Slashdot Mirror
Kroger Testing Fingerprint Payment System
MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."
What about how trivial it is to fake a fingerprint? I'd think that would be a pretty big concern.
I've been called a "Fucking Dick" by better people than you.
no print, tho.
fp?
Oh great we won't even need the apocalyptic mark of the beast to be tracked, they'll just need our fingerprints.
________________________________________ History Must Not Fall Into The Wrong Hands ___________________________________
I'll take "Things that don't happen for $1000 Alex"
This does sound ripe for all sorts of shady things.
I'm beginning to wonder if I'll live to see the day when using actual cash is against the law.
college kids + midnight kroger trips + fingerprinting = easier drug busts!
Mike
Now personal privacy concerns will include painting all my door handles with matte paint.
You cut or burn your fingers.
It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)
I just got an HP iPaq 5450 with biometric fingerprint reader. I thought the finger print security feature was pretty sweet until I let my brother try it. After 4 finger swipes, it let him through thinking it was me.
I doubt Kroger will use the same technology, but still cause for concern. Is fingerprint scanning technology really ready for mainstream use?
Sounds pretty good. It'd certainly move people through the lines faster.
Now, if they'd just do away with those little plastic bags.
Anyone with privacy concerns should use cash.
-- Slashdot: When Public Access TV Says "No"
Now someone will steal my thumb instead of my wallet.
_______
2B1ASK1
So, this is really nothing new, but it looks like this may be one of the larger rollouts of such technology. Really no different (from a practical standpoint) than things like automatic toll booths or Mobil's Speedpass method of buying gas, although fingerprints would be inherently more secure. If we had Kroger stores around here, I'd be willing to sign up, but I don't think they have a presence in Nebraska, at least not in the Lincoln area.
And how much longer will it be before the Kroger will check my fingerprint, see that I was arrested years ago for demonstrating a political debate, and refuse to sell me eggs, tomatoes, or anything else that makes a mess when thrown at a candidate.
My God, you're right! Because of course Kroger is all about politics, it's not like they have an interest in selling you stuff in a quicker and more efficient manner so they get your business and make more money than the next grocery store! Nah, couldn't be. Has to be some Grand Conspiracy. Ye Gods people, grow the hell up.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues
SOME! Shit I already have a problem with the current system. Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!
It can even be automated, if you really want to, with bill and coin accepters.
I wonder at what point all this information becomes wastful. You just know that because this information can be tracked, it will. But imagine if we suddenly switched back to an all-cash system. There would be so much less data to store, transmit, transform, mess up, validate, etc. There's a certain economy in that, isn't there?
Of course, I lied about all of my information. They might begin wondering why some kid in the dorms is buying all that beer!
Berto
Will your 'print' also act as your Kroger Plus card (their loyalty program) as well? I know that a lot of you won't even fill out those loyalty card applications, or swap around with your friends. Bring in the finger print technology though (shiny technology), and you're all for that.
Yes he did! In his book 'Secrets and Lies'
He pointed out that if it was compromised, they'd have to issue you a new thumb....
It's Christmas everyday with BitTorrent.
I imagine they will have alternate forms of payment, to prevent themselves from being hit with an "Americans with Disabilities Act" lawsuit. People without arms or hands would be rightly able to sue the grocery store. I don't see credit card readers or checks being refused in the future.
When you buy groceries with a check or with a credit/debit card, they have you identified in the same way they would if you were to use a fingerprint scanner.
The folks at the Kroger closest to where I live are very unfriendly and frequently downright nasty. I hate to think what the work environment must be like for everybody there to want to lash out at anybody who comes into the store... as a result, usually my wife and I drive a bit further to go to a different store.
But, if given the option of using my finger to pay, I might go back to the mean Kroger, if I had the option of choosing which finger I got to stick out at them when paying....
-Rob
I and my wife, do not sign electronic tablets - your signatares are the last line of defense from fraud.
We do not use Mobil's / Mc Donald's speed pass.
We use a debit cards attached to an account different from our main account - to protect against on-line fraud.
Our local transit system tracks you by smart card use. So we do not use these.
We will not fly anymore because of the tracking and security there. (anyone wantto hand out free chocolates to stop the scanners?)
Our free country is becoming Russia of old, maybe even Germany? So who really won those last wars?
Use cash. That will keep the lines moving!
The hell if I will support an automated money sucking store that is too greedy to even pay a dang cashier...
