ISACA Melbourne Chapter: Emerging Technology Working Group
Title: Hybrid Event: Authorised and Compromised – The Biometric Illusion
Date: 21 May 2026
Time: 12 to 1PM AEST
Online: Teams | 1.0 CPE. Use this form to Register.
In person: CISCO, Level 11, 101 Collins Street, Melbourne VIC. REGISTER HERE so we can confirm your seat.
** Please provide your ISACA Membership Number AND ISACA Membership Email when you register so our volunteers can upload your CPEs for you to apply. **
Abstract
Biometric authentication is often positioned as a frictionless convenience for users, but this session reframes it as something far more consequential: an irreversible identity binding mechanism. Unlike passwords or tokens, biometric identifiers cannot be changed once compromised, fundamentally altering the risk landscape for organisations and individuals alike.
Across both national identity systems and commercial deployments, consistent structural weaknesses are emerging. These include the use of irrevocable identifiers, overly optimistic threat models, insufficient template isolation, and governance frameworks that continue to treat biometrics as merely “sensitive data” rather than what they truly represent—permanent credentials.
This session explores the implications of these design assumptions and highlights several critical realities:
- Biometrics collapse authentication and identity into a single, permanent artefact
- The impact of a breach is lifetime-bound, not transactional or recoverable
- False positives must be understood as governance failures, not acceptable statistical noise
- Most regulatory frameworks underestimate the risk of irreversibility
- Truly secure biometric deployment is possible, but often incompatible with low-cost, mass-scale convenience models
By challenging prevailing narratives around usability and risk, this session provides a more rigorous lens for evaluating biometric systems—shifting the conversation from adoption to accountability, resilience, and long-term trust.