行业新闻：交通银行人脸识别遭破解多名储户百万存款惨遭骗子转走，谁的责任？

www.szhzxw.cn

安全技术与破解一直是IT行业最关心的话题之一。自从人脸识别技术问世，在一定程度上解决了密码容易泄露和破解的问题。新的问题随之而来，人脸识别其实并没有人们想象中的那么安全：银行赖以依靠的最重要的安全验证—-人脸识别被诈骗分子破解后，诈骗分子成功把储户的钱转走了。

根据凤凰网等多家媒体的报道，这样的事情多次在交通银行发生，其中数名储户已经诉诸法院要求交通银行赔偿损失。何某是起诉交通银行的用户之一，2021年6月的某个下午，他在交通银行的50万元存款，突然就不翼而飞了。他报警后联系银行，很快得知银行卡被盗刷了。

警方向银行调取的内容显示，犯罪分子的IP地址为中国台湾，转账使用了短信+人脸识别的方式。法院判决书显示，交通银行承认，用户本人当天并未离开北京，但远在台湾的犯罪分子，却7次通过了交通银行的人脸识别，6次通过活体检测。

储户何某在北京，诈骗分子在台湾，IP地址、登录手机型号都能证明，交行通过的人脸识别对象非受害者本人。但一个“假人脸”如何6次通过交通银行人脸验证的？

对于这些诈骗技术细节，判决书中并未描述。但法院最终认为何某遭遇了电信诈骗，主要过错在于储户自己，交通银行未见存在明显的过错和过失，因此交通银行无须承担资金被盗的赔付责任。储户何某对判决结果不服，并表示会上诉。

清华大学法学教授劳东燕预测，包括人脸数据在内的利用个人信息进行精准诈骗等犯罪的浪潮才刚到来：犯罪的高潮还在后面，尤其是这种多中心的信息收集模式，一定会到处暴雷。

根据数字化转型网对于业内人士的采访，交通银行的人脸识别技术核心供应商是一家叫做北京眼神科技有限公司的企业。

在北京眼神科技有限公司的网站主页上，可以看到国内排名靠前的银行大多数是他们的客户，其中交通银行也赫然在列。

眼神科技的网站上还把交通银行作为其典型的客户案例进行展示：眼神科技为交通银行提供全天候多渠道的生物鉴权服务，交通银行多个渠道端应用的多个应用场景使用了眼神科技生物平台提供的相关服务，包括ITM，MUIP、BBOS、手机银行等，实现生物信息的采集、比对和认证。构建完整的生物识别平台，除提供静态1：1注册、比对服务外，还能提供 1：N动态识别的技术服务。

在眼神科技的展示的金融客户案例中，使用了他们生物识别技术、活体检测技术、刷脸取款等涉及人脸识别技术的银行还有中国邮储、中国银行、光大银行、渤海银行、华夏银行等。

根据数字化转型网对于IT行业的了解，考虑到大部分IT厂商市场部门人单力薄，网站案例存在更新延迟，还有部分案例因为保密没有公开的原因，以上肯定是不完全名单，可能有更多的银行使用眼神科技的人脸识别技术也并未可知。

在眼神科技的网站宣传上，声称自己拥有10亿级别的人脸抓拍历史，有10亿级别的生物身份认证信息，每小时新增200万张人脸数据。如果10亿这个数据如果是真的话，不得不感叹：可谓非常的牛逼！除了不会用手机的5岁以下儿童外，眼神科技所掌握的人脸数据基本覆盖了全中国所有国人的人脸数据了。

这家公司并不是事业单位，也不是国有公司，只是一家注册资金5208万的小公司，60%的股权在一名叫周军的个人手中。周军1993年毕业于山东大学管理科学系，是眼神科技现任CEO。神奇的是，北京眼神科技有限公司的参保人数为0。（华东CIO大会、华东CIO联盟、CDLC中国数字化灯塔大会、CXO数字化研学之旅、数字化江湖-讲武堂，数字化江湖-大侠传、数字化江湖-论剑、CXO系列管理论坛（陆家嘴CXO管理论坛、宁波东钱湖CXO管理论坛等）、数字化转型网，走进灯塔工厂系列、ECIO大会等）

