Kroger Testing Fingerprint Payment System

MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."

Fraud?

[Mikeytsi]

What about how trivial it is to fake a fingerprint? I'd think that would be a pretty big concern.

Re:Fraud?

[MamasGun]

The fingerprint reader could have sensors on it to determine if what it's reading is a warm, live finger, or a cold inanimate object. If it's warm, it's accepted. If it's cold, it gets kicked back. This is not only good for the gelatin fake finger trick, it's also useful in the absolute worst case scenario where the finger was cut from a corpse, or a living person. Ouch! I believe that mil-spec fingerprint readers have this capability...those consumer-grade readers like U-R-U and the IBM laptop thingy don't have this kind of sophistication.

Not to mention what happens if

[Choco-man]

You cut or burn your fingers.

It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)

Re:Not to mention what happens if

[scrytch]

there's an old joke about crooks who burn their fingerprints off: the cops say "pick up the guy with no fingerprints".

you have to seriously disfigure your finger to "fool" the system, and you know what? you just redo it with your burned fingers. bigger problem if you have a band-aid on your finger, actually. personally i haven't used my actual safeway card since i got it -- i just enter my phone number.

i wouldn't have a problem with biometric authentication -- if it were something like my credit card and i wanted to switch off all the other forms of authentication (god knows CC companies don't want you to be able to do that though). but i don't see how it's convenient to give up a token that i can give to my family and not have to deal with flakey slow readers with dirty screens.

rant mode: screw it, i'll spend a few extra bucks to shop at andronicos or something, guess that's the expense of not getting tagged and cataloged like an animal in the 21st century.

Finger Print?

I just got an HP iPaq 5450 with biometric fingerprint reader. I thought the finger print security feature was pretty sweet until I let my brother try it. After 4 finger swipes, it let him through thinking it was me.

I doubt Kroger will use the same technology, but still cause for concern. Is fingerprint scanning technology really ready for mainstream use?

Re:Buying Rubbers & Posting to Slashdot

[Hormonal]

Heh. All right, the wife takes a pill every morning, so I don't have to buy them.

However, back in the day, I was always scared of the old evil eye while checking out. I bought a lot of useless shit, in an effort to disguise the purchase. What a dumbass.

Good idea

[andyring]

In theory, this is a good idea, I think. Looks like ./ covered this back in May. That post also describes a way to fool it with gelatin. Another submission talks about Thriftway stores doing this back in April. And, back in Oct. 2001 a post described use of fingerprint IDs on Acer laptops.

So, this is really nothing new, but it looks like this may be one of the larger rollouts of such technology. Really no different (from a practical standpoint) than things like automatic toll booths or Mobil's Speedpass method of buying gas, although fingerprints would be inherently more secure. If we had Kroger stores around here, I'd be willing to sign up, but I don't think they have a presence in Nebraska, at least not in the Lincoln area.

Re:Sounds Good; Ban Little Plastic Bags Next

[drDugan]

in genl, i'd agree

one problem I see as we push forward with the "if you have concerns, use cash" is that after some time, it will be suspicious to protect your privacy. People who use cash will be singled out for scrutiny simply be not conformign to the technology that enables scrutiny.

Another store to not get my business.

[jackb_guppy]

I and my wife, do not sign electronic tablets - your signatares are the last line of defense from fraud.

We do not use Mobil's / Mc Donald's speed pass.

We use a debit cards attached to an account different from our main account - to protect against on-line fraud.

Our local transit system tracks you by smart card use. So we do not use these.

We will not fly anymore because of the tracking and security there. (anyone wantto hand out free chocolates to stop the scanners?)

Our free country is becoming Russia of old, maybe even Germany? So who really won those last wars?

Use cash. That will keep the lines moving!

Re:Another store to not get my business.

so here is a snapshot on how these fucks think:



"If you don't violate someone's human rights some of the time, you probably aren't doing your job," said one official who has supervised the capture and transfer of accused terrorists. "I don't think we want to be promoting a view of zero tolerance on this. That was the whole problem for a long time with the CIA."



found this in a quick search in TODAY's news. if you are not paranoid about our government, you're not listening.

http://www.washingtonpost.com/wp-dyn/articles/A379 43-2002Dec25.html

Re:great....

[theLOUDroom]

Exactly.

Anyone ever see the movie Demolition Man?
There's a scene in it the explains very simply why biometric authentication is a bad idea:

Snipes, needs to bust out of this high-tech future prison, but they have a retinal scanner on the door, so he just takes the eye of some guy he just killed, stick it on a pen and holds it in front or the scanner.

No thanks. I'd rather be able to surrender my credit card to a mugger and then make a phone call and have the account shut down. If everything goes biometric I have to be a hostage, or loose a body part for them to get what they want. And then...