No, im not bagging my own groceries! Its better to pay people to work even if the job is simple. Far better than to pay taxes to support these same people on welfare...
Good ole Clinton and Engler (Governor) kicked so many off welfare even as corporations sought to fire even those they currently employed.
All the while the politicians continue to insist Greed is good for capatalism. (contrary to Christianity)
I think the cashier would notice you holding a bloody finger. ;P
They had an episode where a horror latex costume designer made a copy of his arm/hand and sold a few hundred of them. People were killed and finger prints were left all over the scene with the fake rubber arms/hands .. But as it turned out, it was the guy who made the arms/hands in the first place.. So... But yeah, they've already done something like it .. sorta
Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check
The concern I have is whether random company X will be smart enough to protect payment methods data and fingerprint data, both (most likely) linked to personal info.
A relative worked in a co for a few years back that implemented the software to get supermarkets to accept CCs. The implementations always prevented the merchant from keeping/tracking the payment info. I think this intentional (data anyone?) on the part of the CC companies -- and it's why supermarkets use the 'bonus cards' 'rebate cards' etc. instead of just tracking your purchases with which CC you use. The supermarkets typically don't keep the cc numbers/ name etc. after purchase is complete (I think).
Regardless -- Under this new system, KROGER has to use/implement some IT system that tracks all the users payment methods and prints. While Kroger may do this fine, the assumption is that any company that wants to implement this kind of system, has to either implement or access a (possibly centralized) repository of fingerprint payment method mapping DB, with personal data. This is an enormous hacking target. I work under that assumption that anything that people access can be hacked, and therefore people should alway weigh the benefit of putting datasources together that create a risk for being stolen.
While that arguement does not really apply for one company, as more and more companies start to do this, the question becomes will the systems be secore enough to justify the benefits and costs?
A fellow mentioned the look he got when he goes in to buy rubbers.
Like the evil eye he feels like he gets, what's going to happen if you don't want to do this? Most average joes will like the idea, be reminded of Back To The Future 2 and sign right up. But people who are worried about privacy, failure rate, and law enforcment entanglements could automatically be up for suspicious looks if they *don't* fork over a thumb (or any other finger).
Also, since people have been talking about how easy it is to fool a fingerprint biometric scanner - how does this compare to retinal scanning and what are the problems behind *that* method? Visions of the mall scene in Minority Report come to mind.
I for one would not trust this system with my credit card or atm card. The system can be quite easily fooled with some super-glue, a pcb board, and gelatin.
Bruce Schneier wrote an article about the process and which also has link to the presention given by the Japanese professor who came up with and tested the process.
That's right. Most stores, you don't even need the actual card. You just key in your phone number. So setup a card with someone's phone number (it doesn't even need to be a valid number), and give it out to all your friends. The more it is used, the more you get savings, and if you give it out to enough people, the demographics become to skewed to be of any use.
*shrug* It's what me and my family do, and we don't seem to have any problems with using it.
Just a thought, really.
Come cold and flu season you will have hundreds, if not thousands of people slapping their hands in the same place every day- a haven for germs to pass along from person to person.
If it's all the same to you, i'll pass.
My girlfriend is responsible for grocery purchases of our shared expenses. Sometimes if I need to run out to get some things, I grab her debit card, since I know the PIN.
"I'm sure some /.-ers will have privacy concerns"
Paying by fingerprint is far more private than handing over a check with my bank account, address, phone number, and in some states my social security number on it. It also beats generating credit card receipts containing my account number, which can still be used online.
"As well as law enforcement cooperation issues..."
If law enforcement is tracking you down, they have better ways than working with a retailer's fingerprint database. This is a case where the only people who need to worry really ARE the criminals, who could just pay with cash anyway.
Such a system relies on two major assumptions:
The problems with such a system:
DNA just wants to be free...
Of course, that only works until the person who's fingerprint you took notices the excess charges and reports them to the company and/or the police. Once that happens, you get to find out how wonderful security cameras can be.
All that's irrelevant, though, if the store takes the simple precaution of coupling each fingerprint record with an ID photo displayed on the cashier's screen.
If they're going to make them bigger they need to make the damn handles stronger. :)
How do you make cookies with a paper bag?