查看了北京眼神对外投资的数家公司，大多数公司的参保人数为0，只有山东眼神智能科技有限公司参保人数为20人，北京眼神智能科技有限公司有92人。相对于IT同行公司恒生电子6930人参保，用友网络3000人参保，商汤科技1300多人参保，眼神科技这样100人的公司在IT行业着实不能称为是大公司。100人的公司可以服务几十家银行还有教育、公用事业客户，人力利用效率着实非常高。

眼神科技这么多银行客户案例，是其他银行没有出问题，只是交通银行的项目个案问题？或许是其他银行的问题没有被媒体曝光？还是储户自身不谨慎的问题？还是诈骗分子技术太高超的问题，银行和IT技术商是无辜的？

原文：

Security technology and cracking has always been one of the most concerned topics in the IT industry. Since the advent of face recognition technology, to a certain extent, the password is easy to leak and crack the problem. A new problem has emerged that facial recognition may not be as secure as people think: fraudsters managed to transfer customers’ money after the most important security verification banks rely on, —-, was hacked.

According to Ifeng.com and other media reports, this has happened many times at the Bank of Communications, and several of its customers have gone to court to demand compensation from the bank. One of the users suing Bank of Communications is a man surnamed He, whose 500,000 yuan in bank deposits suddenly disappeared one afternoon in June 2021. He contacted the bank and soon learned that his bank card had been stolen.

According to the information collected from the bank, the IP address of the criminal was in Taiwan, China, and the transfer was made using text messages and facial recognition. According to the court ruling, Bank of Communications admitted that while the users themselves did not leave Beijing that day, criminals in Taiwan passed the bank’s face recognition seven times and the body detection six times.

Depositors in Beijing, fraudsters in Taiwan, IP address, login mobile phone model can prove that the bank of Communications through the face recognition object is not the victim himself. But a “fake face” how to pass the Bank of Communications face verification 6 times?

The technical details of the fraud were not described in the ruling. However, the court finally held that He had suffered telecom fraud, and the main fault was the depositor himself. Bank of Communications did not see obvious fault and negligence, so Bank of Communications did not have to bear the compensation responsibility for the stolen funds. The depositor refused to accept the verdict and said he would appeal.

Luo Dongyan, a law professor at Tsinghua University, predicts that the wave of precision fraud using personal information, including facial data, is just coming: the climax of crime is still to come, especially with this multicenter mode of information collection.

Bank of Communications’ core supplier of facial recognition technology is a company called Beijing Eye Technology Co., LTD., according to an interview with industry insiders by Digitisation.

On the website of Beijing Eye Technology Co., LTD., you can see that most of the top banks in China are their customers, including Bank of Communications.

The website also presents the Bank of Communications as a typical customer case: Eyetech provides all-weather and multi-channel biometric authentication services for the Bank of Communications. The relevant services provided by the Eyetech biometric platform, including ITM, MUIP, BBOS and mobile banking, are used in multiple application scenarios of the multi-channel applications of the Bank of Communications, to achieve the collection, comparison and authentication of biological information. To build a complete biometric identification platform, in addition to providing static 1:1 registration and comparison services, it can also provide 1: N dynamic identification technical services.

In the case of financial customers in the eye technology display, the use of their biometric technology, living detection technology, brush face withdrawal and other banks involved in face recognition technology and China Postal Savings, Bank of China, Everbright Bank, Bohai Bank, Huaxia Bank, etc.

According to the digital transformation network’s understanding of the IT industry, considering that most of the market departments of IT manufacturers are weak, there is a delay in updating the website cases, and some cases have not been made public because of confidentiality, the above is definitely an incomplete list. It is unknown that more banks may use the face recognition technology of eye technology.

On its website, Eyetech claims to have a billion level of face capture history, a billion level of biometric identity information, and 2 million new face data per hour. If 1 billion this data if true, have to sigh: can be said to be very cow force! Except for children under 5 years old who don’t know how to use mobile phones, the facial data mastered by the eyes technology basically covers the face data of all Chinese people.

