Slashdot Mirror
Kroger Testing Fingerprint Payment System
MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."
I'll take "Things that don't happen for $1000 Alex"
This does sound ripe for all sorts of shady things.
I'm beginning to wonder if I'll live to see the day when using actual cash is against the law.
college kids + midnight kroger trips + fingerprinting = easier drug busts!
Mike
You cut or burn your fingers.
It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)
I just got an HP iPaq 5450 with biometric fingerprint reader. I thought the finger print security feature was pretty sweet until I let my brother try it. After 4 finger swipes, it let him through thinking it was me.
I doubt Kroger will use the same technology, but still cause for concern. Is fingerprint scanning technology really ready for mainstream use?
Now someone will steal my thumb instead of my wallet.
_______
2B1ASK1
So, this is really nothing new, but it looks like this may be one of the larger rollouts of such technology. Really no different (from a practical standpoint) than things like automatic toll booths or Mobil's Speedpass method of buying gas, although fingerprints would be inherently more secure. If we had Kroger stores around here, I'd be willing to sign up, but I don't think they have a presence in Nebraska, at least not in the Lincoln area.
And how much longer will it be before the Kroger will check my fingerprint, see that I was arrested years ago for demonstrating a political debate, and refuse to sell me eggs, tomatoes, or anything else that makes a mess when thrown at a candidate.
My God, you're right! Because of course Kroger is all about politics, it's not like they have an interest in selling you stuff in a quicker and more efficient manner so they get your business and make more money than the next grocery store! Nah, couldn't be. Has to be some Grand Conspiracy. Ye Gods people, grow the hell up.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues
SOME! Shit I already have a problem with the current system. Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!
It's far easier to fake a check or counterfeit money, but people seem to accept them as valid payment methods.
Heck, to fake a fingerprint you a) need to know the person has an account at that store and then b) get a mold (with gelatin) of their finger.
I imagine they will have alternate forms of payment, to prevent themselves from being hit with an "Americans with Disabilities Act" lawsuit. People without arms or hands would be rightly able to sue the grocery store. I don't see credit card readers or checks being refused in the future.
The folks at the Kroger closest to where I live are very unfriendly and frequently downright nasty. I hate to think what the work environment must be like for everybody there to want to lash out at anybody who comes into the store... as a result, usually my wife and I drive a bit further to go to a different store.
But, if given the option of using my finger to pay, I might go back to the mean Kroger, if I had the option of choosing which finger I got to stick out at them when paying....
-Rob
in genl, i'd agree
one problem I see as we push forward with the "if you have concerns, use cash" is that after some time, it will be suspicious to protect your privacy. People who use cash will be singled out for scrutiny simply be not conformign to the technology that enables scrutiny.
I and my wife, do not sign electronic tablets - your signatares are the last line of defense from fraud.
We do not use Mobil's / Mc Donald's speed pass.
We use a debit cards attached to an account different from our main account - to protect against on-line fraud.
Our local transit system tracks you by smart card use. So we do not use these.
We will not fly anymore because of the tracking and security there. (anyone wantto hand out free chocolates to stop the scanners?)
Our free country is becoming Russia of old, maybe even Germany? So who really won those last wars?
Use cash. That will keep the lines moving!
All Kroger would have to do to prevent that would be to couple an ID photo with the fingerprint. Photo comes up, cashier sees you're not the pretty blonde girl you stole the fingerprint from - problem solved.
And please, don't whine about "invasion of privacy" - if you've ever used a credit card or a cheque in a grocery store, they can already do it.
I think the cashier would notice you holding a bloody finger. ;P
Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check
The concern I have is whether random company X will be smart enough to protect payment methods data and fingerprint data, both (most likely) linked to personal info.
A relative worked in a co for a few years back that implemented the software to get supermarkets to accept CCs. The implementations always prevented the merchant from keeping/tracking the payment info. I think this intentional (data anyone?) on the part of the CC companies -- and it's why supermarkets use the 'bonus cards' 'rebate cards' etc. instead of just tracking your purchases with which CC you use. The supermarkets typically don't keep the cc numbers/ name etc. after purchase is complete (I think).
Regardless -- Under this new system, KROGER has to use/implement some IT system that tracks all the users payment methods and prints. While Kroger may do this fine, the assumption is that any company that wants to implement this kind of system, has to either implement or access a (possibly centralized) repository of fingerprint payment method mapping DB, with personal data. This is an enormous hacking target. I work under that assumption that anything that people access can be hacked, and therefore people should alway weigh the benefit of putting datasources together that create a risk for being stolen.