I currently work for one of the largest grocery chains in the US. We're trying all different kinds of things -- ie automated checkout's, online grocery stores, pda based ordering in the deli, super carts which tell you when your passing a good deal, and other things. We've had wireless access points in our stores for years. All of the guns the stores order with are wireless. Some stores have more Cisco equipment in them than a small ISP does. And the great thing about grocery chains is they don't go bankrupt like so many dotcoms have. It's like McDonald's disapearing, it's not going to happen.
Damn, if it was in James Bond it must be real!
Why do I need to sign the credit card receipt at restaurants, grocery stores, etc., but don't need to sign it at gas stations? Gee, Vern, someone could steal my Exxon SpeedPass and gas up New Jersey. (insert NJ gas joke here). How many other "inconsistencies" are there? Just curious. :})||
Ok, yes I'm replying to my own message. Because for some reason a bunch of you think I actually believe that becoming a member of a grocery store and getting a card for coupons is actaully joining an occult.
My post was a joke! Yes I have actually said this to cashiers and they laugh, because its funny. You should laugh to. Don't be a robot.
Getting a Drivers License in Georgia requires you to provide your finger prints. I am wary of this and still expect my conformity to come back and haunt me. Seems that the DMV is just a way to get more finger prints to compare against in crimes.
I've watched enough 'Law and Order' as well as 'Forensic files' , 'The New Detectives' and others. Seems to me that just a FEW hits on your fingerprint is enough to convince people that it was really yours. Until I commit a crime, I don't want the state having my Fingerprint. Much less a grocery store.
This is something, along with the 'bonus cards' that I hope to never give in to. I do believe that these finger ID systems will just be another way to track people and their movements. I mean if Hardcore right wingers want to talk about 'the mark of the beast' and such in relation to people being BarCoded, how are they going to react when they hear that EVERYONE HAS A SERIAL NUMBER ENCODED INTO THEIR FINGER PRINT!!??!?!
This is truely a step towards total population control.
a story from April 2002 showing a Seattle area Thriftway inplementing a similar system
. shtml
http://seattlepi.nwsource.com/local/68217_thumb27
Kroger tries to pilfer enough personal information via their Kroger Kard (tm) as it is.
These cards are used to pilfer personal spending habits. What the consumer (AKA a person) gets in return is a discount on an item that was probably marked up anyway. Randalls has also implemented this scheme. What all of this means is that people willingly whore their privacy for a small discount on overpriced goods.
The whole point of this is that retailers want to be able to amass a large database of consumer spending habits, and sell these to the largest bidder. The days of suckering people into a store with double coupon days are rapidly becoming a relic of the past.
Kroger et al. can stick this fascist crap up their collective corporate asses.
I will shop at HEB instead.
Besides I hope they do try this, I have a feeling even the most clueless drooling consumeroid will have reservations about using this system. Besides, they will probably lose money on this as most places I have heard about using this type of technology always abandon it, as it doesn't work worth a damn, and requires multiple scan attempts to read a fingerprint correctly.
They're not? The government can easily track your movements by tracking your credit card purchases. If you use your credit card in a Florida gas station, it's a pretty safe bet that you were in Florida at that time.
Criminals have been caught by the FBI tracking their credit card trail. It's helping in the D.C. sniper cases, too.
Sounds like you've already accepted a tool that lets the government track your every move, and you don't even have to wait 30 years for it!
And the original victim gets to find out a high-res scan has been uploaded to the net and that it's very difficult to get a new thumb.
I seem to remember an invisible car in the recent Bond flick. That must mean we have that in real life today!
As funny as that is.. referring to the mark of the beast as a chip is simply a technophobic misinterpretation of the Bible.
Hint: hand and forhead reference is a reference to the original giving of the law of Moses.
Lets not overlook the health issues. A whole population filing through touching the same surface again and again... can you say 'spreading germs as fast as the plague'?
Let's not be a paranoid jackass. I don't want to make it any worse for the clean freaks, but you touch the same doorknob as other people when coming in and out of the bathroom. So regardless of whether or not you wash your hands you are touching a spot where someone, who may not have washed their hands, just touched. Or how about something even more mundane. When you buy your groceries, how do you pay. Well if you are like 99.9% of us, at one point in your life you've used cash. Guess what... That nice new $20 bill in your pocket has probably already been touched by 50 people, and at least one of them probably had a cold. Oh you say that you use your credit card, then who's pen did you sign with? So you used your own pen, did you touch the receipt? How healthy did the cashire look?