This company is neither a public institution nor a state-owned company, but a small company with a registered capital of 52.08 million yuan, 60% of which is in the hands of an individual named Zhou Jun. Zhou Jun graduated from the Department of Management Science of Shandong University in 1993 and is the current CEO of Eye Technology. Amazingly, the insured number of Beijing Eye Technology Co., Ltd. is 0.

We have checked several companies invested by Beijing Eyesaw and found that the number of insured persons of most companies is 0. Only Shandong Eyesaw Intelligent Technology Co., Ltd. has 20 insured persons and Beijing Eyesaw Intelligent Technology Co., Ltd. has 92 insured persons. Compared with the IT peer company Hundsun Electronics, which has 6930 insured persons, Yonyou Network, which has 3000 insured persons, and SenseTime, which has more than 1300 insured persons, a company with 100 insured persons such as Eye Technology cannot really be called a large company in the IT industry. A 100-person company can serve dozens of banks as well as education and utility customers, which is a very efficient way to use people.

There are so many bank customer cases of Eye technology. Is it just a project case problem of Bank of Communications that other banks have no problems? Perhaps problems at other banks have not been exposed by the media? Or is it the savers’ own indiscretion? Or is IT that the fraudsters are too skilled, and that banks and IT firms are innocent?

CXO联盟（CXO union）是一家聚焦于CIO，CDO，cto，ciso，cfo，coo，chro，cpo，ceo等人群的平台组织，其中在CIO会议领域的领头羊，目前举办了大量的CIO大会、CIO论坛、CIO活动、CIO会议、CIO峰会、CIO会展。如华东CIO会议、华南cio会议、华北cio会议、中国cio会议、西部CIO会议。在这里，你可以参加大量的IT大会、IT行业会议、IT行业论坛、IT行业会展、数字化论坛、数字化转型论坛，在这里你可以认识很多的首席信息官、首席数字官、首席财务官、首席技术官、首席人力资源官、首席运营官、首席执行官、IT总监、财务总监、信息总监、运营总监、采购总监、供应链总监。

数字化转型网（资讯媒体，是企业数字化转型的必读参考，在这里你可以学习大量的知识，如财务数字化转型、供应链数字化转型、运营数字化转型、生产数字化转型、人力资源数字化转型、市场营销数字化转型。通过关注我们的公众号，你就知道如何实现企业数字化转型？数字化转型如何做？

【CXO UNION部分社群会员】华为CISO、苏宁CISO、正威CISO、恒力CISO、碧桂园CISO、恒大CISO、联想CISO、国美CISO、万科CISO、吉利CISO、中南CISO、美的CISO、魏桥CISO、青山CISO、沙钢CISO、阳光龙净CISO、恒逸CISO、小米通讯CISO、荣盛CISO、秦康保险CISO、广汇CISO、盛虹CISO、金科CISO、海亮CISO、多弗CISO、新奥CISO、新希望CISO、大连万达CISO、建龙重工CISO、龙湖CISO、南通三建CISO、复星CISO、天能CISO、TCL CISO、万向CISO、中天钢铁CISO、比亚迪CISO、敬业CISO、东岭CISO、超威CISO、海澜之家CISO、东方希望CISO、河北津西钢铁CISO、山东东明石化CISO、顺丰CISO、西安迈科金属CISO、雅戈尔CISO、江阴澄星实业CISO、亨通CISO、百度CISO、均和CISO、中天CISO、华夏幸福基业CISO、鼎龙实业CISO、阳光保险CISO、协鑫CISO、中升CISO、九州通医药CISO、日照钢铁CISO、河北新华联合冶金CISO、三快在线CISO、卓尔CISO、长城汽车CISO、弘阳CISO、万达CISO、传化CISO、宁波金田CISO、利华益CISO、富力地产CISO、内蒙古伊利实业CISO、扬子江药业CISO、正邦CISO、三一CISO、神州数码CISO、唯品会()CISO、融侨CISO、永辉超市CISO、荣盛CISO、锦江CISO、通威CISO、东方CISO、龙光CISO、正泰CISO、天津荣程祥泰CISO等返回搜狐，查看更多

责任编辑：