What do I do if someone "steals" my fingerprint? I can't exactly go get new ones and shut the old ones down, now can I?

There are lots of other good reasons why this isn't such a wonderful idea, either. I can send my girlfriend out for a pizza with my credit card, but not if everything is fingerprint based. Then there's the false positive/negative rate problems, the what happens if you hurt your thumb problem, etc. And I don't think I'll even get started on the privacy concerns here.

The next "credit card" type of system we need, is one where the cards themselves have computers in them and all transactions use encryption. When someone asks me for $5 I can give them an encrypted message for my bank authorizing a one-time transfer. Then I don't have to trust them not to overcharge me (right now they can say they're charging you $5 and charge you $500), or to keep my number safe from 133thaX0rs (see ford for an example of this problem).

Suspicion of those who opt-out

[Nfnitloop]

A fellow mentioned the look he got when he goes in to buy rubbers.
Like the evil eye he feels like he gets, what's going to happen if you don't want to do this? Most average joes will like the idea, be reminded of Back To The Future 2 and sign right up. But people who are worried about privacy, failure rate, and law enforcment entanglements could automatically be up for suspicious looks if they *don't* fork over a thumb (or any other finger).

Also, since people have been talking about how easy it is to fool a fingerprint biometric scanner - how does this compare to retinal scanning and what are the problems behind *that* method? Visions of the mall scene in Minority Report come to mind.

Snake Oil

[MenTaLguY]

Such a system relies on two major assumptions:

• Your finger is unique and physically secure (hopefully true)
• There's no "your finger" equivalent that someone could use (patently false and hopelessly naive)

The problems with such a system:

1. It's easy to falsify. It's actually almost trivially easy to fool a fingerprint reader and fake someone else's fingerprint. (note that the type of gelatin Matsumoto used is seaweed based -- a little stiffer and a bit different than what we use in the states, but I'm sure you can find it here in an asian grocery store or similar)
2. It's not verifiable. There is no challenge-response method possible with your finger to verify that it's even your finger, unless you want to add an embedded subcutaneous microchip, as in a smart card (but then why a fingerprint at all?). Worse, no such system actually checks your fingerprint; it computes a numeric hash of some sort from key features. Any hackery that can get you into the system behind the fingerprint reader means you just use the numeric hash (VERY easy to copy!) instead of a fingerprint. Consequently, it's no more secure than a credit card number in this respect.
3. It's not unique. Two words: hash collisions. Not such a big deal for authentication, but a real problem for identification.
4. It's not revokable. Given the above, if someone steals either your fingerprint or its hash, it's not like you can just get a new one, like you can a credit card number. You'd better hope the system at least allows you to switch to a new finger (and hope you don't run out of fingers). In the worst case, then, it's actually LESS secure than a credit card.

Grocery stores are where the technology is at...

[VudooCrush]

I currently work for one of the largest grocery chains in the US. We're trying all different kinds of things -- ie automated checkout's, online grocery stores, pda based ordering in the deli, super carts which tell you when your passing a good deal, and other things. We've had wireless access points in our stores for years. All of the guns the stores order with are wireless. Some stores have more Cisco equipment in them than a small ISP does. And the great thing about grocery chains is they don't go bankrupt like so many dotcoms have. It's like McDonald's disapearing, it's not going to happen.

Driver's License in GA

[clustersnarf]

Getting a Drivers License in Georgia requires you to provide your finger prints. I am wary of this and still expect my conformity to come back and haunt me. Seems that the DMV is just a way to get more finger prints to compare against in crimes.

I've watched enough 'Law and Order' as well as 'Forensic files' , 'The New Detectives' and others. Seems to me that just a FEW hits on your fingerprint is enough to convince people that it was really yours. Until I commit a crime, I don't want the state having my Fingerprint. Much less a grocery store.

This is something, along with the 'bonus cards' that I hope to never give in to. I do believe that these finger ID systems will just be another way to track people and their movements. I mean if Hardcore right wingers want to talk about 'the mark of the beast' and such in relation to people being BarCoded, how are they going to react when they hear that EVERYONE HAS A SERIAL NUMBER ENCODED INTO THEIR FINGER PRINT!!??!?!

This is truely a step towards total population control.

Re:some?

[LineNoiz]

Most stores don't give a rats ass about your personal information. In fact, in response to public outcry against divulginf personal information, major chains that use the cards proclaimed "Just give us fake info! We don't care!"

The major problem with savings cards is that they use them to demograph their highest spending shoppers. According to a study in the late 90s, 75% of a supermarkets revenue comes from 30% of their customers. These cards let them know what those 30% buy (with or without knowing who they actually are), and to tailor their store to this group of people. The rest of us are screwed.

Here is a site (albeit with an agenda of their own) that has pretty good info about these cards. Check it out if your are at all interested.