I guess my point is that unless you live in a bubble, or in a shack in Montana, you are likely to be exposed to someone elses germs/virii/bodily fluids. Get over it. In fact, if you weren't, then your immune system becomes lazy, and you are likely to get sick from something really silly like the common cold.
When I want your opinion I will beat it out of you.
MSDOS was found to be too hard for the average person to use. Thus, we've abandoned all work on new operating systems. Work on something better? What a stupid idea!
</sarcasm>
Ever cross your mind that (gasp!) it's possible to fix problems and make a better fingerprint scanner?
I see your point, naturally, efficency(i.e. cutting costs) is why Kroger implemented it.
However, what happens when this is common place?
I could easily see this (U.S.) Administration forcing stores to give up certian information that would indicate(to them) you are a muslim, or to track a certian profile they feel is dangerous.
I can also see them being in a situatiun where a government body tells the a person can't buy somthing.
we live at a time where protester are gathered up behind fences, blocks away from the event there protesting.
In the 70's and 80's I can remember America would give the U.S.S.R a hard time about not allowing protesters, or free speech. The U.S.S.R. would reply by showing footage of protesters. It alway turned out they were far away from what they were protesting, and behind fences.
The Kruger Dunning explains most post on
A better movie that shows what is possible with finger print fraud (and Biometric fraud in general) is Gattaca. In this movie - your biometrics ARE you, in that if something is physically (mainly genetically) wrong with you you are descriminated against.
They use various forms of Biometrics testing to figure out if you are you - so in order to become someone else you have to fake a lot of stuff (hair,blood,urine,skin,fingerprint).
Kinda scary - but this is not out of the realm of possibilities for the future.
Derek
Or a new PIN for your account with them...
Simple common sense solution, eh?
Of course. Because, as everyone knows, when credit cards came out, all stores stopped accepting cash and cheques.
Oh, wait.
BTW, if they did require your right thumb and refused service otherwise, they'd have a big fat ADA lawsuit on their hands. So no, the situation you describe will never happen unless the laws change.
Sorry if I was confusing. I used the term co-op purely in the sense of "lots of people in a common goal", not that I thought they should start using these kinda cards at co-op grocerey stores.
The tendency to get skin warts on the hands runs in my family, and at the moment I have---count 'em---no less than 15 on my hands. Most of 'em occur on the pads of the ends of my fingers... and they come and go, so does that mean I would going to Kroger headquarters every two or three months to get new prints added to their database? I also tend to burn my fingers a lot, and I play bass and guitar but my practice schedule is irregular, meaning that callouses come and go...
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
The original victim will also find out that it's not very difficult at all to change the PIN associated with your account. Unfortunately for the unscrupulous, that fingerprint scan just became useless.
So I just need to find someone who resembles me to replicate, then he gets arrested for filing a false claim.
Add in a PIN or a password for your account, then.
:-)
You're grasping at possible problems, but ignoring the simple solutions to those problems. Try being a little logical
That was from a Dark Angel episode, where she did essentially the same thing.
All biometrics available today, and all imagined for the near future have already been broken. In fact, all systems on the market today are exactly as easily broken as you see in the movies, if not easier (some iris-scan systems have been fooled by photographs. I mean, come on!).
What biometrics is good for is simplifying access controls. For example, you could use your fingerprint instead of your credit card at the ATM machine (but you would still have to input your PIN). But you wouldn't have to carry a dozen plastic cards with you anymore, and be afraid of losing them.
By combining something you are (biometrics) or something you have (credit card) with something you know, you get good security. Never rely on a single point of failure.
Assorted stuff I do sometimes: Lemuria.org
Diamons are forever. Plot Here
The drops of water don't know themselves to be a river; and yet the river flows.
You also can't revoke social security numbers, but they're still used.
As for innovation in scanners, that can help stop compromised fingerprints. How? Well, obviously, you can't graft someone's fingerprint onto your finger, so you're going to need to use something (like the famed gelatin technique). A scanner that can detect the fake fingerprint (temperature, perhaps? or a dermal scan in addition the the fingerprint scan? or just make the surface sticky so it pulls off the gelatin?) would stop fingerprint fraud.
No, you can't revoke a fingerprint, that's true. But you can certainly stop people from using someone else's fingerprint fraudulently.
