Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Fingerprint Buys Groceries in Seattle

Posted by timothy on from the don't-lose-your-id dept.

lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?

13 of 375 comments (clear)

  1. The Logical Extension by (void*) · · Score: 5, Insightful

    If this becomes widespread, then fingerprint laundering would become widespread. Don't hold that drinking glass at the restaurant too tightly - the waiter may decide to lift the prints and sell it to the Mafia for money. So people will start wearing gloves. Buy stock in glove copmanies!

    1. Re:The Logical Extension by interiot · · Score: 4, Insightful

      eg. You can't be reissued a fingerprint the way you can with credit cards.

    2. Re:The Logical Extension by flimflam · · Score: 4, Funny

      The hard part is when they revoke the old ones though...

      --
      -- It only takes 20 minutes for a liberal to become a conservative thanks to our new outpatient surgical procedure!
  2. less fees - HA !! by DuncanMurray · · Score: 4, Insightful

    "If we can come up with a payment method where there's no opportunity for fraud, then the fees come down," Kapioski said.

    That's what they said about ATM's.
    That's what they said about Net banking.

    Its all cheap and rosy until its mainstream and then BANG up jump the fees.
    The technology might be cool, it may be convienient, but dont be fooled into thinking that it will be cheaper.

    --
    I'll think of a funny sig later on
  3. Not unique by morcego · · Score: 4, Insightful

    That is interesting once, for some time now, it's known that, contrary to popular belief, fingerprints are not unique. If I can use an analogy, the same applies for network card MAC addresses. Btw, the chances of finding similar fingerprints are greater then MAC addresses.
    Now, I wonder why people continue to use non unique data as identification methods. It really scaries me, then I think about the kind of trouble one get get into on these issues.

    --
    morcego
  4. The main advantage... by zook · · Score: 5, Insightful
    The main advantage of the new system, Kapioski said, is the security.

    No, the main advantage is easier tracking of the customer.

  5. Identity verification at registration by shadowsong · · Score: 5, Insightful

    Verifying the identity of the customer would be absolutly key here.

    (from the article)
    "It takes about one minute to enroll," Kapioski said.

    I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:

    "Employees underwent 15 or 20 minutes of training in the system this week."

    The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.

  6. Trusting your biometrics to anyone ? by Oestergaard · · Score: 5, Insightful

    It's beyond me how anyone would trust their biometrics to random companies (or other entities). Hell, I wouldn't trust the government with mine (they can take prints from my dead cold hands).

    The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.

    The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)

    The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.

    Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.

    Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).

  7. Re:Low tech implementation by irony+nazi · · Score: 5, Interesting
    I'm sorry to debunk you Ms. Angela of LANL, but your statement is nonsense.

    I design software for biometric systems and although I don't know where they are installed at, the US Gov. is our largest client. *NO* current systems verify a third dimensional component. The neural network that IDs the print is fed many parameters. Amongst them is color (as you stated), thumbprint temperature,ambient and outdoor temperature (because the human extremity body-temperature is so dependent upon the environment), plus many more features from the actual 2-Dimensional image. There is no 3-D component.

    You might argue that the angling of the scanning lasers adds a third dimensional component (a shadow) to the 2D image, but this is still something that could be duplicated given an image.

    A very basic components analysis of the Neural Network will show that the thumb temperature is an ineffective means of classifieing the print, yet where I work, marketing insists that we continue to use this. That is why we have tried to increase the temperature importance by also including ambient temperatures, but mostly, the temperature is useless as a classification feature.

    As far as taping a photocopy of somebody's fingerprint to the scanner this won;t work. Our scanners are color images, and the light from the photocopier has to come in at the same angle as the lasers. Using a pane of glass, a red light angled in the right direction, and a camera, we have been able to create photos that pass for fingerprints ~97% of the time. The percentage would be slightly increased if you kept the image in your pocket (body-heat) until placing it on the thumbprint scanner. This number approaches the number of false-negatives that you get with any thumbscanner.

    Using biometric information creates a *real* problem for identity theft. Bruce Schneier points this out in his second book. If the advanced criminals can't reproduce your thumbprint, then they might as well intercept your biometric going from the scanner to the computer and reproduce that on all subsequent machines.

    This is something that I will definitely opt out of in the future. Using a pseudo-random key generator on a cel-phone and having it transmit the key would be more accurate than a biometric.

    --

    Bringing irony to the Slash-masses
  8. How so? by gvonk · · Score: 4, Interesting



    Maybe I am unclear on this, but I use the same debit card 95% of the time at the Kroger I visit for my groceries. Do they have to agree to something saying they won't just use my unique cc number to track my purchases? And even still, is it technically against the rules to grep the data from the card for my name that is encoded on the strip and use that to track my purchases?
    Furthermore, most stores have the "happy consumer tracking" card that many of us keep on our keychain, and to complicate the "tracking" argument further, the fingerprint thing is completely optional, as all of the methods I mentioned are today--

    JUST USE CASH PEOPLE!!!!!

    --


    El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
  9. It still can be open for fraud... by Pig+Hogger · · Score: 4, Interesting
    40 years ago, my father worked for a big British company. One day, the company decided to reward his oldest pensioneer. They went through the records, and found somewhere in India a 105 year old guy who was employed at the turn of the century as a janitor or/and doorman.

    Amazed that a man would live so long, the London head-office naturally sent for the old man.

    But they found nobody: turns out that the guy died some 30 years before. As he was illiterate, he endorsed his pension cheques with his thumbprint. When he died, the family "forgot" to notify the company, and they still cashed the cheques with his thumb, which was neatly mummified right after they cut it off...

  10. Cash? by Bios_Hakr · · Score: 4, Insightful

    Even using cash can seem unsecure if you are parinoid enough. For instance, you withdraw 50$ from an ATM in the mall. Cross reference that with the purchaces made in the next 50 minutes and then filter anything >$75. They can quickly build a list of possible purchaces which will become increacingly accurate over time. The mall has the ability to do this as they probably own the ATM or have access to the log.

    Ok, so now you are to the point where you can no longer withdraw cash form the mall ATM. You may be thinking, "I'll just use the QuickieMart ATM down the street." In time, and with better AI software, the places where you get cash annonymously will shrink. Right now, I consder the counter at my local bank the only place to get cash and not have my name cross-referenced to an ammount and then published to the world. But who knows what kind of deal your bank may have with local merchants. Even if they don't share your info, someone clever enough can find your pay scale, subtract your bills, and target you for specific advertisements based on what you will likely buy. Even knowing that it really isn't difficult for a 3rd party to find out how much free cash you have every month can scare the hell out of you.

    --
    I'd rather you do it wrong, than for me to have to do it at all.
  11. "handy" indeed, there's always someone who pays by jukal · · Score: 5, Insightful

    Pardon me, but as, for example this document, and multiple others state. Fingerprint ID has a false positive identification rate just under one percent. And gross biometric accuracy of 1:500.

    Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.

    Sincerely, fingerprints were not made for shopping. :))