadaki adam gibi y\u00f6ntemleri kullanarak kendilerini ATM ve i\u015flem merkezi aras\u0131nda veri transfer kanal\u0131 haline getirip kullan\u0131c\u0131lar\u0131n paras\u0131n\u0131 \u00e7alabilirler.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"tr\" dir=\"ltr\">ATM hacklemenin 4 yolu <a href=\"https:\/\/t.co\/oKmIN2lcyH\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/oKmIN2lcyH<\/a> <a href=\"https:\/\/t.co\/s7jy2WV2U0\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/s7jy2WV2U0<\/a><\/p>\n<p>\u2014 Kaspersky T\u00fcrkiye (@KasperskyTR) <a href=\"https:\/\/twitter.com\/KasperskyTR\/status\/786111112550969344?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 12, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Eninde sonunda, bankalar ve kullan\u0131c\u0131lar s\u0131k\u0131 g\u00fcvenlik \u00f6nlemleri almal\u0131lar. Kurumsal tarafta, <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/4-ways-to-hack-atm\/2520\/\" target=\"_blank\" rel=\"noopener noreferrer\">ATM\u2019ler donan\u0131msal<\/a> ve yaz\u0131l\u0131msal tarafta geli\u015ftirilmeli ve ATM\u2019lerin dizayn\u0131 taray\u0131c\u0131 y\u00fcklenmesine kar\u015f\u0131 korunakl\u0131 olmal\u0131.<\/p>\n<p>Genel olarak biyometrik tarama teknolojisi, ikincil bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc olarak kullan\u0131lmal\u0131 ve di\u011fer g\u00fcvenlik se\u00e7eneklerinden vazge\u00e7ilmemelidir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Biyometrik, yani insanlar\u0131n parmak izi gibi e\u015fsiz fiziksel \u00f6zelliklerini kullanarak tan\u0131mlama i\u015fleminin uzun s\u00fcredir g\u00fcvenli oldu\u011fu d\u00fc\u015f\u00fcn\u00fcl\u00fcyordu. Ayr\u0131ca bu teknoloji bankalara ve banka m\u00fc\u015fterilerine \u00e7ekici geliyor. Bu ikisi, teknolojiyi siber<\/p>\n","protected":false},"author":2411,"featured_media":2561,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[401,978,1052,1050,1010,1051],"class_list":{"0":"post-2560","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-atm","9":"tag-bankalar","10":"tag-biyometrik","11":"tag-dogrulama","12":"tag-parmak-izi","13":"tag-yetkileme"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/biyometrik-bankacilik-guvenli-mi\/2560\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/atm\/","name":"atm"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2560"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2560\/revisions"}],"predecessor-version":[{"id":7121,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2560\/revisions\/7121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2561"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}