Domain: paybytouch.com
Stories and comments across the archive that link to paybytouch.com.
Comments · 13
-
Re:Not the only stores
A small, family-owned grocery store in Upstate New York started a "pay by touch" system. They took it further by adding individualized rewards. The database will remember what each customer purchases, and offers them customized coupons, promotions and rewards. http://www.paybytouch.com/news/pr_10-18-05.html
-
Biometrics suck
From the article:
After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.
For starters, you only have 10 fingers. If a password is stolen, you can reset your password. How do you reset a fingerprint for cripes sake?
Other people have already talked about using fake fingers to fake out the readers. However, the fingerprint is converted by the reader into a string of binary digits. If you know what you are looking for, you can steal someone's fingerprint over the network....tcpdump anyone? Now how hard would a replay attack be?
Just say no to biometrics, unless they are used with strong encryption, or other multi-factor authentication.
Oh, just in case someone thinks this is just someone's fantasy, they have the readers installed near my house. Fingerprint readers at Farm Fresh. -
Re:People will reject it
But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it.
Don't mind me, I'm just buying some powder, a makeup brush and tape. Don't mind my friend in line ahead of you, he's just testing out his new windex on the fingerprint reader to make sure the bottle isn't defective.
I'm not "stupid" but I do have opinions of this. Based on their demo (flash) they use a simple pad-based scanner where you press your finger, rather than a strip-based scanner which you would drag your finger across (smearing prints in the process). All thats needed is to look over your shoulder as you tap in your "search number" as the demo calls your PIN, and I'm you (for the purpose of buying food, at least).
I won't use it, but I'll feel sorry for the people that do, and when they try to contest odd charges they're told that it was bought with their fingerprint so they had to have been the ones to do it. Reminds me of the giant ATM scandal in the UK, and it's harder to steal a fingerprint than a PIN, right? -
Re:thoughts
> "The company pledges not to sell or rent personal information, or access to it."
That should read "The current management of the company pledges not to sell or rent ...."
http://www.paybytouch.com/privacy_policy.html
Notification of Changes
If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.
Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.
Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.
We all know how secure third parties are.
"In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."
Er, they are fingerprints, how anonymous are fingerprints!
http://www.paybytouch.com/member_terms.html
THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.
Great, that's the feel good factor ! -
Re:thoughts
> "The company pledges not to sell or rent personal information, or access to it."
That should read "The current management of the company pledges not to sell or rent ...."
http://www.paybytouch.com/privacy_policy.html
Notification of Changes
If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.
Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.
Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.
We all know how secure third parties are.
"In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."
Er, they are fingerprints, how anonymous are fingerprints!
http://www.paybytouch.com/member_terms.html
THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.
Great, that's the feel good factor ! -
Not just a finger scan a pin code is also required
If you view the flash demo on the paybytouch website, you will discover that the system only makes the need to carry the actual (plastic) credit card redundant. You will still need a checking account or credit card account to charge the purchase. In the demo you can see that you are give a choice on how you wish to pay, presumably from your payment choices given when you first registered for the system. You will also notice in the demo you are also required to enter a PIN number.
More information can be found here -
Not just a finger scan a pin code is also required
If you view the flash demo on the paybytouch website, you will discover that the system only makes the need to carry the actual (plastic) credit card redundant. You will still need a checking account or credit card account to charge the purchase. In the demo you can see that you are give a choice on how you wish to pay, presumably from your payment choices given when you first registered for the system. You will also notice in the demo you are also required to enter a PIN number.
More information can be found here -
Not just a finger scan a pin code is also required
If you view the flash demo on the paybytouch website, you will discover that the system only makes the need to carry the actual (plastic) credit card redundant. You will still need a checking account or credit card account to charge the purchase. In the demo you can see that you are give a choice on how you wish to pay, presumably from your payment choices given when you first registered for the system. You will also notice in the demo you are also required to enter a PIN number.
More information can be found here -
Re:Europe
I feel a certain obligation to mention these guys. They're rolling out a thumbprint system to retailers right now. Their system is sort of an electronic wallet that stores credit card info. You thumb the reader and pick which card to use. You can sign up at the store, so it's as safe as using your card there in the first place. Since it's just an enabler for your existing cards, they shouldn't have any trouble with the credit card industry, especially since their general counsel and Chief Marketing Officer came from Visa.
I'm thinking they'll succeede, just looking at the management team. Craig Ramsey (joined IBM in 1968, pre-IPO at Amdahl, Oracle, and Siebel) was president until this year (still on the board) and the management team has some real heavy hitters from IBM, Visa and Siebel, plus the guy who took Blockbuster from 18 to 3000 stores. Their CFO has both an MBA and a JD from Stanford. These folks create billion-dollar enterprises. You could do a set of trading cards. -
Re:Europe
I feel a certain obligation to mention these guys. They're rolling out a thumbprint system to retailers right now. Their system is sort of an electronic wallet that stores credit card info. You thumb the reader and pick which card to use. You can sign up at the store, so it's as safe as using your card there in the first place. Since it's just an enabler for your existing cards, they shouldn't have any trouble with the credit card industry, especially since their general counsel and Chief Marketing Officer came from Visa.
I'm thinking they'll succeede, just looking at the management team. Craig Ramsey (joined IBM in 1968, pre-IPO at Amdahl, Oracle, and Siebel) was president until this year (still on the board) and the management team has some real heavy hitters from IBM, Visa and Siebel, plus the guy who took Blockbuster from 18 to 3000 stores. Their CFO has both an MBA and a JD from Stanford. These folks create billion-dollar enterprises. You could do a set of trading cards. -
Re:Watch out!
umm your a littel behind the times. we are already using fingerprint tech.
http://paybytouch.com/ -
PayByTouchThere are companies offering just that. We looked at PayByTouch, a company that offers a "digital wallet" that you can access at participating retailers. As a customer, you go to a kiosk, register your fingerprint, and swipe the cards you want to store in the "wallet". At the point of purchase, you key your phone number and touch the fingerprint reader, and the PIN pad brings up your wallet where you can scroll through your cards and select the one you want for this transaction.
According to PayByTouch, the phone number is used as an index to speed fingerprint matching. The PBT computer located at the point of sale device turns the fingerprint data into a hash on the spot prior to sending the request over the network, so the "clear" fingerprint isn't stored or sent anywhere.
I personally thought customers would find "fingerprinting" to be too Big-Brotherish, but many pilot customers preferred the idea of using a fingerprint over carrying a wallet full of credit cards and shopper loyalty cards. But at the time we looked at them, Visa refused to certify them as being as secure as a mag stripe, so the idea died around here.
-
It's really based on phone numberPay By Touch doesn't really identify people based on fingerprints. You have to "enter your phone search number (usually your phone number)". The fingerprint reader is only for "verification".
So the fingerprint recognition could be total vaporware, and it would still appear to work.
Even if it's real, typical Equal Error Rates for fingerprint systems are around 5%. So if you have a list of customer phone numbers and access to a fingerprint terminal, you should be able to crack the system in about 20 tries. Then you have access to someone else's accounts.