Slashdot Mirror

← Back to Stories (view on slashdot.org)

Your Fingerprint Buys Groceries in Seattle

Posted by timothy on from the don't-lose-your-id dept.

lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?

6 of 375 comments (clear)

  1. The Logical Extension by (void*) · · Score: 5, Insightful

    If this becomes widespread, then fingerprint laundering would become widespread. Don't hold that drinking glass at the restaurant too tightly - the waiter may decide to lift the prints and sell it to the Mafia for money. So people will start wearing gloves. Buy stock in glove copmanies!

  2. The main advantage... by zook · · Score: 5, Insightful
    The main advantage of the new system, Kapioski said, is the security.

    No, the main advantage is easier tracking of the customer.

  3. Identity verification at registration by shadowsong · · Score: 5, Insightful

    Verifying the identity of the customer would be absolutly key here.

    (from the article)
    "It takes about one minute to enroll," Kapioski said.

    I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:

    "Employees underwent 15 or 20 minutes of training in the system this week."

    The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.

  4. Trusting your biometrics to anyone ? by Oestergaard · · Score: 5, Insightful

    It's beyond me how anyone would trust their biometrics to random companies (or other entities). Hell, I wouldn't trust the government with mine (they can take prints from my dead cold hands).

    The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.

    The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)

    The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.

    Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.

    Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).

  5. Re:Low tech implementation by irony+nazi · · Score: 5, Interesting
    I'm sorry to debunk you Ms. Angela of LANL, but your statement is nonsense.

    I design software for biometric systems and although I don't know where they are installed at, the US Gov. is our largest client. *NO* current systems verify a third dimensional component. The neural network that IDs the print is fed many parameters. Amongst them is color (as you stated), thumbprint temperature,ambient and outdoor temperature (because the human extremity body-temperature is so dependent upon the environment), plus many more features from the actual 2-Dimensional image. There is no 3-D component.

    You might argue that the angling of the scanning lasers adds a third dimensional component (a shadow) to the 2D image, but this is still something that could be duplicated given an image.

    A very basic components analysis of the Neural Network will show that the thumb temperature is an ineffective means of classifieing the print, yet where I work, marketing insists that we continue to use this. That is why we have tried to increase the temperature importance by also including ambient temperatures, but mostly, the temperature is useless as a classification feature.

    As far as taping a photocopy of somebody's fingerprint to the scanner this won;t work. Our scanners are color images, and the light from the photocopier has to come in at the same angle as the lasers. Using a pane of glass, a red light angled in the right direction, and a camera, we have been able to create photos that pass for fingerprints ~97% of the time. The percentage would be slightly increased if you kept the image in your pocket (body-heat) until placing it on the thumbprint scanner. This number approaches the number of false-negatives that you get with any thumbscanner.

    Using biometric information creates a *real* problem for identity theft. Bruce Schneier points this out in his second book. If the advanced criminals can't reproduce your thumbprint, then they might as well intercept your biometric going from the scanner to the computer and reproduce that on all subsequent machines.

    This is something that I will definitely opt out of in the future. Using a pseudo-random key generator on a cel-phone and having it transmit the key would be more accurate than a biometric.

    --

    Bringing irony to the Slash-masses
  6. "handy" indeed, there's always someone who pays by jukal · · Score: 5, Insightful

    Pardon me, but as, for example this document, and multiple others state. Fingerprint ID has a false positive identification rate just under one percent. And gross biometric accuracy of 1:500.

    Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.

    Sincerely, fingerprints were not made for shopping. :))