Abstract. Several multimodal biometric schemes have been suggested in literature which employ robust watermarking in order to embed biometric template data into biometric sample data. In case robust embedding is used as the sole means of security, tampering attacks can be mounted. The results of a corresponding attack against a multimodal iris recognition scheme show, that in this environment either semi-fragile watermarking or additional classical cryptographic means need to be applied to secure the system against the demonstrated attack.