Slashdot Mirror
Your Fingerprint Buys Groceries in Seattle
lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?
but if you thought those MVP/VIC/etc... cards were bad about providing tacking info, this is a nightmare
XML is like violence. If it doesn't solve the problem, use more.
Interesting concept. Since it's difficult to forge fingerprints, it may be a viable idea. Still, someone other than you could use their fingerprint tied to your money, which isn't a good idea. Whatever works, though...
Live or die trying.
If this becomes widespread, then fingerprint laundering would become widespread. Don't hold that drinking glass at the restaurant too tightly - the waiter may decide to lift the prints and sell it to the Mafia for money. So people will start wearing gloves. Buy stock in glove copmanies!
"If we can come up with a payment method where there's no opportunity for fraud, then the fees come down," Kapioski said.
That's what they said about ATM's.
That's what they said about Net banking.
Its all cheap and rosy until its mainstream and then BANG up jump the fees.
The technology might be cool, it may be convienient, but dont be fooled into thinking that it will be cheaper.
I'll think of a funny sig later on
That is interesting once, for some time now, it's known that, contrary to popular belief, fingerprints are not unique. If I can use an analogy, the same applies for network card MAC addresses. Btw, the chances of finding similar fingerprints are greater then MAC addresses.
Now, I wonder why people continue to use non unique data as identification methods. It really scaries me, then I think about the kind of trouble one get get into on these issues.
morcego
No, the main advantage is easier tracking of the customer.
Verifying the identity of the customer would be absolutly key here.
(from the article)
"It takes about one minute to enroll," Kapioski said.
I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:
"Employees underwent 15 or 20 minutes of training in the system this week."
The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.
It's beyond me how anyone would trust their biometrics to random companies (or other entities). Hell, I wouldn't trust the government with mine (they can take prints from my dead cold hands).
The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.
The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)
The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.
Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.
Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).
...I'm sure the checkout lady won't mind you holding up a drinking glass to the Thriftway fingerprint reader.
Ok.. seriously.. i've seen a few postings on identity thefts, the inherent fallacies of fingerprinting technology, the lack of three dimensional recognition... but what really scares me is...
THESE BASTARDS ARE GONNA AD-TARGET ME!
On a serious note though, I'd be more concerned about targetted marketing and advertising from the supermarket itself than identity theft and mistaken fingerprints.
Think about it.. they'll have your name, your address, and your shopping habits. my gramma asks me to nip down to the grocery store for her.. next thing you know, i'm getting samples of preperation H and Depends shipped right to my door.
That time of the month? Don't worry, we've been tracking that too! This handy dandy sample of Playtex tampons will show up JUST IN TIME! (oh wait.. that one could actually be useful).
Gah. No thanks.. think i'll skip the fingerprinting and keep paying with cash. At least til they come out with a wrist chip implant...
Moral indignation is jealousy with a halo - H. G. Wells
I design software for biometric systems and although I don't know where they are installed at, the US Gov. is our largest client. *NO* current systems verify a third dimensional component. The neural network that IDs the print is fed many parameters. Amongst them is color (as you stated), thumbprint temperature,ambient and outdoor temperature (because the human extremity body-temperature is so dependent upon the environment), plus many more features from the actual 2-Dimensional image. There is no 3-D component.
You might argue that the angling of the scanning lasers adds a third dimensional component (a shadow) to the 2D image, but this is still something that could be duplicated given an image.
A very basic components analysis of the Neural Network will show that the thumb temperature is an ineffective means of classifieing the print, yet where I work, marketing insists that we continue to use this. That is why we have tried to increase the temperature importance by also including ambient temperatures, but mostly, the temperature is useless as a classification feature.
As far as taping a photocopy of somebody's fingerprint to the scanner this won;t work. Our scanners are color images, and the light from the photocopier has to come in at the same angle as the lasers. Using a pane of glass, a red light angled in the right direction, and a camera, we have been able to create photos that pass for fingerprints ~97% of the time. The percentage would be slightly increased if you kept the image in your pocket (body-heat) until placing it on the thumbprint scanner. This number approaches the number of false-negatives that you get with any thumbscanner.
Using biometric information creates a *real* problem for identity theft. Bruce Schneier points this out in his second book. If the advanced criminals can't reproduce your thumbprint, then they might as well intercept your biometric going from the scanner to the computer and reproduce that on all subsequent machines.
This is something that I will definitely opt out of in the future. Using a pseudo-random key generator on a cel-phone and having it transmit the key would be more accurate than a biometric.
Bringing irony to the Slash-masses
"They love it because it takes the cash out of the hands of 18-year-old clerks," Nickerson said.
Okay, I'm all for new conviences, but I think this is quite a bit unfair. I ran a cash register for Marshall's starting when I was 16, and ending when I was 19. My highest drawer variance was 13 cents, and the most expensive thing i took home was a pen from a register.
During my time there, 13 people where fired for dishonesty, and there was no trend in the age- people of all generations got canned for theft, including a 63 year old lady.
Really, I'm 23 now, but is there that much a problem with the youth being dishonest nowadays, moreso then anyone else? Please, do tell me.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Maybe I am unclear on this, but I use the same debit card 95% of the time at the Kroger I visit for my groceries. Do they have to agree to something saying they won't just use my unique cc number to track my purchases? And even still, is it technically against the rules to grep the data from the card for my name that is encoded on the strip and use that to track my purchases?