While that arguement does not really apply for one company, as more and more companies start to do this, the question becomes will the systems be secore enough to justify the benefits and costs?
That's right. Most stores, you don't even need the actual card. You just key in your phone number. So setup a card with someone's phone number (it doesn't even need to be a valid number), and give it out to all your friends. The more it is used, the more you get savings, and if you give it out to enough people, the demographics become to skewed to be of any use.
*shrug* It's what me and my family do, and we don't seem to have any problems with using it.
Such a system relies on two major assumptions:
The problems with such a system:
DNA just wants to be free...
I currently work for one of the largest grocery chains in the US. We're trying all different kinds of things -- ie automated checkout's, online grocery stores, pda based ordering in the deli, super carts which tell you when your passing a good deal, and other things. We've had wireless access points in our stores for years. All of the guns the stores order with are wireless. Some stores have more Cisco equipment in them than a small ISP does. And the great thing about grocery chains is they don't go bankrupt like so many dotcoms have. It's like McDonald's disapearing, it's not going to happen.
They're not? The government can easily track your movements by tracking your credit card purchases. If you use your credit card in a Florida gas station, it's a pretty safe bet that you were in Florida at that time.
Criminals have been caught by the FBI tracking their credit card trail. It's helping in the D.C. sniper cases, too.
Sounds like you've already accepted a tool that lets the government track your every move, and you don't even have to wait 30 years for it!
Lets not overlook the health issues. A whole population filing through touching the same surface again and again... can you say 'spreading germs as fast as the plague'?
Let's not be a paranoid jackass. I don't want to make it any worse for the clean freaks, but you touch the same doorknob as other people when coming in and out of the bathroom. So regardless of whether or not you wash your hands you are touching a spot where someone, who may not have washed their hands, just touched. Or how about something even more mundane. When you buy your groceries, how do you pay. Well if you are like 99.9% of us, at one point in your life you've used cash. Guess what... That nice new $20 bill in your pocket has probably already been touched by 50 people, and at least one of them probably had a cold. Oh you say that you use your credit card, then who's pen did you sign with? So you used your own pen, did you touch the receipt? How healthy did the cashire look?
I guess my point is that unless you live in a bubble, or in a shack in Montana, you are likely to be exposed to someone elses germs/virii/bodily fluids. Get over it. In fact, if you weren't, then your immune system becomes lazy, and you are likely to get sick from something really silly like the common cold.
When I want your opinion I will beat it out of you.
So I just need to find someone who resembles me to replicate, then he gets arrested for filing a false claim.
If it takes 1-2 years for them to get hidden camera footage of that happening, I feel perfectly safe. Dateline and its ilk will always find the worst cases possible - they don't do stories on clerks who do catch fraud, do they?
They show stories on doctors who cut off the wrong leg, but I still go to the doctor.
The gummy mold is just an ordinary photo-etched copper-plated printed circuit board. (I made lots of them when I was a kid from stuff I bought at Radio Shack.) Take a photo of a fingerprint. Make a full size transparency of it. Expose the photosensitive circuit board using the transparency as a mask. Etch the circuit board. Pour ordinary hot liquid gelatin over the board in an even (3 mm or so) layer (the original paper gave a recipe, but you should be able to use any old recipe for "Knox Blox". It's just ordinary gelatin mixed with boiling water.) Harden it in the refrigerator. When it's time to use it, simply cover the tip of your own finger with the sheet of gelatin.
It passes live tests easily. The thin layer of gelatin is almost invisible. It's transparent, so your own skin shows through. It's conductive: it has a moisture content similar to your own body. And it's warm: your body heats up 3mm of gelatin quite rapidly.
And once you pass through the scanner, you just lick your fingertip and the evidence is gone.
Extensive testing of this was performed against eleven different fingerprint scanners earlier this year. EVERY TESTED SCANNER ACCEPTED THE GUMMY FINGERS, including those advertising "live and well detection", with acceptance rates varying between 65% - 100%. John Young's website has a copy of the paper here.
Biometrics, in general, are not sufficient for high security. They work best only in conjunction with other security measures.
John
I imagine you've seen how easy it is to do this by now, but in case you missed it:
l #5
http://www.counterpane.com/crypto-gram-0205.htm
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban