Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kroger Testing Fingerprint Payment System

Posted by timothy on from the keep-them-secret-keep-them-safe dept.

MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."

8 of 412 comments (clear)

  1. Re:Not sure if this is possible... by Anonymous Coward · · Score: 1, Informative

    I forget which James Bond movie it was (with Sean Connery), I remember him plucking a fake set of thin rubber prints off his fingers after he used them to impersonate somebody. All the way back in the 60s... nothing new I guess.

  2. Hygiene, plz by Anonymous Coward · · Score: 1, Informative

    Lets not overlook the health issues. A whole population filing through touching the same surface again and again... can you say 'spreading germs as fast as the plague'?

  3. obvious security concerns by drDugan · · Score: 5, Informative


    Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check

    The concern I have is whether random company X will be smart enough to protect payment methods data and fingerprint data, both (most likely) linked to personal info.

    A relative worked in a co for a few years back that implemented the software to get supermarkets to accept CCs. The implementations always prevented the merchant from keeping/tracking the payment info. I think this intentional (data anyone?) on the part of the CC companies -- and it's why supermarkets use the 'bonus cards' 'rebate cards' etc. instead of just tracking your purchases with which CC you use. The supermarkets typically don't keep the cc numbers/ name etc. after purchase is complete (I think).

    Regardless -- Under this new system, KROGER has to use/implement some IT system that tracks all the users payment methods and prints. While Kroger may do this fine, the assumption is that any company that wants to implement this kind of system, has to either implement or access a (possibly centralized) repository of fingerprint payment method mapping DB, with personal data. This is an enormous hacking target. I work under that assumption that anything that people access can be hacked, and therefore people should alway weigh the benefit of putting datasources together that create a risk for being stolen.

    While that arguement does not really apply for one company, as more and more companies start to do this, the question becomes will the systems be secore enough to justify the benefits and costs?

  4. Worried about the cards? Make yours a co-op. by Akardam · · Score: 4, Informative

    That's right. Most stores, you don't even need the actual card. You just key in your phone number. So setup a card with someone's phone number (it doesn't even need to be a valid number), and give it out to all your friends. The more it is used, the more you get savings, and if you give it out to enough people, the demographics become to skewed to be of any use.

    *shrug* It's what me and my family do, and we don't seem to have any problems with using it.

  5. Re:Fraud? by jdh-22 · · Score: 2, Informative

    Here is a good article from Bruce Schneier that describes how Biometrics can be easily fooled, $10 worth of household supplies. Just go read the article.

    --
    Every Super Villan uses Linux.
  6. Re:Fraud? by plover · · Score: 5, Informative
    The gummy fingerprints defeated all the live finger detection systems handily.

    The gummy mold is just an ordinary photo-etched copper-plated printed circuit board. (I made lots of them when I was a kid from stuff I bought at Radio Shack.) Take a photo of a fingerprint. Make a full size transparency of it. Expose the photosensitive circuit board using the transparency as a mask. Etch the circuit board. Pour ordinary hot liquid gelatin over the board in an even (3 mm or so) layer (the original paper gave a recipe, but you should be able to use any old recipe for "Knox Blox". It's just ordinary gelatin mixed with boiling water.) Harden it in the refrigerator. When it's time to use it, simply cover the tip of your own finger with the sheet of gelatin.

    It passes live tests easily. The thin layer of gelatin is almost invisible. It's transparent, so your own skin shows through. It's conductive: it has a moisture content similar to your own body. And it's warm: your body heats up 3mm of gelatin quite rapidly.

    And once you pass through the scanner, you just lick your fingertip and the evidence is gone.

    Extensive testing of this was performed against eleven different fingerprint scanners earlier this year. EVERY TESTED SCANNER ACCEPTED THE GUMMY FINGERS, including those advertising "live and well detection", with acceptance rates varying between 65% - 100%. John Young's website has a copy of the paper here.

    Biometrics, in general, are not sufficient for high security. They work best only in conjunction with other security measures.

    --
    John
  7. Re:No real worries by swordgeek · · Score: 3, Informative

    I imagine you've seen how easy it is to do this by now, but in case you missed it:

    http://www.counterpane.com/crypto-gram-0205.html #5

    --

    "People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
  8. Re:Snake Oil by pesc · · Score: 4, Informative

    And:

    5. Your fingerprints are not secret. You are leaving thousand copies of them daily on objects you touch. Combine this with item 1.....

    --

    )9TSS