Furthermore, most stores have the "happy consumer tracking" card that many of us keep on our keychain, and to complicate the "tracking" argument further, the fingerprint thing is completely optional, as all of the methods I mentioned are today--
JUST USE CASH PEOPLE!!!!!
El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
Sorry but los alamos is not in nevada - but NM. New Mexico
Amazed that a man would live so long, the London head-office naturally sent for the old man.
But they found nobody: turns out that the guy died some 30 years before. As he was illiterate, he endorsed his pension cheques with his thumbprint. When he died, the family "forgot" to notify the company, and they still cashed the cheques with his thumb, which was neatly mummified right after they cut it off...
Even using cash can seem unsecure if you are parinoid enough. For instance, you withdraw 50$ from an ATM in the mall. Cross reference that with the purchaces made in the next 50 minutes and then filter anything >$75. They can quickly build a list of possible purchaces which will become increacingly accurate over time. The mall has the ability to do this as they probably own the ATM or have access to the log.
Ok, so now you are to the point where you can no longer withdraw cash form the mall ATM. You may be thinking, "I'll just use the QuickieMart ATM down the street." In time, and with better AI software, the places where you get cash annonymously will shrink. Right now, I consder the counter at my local bank the only place to get cash and not have my name cross-referenced to an ammount and then published to the world. But who knows what kind of deal your bank may have with local merchants. Even if they don't share your info, someone clever enough can find your pay scale, subtract your bills, and target you for specific advertisements based on what you will likely buy. Even knowing that it really isn't difficult for a 3rd party to find out how much free cash you have every month can scare the hell out of you.
I'd rather you do it wrong, than for me to have to do it at all.
I can see my credit card bills stating I owe them one finger each. Ouch.
I think everyone would give them the same finger.
This Wiki Feeds You TV and Anime - vidwiki.org
Unfortunately this opens up the possibility of simply taping a photocopy of somebody else's thumbprint onto my own thumb.
No, it doesn't, because you're BUYING GROCERIES.
It doesn't have to be impenetrable. There are easier, and less detectable, ways to fraudulently buy groceries. You think nobody on line behind you is going to notice you walking around with a photocopy of a fingerprint TAPED to your THUMB?
The supermarket is not your lab, Dr. Biscuit.
The uniqueness of fingerprints is important when considering criminal convictions where there's little or no other direct evidence besides latent prints, but it's not a big concern here.
A far easier attack here is to swap out the record in the database. If it doesn't have good auditing, it would be trivial to swap in somebody else's prints, make a large purchase of easily fenced goods, then swap the original prints back in without detection.
You could probably even just add additional prints as an additional purchaser. But that's risky since those prints could then be used by investigators.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Doesn't baby oil cause condoms to break down? "a few thousand dollars in condoms and water-based lubricant" sounds much better. =)
As far as I know the crossover accuracy ratio for finger print biometric techniques is low.
The few systems I've encountered, fingerprints are not used to uniquely identify people, just as a verification - people still need to swipe a card or enter a pin, then the fingerprint is used for verification.
Do they have a new technique? There's nothing on the Indivos or Bioscrypt websites stating the crossover rates etc.
Being a seattle resident. . . .
.), those the local store for a while was hosting some sort of cheese festival, it was a paid admittance thing. Ugh.
Thriftway, despite there name, is an establishment that caters to the middle and upper class portions of society. Their customers tend to be retired citizens or soccer moms.
Besides the very fact that I get damn nearly nauseous just going in there (no seriously, I think that they sprayed the damn place with "odor of extravagant spending" or something ), candy bars alone have a 200% price market from the local safeway. Ouch.
They rarely have any sales (or at least any that reduce prices to something halfway decent) and have 'guided tours' of their stores (what the hell ever. . .
Annyways, as I way saying. . . . ok actually no point to this message other then to say that the middle and upper classes suck. -_-
--- teh classissist
Need help treating your acne? Come here!
Hunh... An interesting idea, but what if someone had their fingerprints burned off? I guess we could go to retinal scanners, but I've never liked sticking my eye up to some random machine. DNA scanners would need blood, voice recognition differs too much with attitude and health, and facial recognition is in its infancy.
Maybe, if someone could develop a system with, say, a two by three inch plastic card with someone's name on it, we could circumvent the whole deal. Yeah, it would be great! No more worrying about whether the machine would work, or your fingers were dirty, or someone had your prints - just slide the card and go through. We could even put a strip with bumps or - no, I've got it - a _magnetic strip_ with information identifying that person! As long as you didn't lose it - a far easier eventuality to avoid than, say, accidentally leaving your fingerprints on something - security would be perfect.
You think it'll catch on?
Pardon me, but as, for example this document, and multiple others state. Fingerprint ID has a false positive identification rate just under one percent. And gross biometric accuracy of 1:500.
:))
Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.
Sincerely, fingerprints were not made for shopping.
If they insist on my fingerprints, I'm outta there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You think on-line transations get expensive after they become mainstream? That strikes me as odd. Credit card rates that should be have been criminialized were in place long before the net went mainstream. In fact, it's not unreasonable to suspect that exact issue might have been one of the big reasons e-commerce didn't fly. It was starting out the gate with a tax going to the card companies, and for what, money handling? Isn't the government supposed to provide the currency.
According to the Constitution that's how it was supposed to go.
Net banking fees emerged AFTER it went mainstream?
Sorry, that's factually incorrect.