In the not too distant future you might be turned down for health insurance. Why you might ask? Because your grocery buying habits should an excessive proportion of fatty foods that cause high cholesterol, as well as the tobacco products, and all those pain relievers. They track you in the stores now, especially if you have a savings card.
now we need to go OSS in diesel cars
I work for a bank in Guatemala, and we've been experimenting with fingerprint readers with the objective of giving our customers easier access to financial services.
You have to understand that my country has a very high illiteracy rate (40%+), so our primary goal was to reach that sector of society. Normally, they would have to bring a literate witness to verify their identity, which is very demeaning. Now, by using their fingerprint, they can deposit or withdraw money without hassels.
We're not trying to give them an excuse to remain illiterate, we want to give them a little sense of dignity instead. So far, we've had great results, it has also been a great experience for everyone involved.
--Necesito una chela, bien fria...
You can post a dozen reasons why nobody will ever be able to fake them. You can probably invent and post a hundred different reasons. But that doesn't even slow down the people who ARE faking them today.
Arguing a negative is usually pretty worthless. But it's even more worthless when the positive has already been proven.
John
Go see a doctor, dumbass.
Why? My father has asked his doctor about them, my sister has asked her doctor about them, and they all say the same thing (detailed below).
Warts are caused by viruses; some people have immune systems that are poor at preventing these viruses (these immunodefeciences are usually genetic). Warts tend to occur right after breaks in the skin or damage to the top layers of skin (burns, cuts, etc). The typical medical treatment plan is: do nothing. Why? Wart removal is usually more trouble than it's worth, and warts have a very good chance of coming back. If they are a problem because of their location, usually creams are tried first; if this is not successful, warts are frozen and then surgically removed (however, the success rate of this procedure can be argued to be somewhat low, as this breaks the skin and increases the chance of a wart growing there again).
While some slashdot users may appreciate your cynicism, please, in the future, keep it to yourself.
--TheOrangeSquid Is it any wonder things seem so awry? We swim in a sea of confusion and don't have to think to survive
It just sounds awefully easy to spoof. And what happens to the entire shopping line if you have grubby fingers and muck up the works?
Please wash your hands before you pay
Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!
Wait to stick it to the man. Your socially abrasive behavior is a pinnacle to which all of us geeks should aspire.
The truth is that most people will simply find this system convenient. The majority of the populace isn't terribly concerned with their right to privacy. While there will likely be shortfalls with this system, it seems to be generally a useful good idea, especially if other payment options continue to be available. I'd rather carry around my finger than my credit card.
Mod my comments down. It'll be fun.
Time to get the gloves on and start shaking hands with politicians :)
How about a website full of photos of politicians fingerprints? Lets go shopping!
-1 Uncomfortable Truth
Hardly. A 4 or 5 digit PIN is hardly the most secure thing in the world. And the fingerprint can never be revoked. You have to constantly worry about your PIN being compromised, rather than being able to call the bank and get a new account number if you have even a reasonable suspicion of compromise. It's a step backwards from a more secure system to a less secure one.
Yes! Cannot be overemphasized.
DNA just wants to be free...
Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check. I wonder if they return the customer's finger when they're finished with it.
If you have a pin or password, why even require biometric data? Why not simply put a keyboard at the counter and let me use al login and password.This way It would be just as secure and Admiral Poindexter woun't have my fingerprints in his Total Information Awareness database.
Username and password just as secure as fingerprint and password? Hardly. It's a lot harder to steal a fingerprint than it is to steal a username.
You must wear gloves everywhere you go. Or do you write your username on everything you touch? You leave your fingerprints everywhere. All I need to do is lift them with a kit and etch them with a computerised etcher, make a gelatin mold and I am now you, forever. And you can't change them. I can change or invalidate a username a lot easier than you can replace your thumb. An etcher is a rather expensive piece of equipment, but not as expensive as limb replacement sugery.
You laugh, but 35 years ago, my father was employed by a large empire-wide life insurance company. One day, they decided to honour their oldest pensioned ex-employee. They found him out in India, where he used to be working at the branch office there. At the time, he was 110 years old.
So they sent for him, doubtlessly wondering what secret Indian method he'd been using to prolong his life so much.
Turns out that the guy was illiterate (he was a gardener - this was the time when companies would not outsource menial tasks), and he had been dead for nearly 30 years. Since he was illiterate, he was endorsing his cheques with a fingerprint. When he died, the family simply cut off his thumb and managed to preserve it...
Where in Safeway do you work? :-)
"Flyin' in just a sweet place,
Never been known to fail..."