Kroger Testing Fingerprint Payment System

MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."

Not to mention what happens if

[Choco-man]

You cut or burn your fingers.

It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)

Finger Print?

I just got an HP iPaq 5450 with biometric fingerprint reader. I thought the finger print security feature was pretty sweet until I let my brother try it. After 4 finger swipes, it let him through thinking it was me.

I doubt Kroger will use the same technology, but still cause for concern. Is fingerprint scanning technology really ready for mainstream use?

Good idea

[andyring]

In theory, this is a good idea, I think. Looks like ./ covered this back in May. That post also describes a way to fool it with gelatin. Another submission talks about Thriftway stores doing this back in April. And, back in Oct. 2001 a post described use of fingerprint IDs on Acer laptops.

So, this is really nothing new, but it looks like this may be one of the larger rollouts of such technology. Really no different (from a practical standpoint) than things like automatic toll booths or Mobil's Speedpass method of buying gas, although fingerprints would be inherently more secure. If we had Kroger stores around here, I'd be willing to sign up, but I don't think they have a presence in Nebraska, at least not in the Lincoln area.

Re:Sounds Good; Ban Little Plastic Bags Next

[drDugan]

in genl, i'd agree

one problem I see as we push forward with the "if you have concerns, use cash" is that after some time, it will be suspicious to protect your privacy. People who use cash will be singled out for scrutiny simply be not conformign to the technology that enables scrutiny.

Re:great....

[theLOUDroom]

Exactly.

Anyone ever see the movie Demolition Man?
There's a scene in it the explains very simply why biometric authentication is a bad idea:

Snipes, needs to bust out of this high-tech future prison, but they have a retinal scanner on the door, so he just takes the eye of some guy he just killed, stick it on a pen and holds it in front or the scanner.

No thanks. I'd rather be able to surrender my credit card to a mugger and then make a phone call and have the account shut down. If everything goes biometric I have to be a hostage, or loose a body part for them to get what they want. And then...

What do I do if someone "steals" my fingerprint? I can't exactly go get new ones and shut the old ones down, now can I?

There are lots of other good reasons why this isn't such a wonderful idea, either. I can send my girlfriend out for a pizza with my credit card, but not if everything is fingerprint based. Then there's the false positive/negative rate problems, the what happens if you hurt your thumb problem, etc. And I don't think I'll even get started on the privacy concerns here.

The next "credit card" type of system we need, is one where the cards themselves have computers in them and all transactions use encryption. When someone asks me for $5 I can give them an encrypted message for my bank authorizing a one-time transfer. Then I don't have to trust them not to overcharge me (right now they can say they're charging you $5 and charge you $500), or to keep my number safe from 133thaX0rs (see ford for an example of this problem).

Snake Oil

[MenTaLguY]

Such a system relies on two major assumptions:

• Your finger is unique and physically secure (hopefully true)
• There's no "your finger" equivalent that someone could use (patently false and hopelessly naive)

The problems with such a system:

1. It's easy to falsify. It's actually almost trivially easy to fool a fingerprint reader and fake someone else's fingerprint. (note that the type of gelatin Matsumoto used is seaweed based -- a little stiffer and a bit different than what we use in the states, but I'm sure you can find it here in an asian grocery store or similar)
2. It's not verifiable. There is no challenge-response method possible with your finger to verify that it's even your finger, unless you want to add an embedded subcutaneous microchip, as in a smart card (but then why a fingerprint at all?). Worse, no such system actually checks your fingerprint; it computes a numeric hash of some sort from key features. Any hackery that can get you into the system behind the fingerprint reader means you just use the numeric hash (VERY easy to copy!) instead of a fingerprint. Consequently, it's no more secure than a credit card number in this respect.
3. It's not unique. Two words: hash collisions. Not such a big deal for authentication, but a real problem for identification.
4. It's not revokable. Given the above, if someone steals either your fingerprint or its hash, it's not like you can just get a new one, like you can a credit card number. You'd better hope the system at least allows you to switch to a new finger (and hope you don't run out of fingers). In the worst case, then, it's actually LESS secure than a credit card.