Slashdot Mirror
ATM Iris Recognition Coming Soon
Anonymous Cow writes "In Australia, iris technology is already being used by Qantas Airlines, Sydney Airport, foreign embassies, some banks and TAFE colleges, the Australian Protective Services, the Defence Department and the Police Integrity Commission. It is predicted that within five years every ATM in Australia will have iris recognition technology."
But who keeps the database of the eyes?
-CowboyNick
What if I do a minority report style change my eyes?
How do you explain that one to the bank.
.
"Things that you own end up owning you" - Tyler Durden (via Diogenes of Sinope).
Oh great, now when someone wants to rob me they dont just stick a pistol in my back they rip my eye out like Wesley Snipes did.
Excuse me sir, can EYE talk to you???
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
Although it will be great technologically, there will be a new problem in regards to "fake id's", I'll probably start wearing a helmet to protect myself from somebody who might want to gauge my eyes out.
Posting useless rant since 2003.
With the current govt in .au trying to be big brother and copying everything the US does, it's not surprising this is coming into effect.
Is that the Async transfer mode lines will implement iris recognition... ehh...
I already have a problem with people who don't know how to operate the ATM as it is, now I have to wait even longer as they try to figure out how to hold their head just right for the machine to make a good reading. This will frustrate customers rather than unhinder them.
f we're going to live in a database society at least I want some assurance that my identity is proven with more than a plastic card and a four digit password.
I have a father who is blind. His 'eyes' are made of glass and removeable.
How exactly is this system supposed to detect him?
Blaming GW Bush for the Iraq war is like blaming Ronald McDonald for the poor quality of food.
people will be pirating eyeball retina scans... Eye-ster, eye-mesh, etc. Then all those nice little privacy and IP laws will go to shit.
For news and chics check pajonet.com
That there is a database somewhere that matches their eyeballs with their personal information. Sorry, but I'd rather not have another database with my info in it.
The GeekNights podcast is going strong. Listen!
What if there's an injury to someone. Must both eyes pass this check? And is iris pattern unique in twins? T'would be cool to have some more references on it.
you never lose in ure razorblade shoes......Beck-Hotwax
I predict that this starts a sudden rash of de-eyeings, ala that bad movie with Wesley Snipes and Sylvester Stallone. Call me Nostradamus.
Does anyone who already worked with this system know how it deals with color contact lenses ? I assume it doesn't.
And is there any problem with regular contact lenses ?
Though I'm all behind this (and the additional technologies it'll bring), this is more than just protecting clients - it's protecting the bank.
Take a look at the Citibank issue. Having advanced security technology like this is a great way to protect your customers - which in turn protects your reputation and protects you from lawsuits.
I also wonder if this will raise the bar for other institutions.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
With the current govt in .au trying to be big brother and copying everything the US does, it's not surprising this is coming into effect.
(insert argument on how this will prevent terrorists stealing your identity here)
BEGINING to use them does not mean that EVERY SINGLE ONE WILL contain it immediately. It could mean that just every time a new machine is created, it will contain this functionality.
Karma: NaN
Its hard to believe that even after books like 1986 and A Brave New World, people accept this kind of control.
Its because people accept this kind of control, and think its ok that we will face BigDaddydom in the future.
I believe in PREVENTATIVE medicine more than in CORRECTIVE medicine... and in the same way, belive that problems should be fought at their source, and not at the consequences.
E.g. Better educate people better, stimulate production to increase jobs, give away free tecnical education for the poor, than to build more jails, put more cops on the streets, etc.
I don't want to end up blind over the money in my checking account...
And let's say I get scanned at an ATM or bank or airport - wherever! And then let's say that I decide I want to get Lasik surgery to "improve" my vision.
How will the Lasik surgery effect my retina scans? Is the ATM going to think, I am another person?
"If you can't dazzle them with brilliance, baffle them with bullshit."
While in College at Purdue my local bank used finger print recognition on some of their ATMs. I always found this convenient, as I didn't have to carry a card with me. Just stick your finger on the sensor and you have access to your bank account. The only thing that worried me about that was the fact that my fingerprints were then on file. And if I decided to become a criminal they could track my prints. This is why I feel Iris based recognition is so necessary. Who care if a bank knows what your eye looks like? Your certainly not going to leave a trace of that on any ransom notes you write.
I refuse to do business with any bank that would require my eyes being scanned. While there are many thieves out there, most of the people are honest. If the bank can't prosecute thieves and care about a 300$ robbery that at their turn rob from honest people, I don't and won't sacrifice my freedom. There is a line to be drawn between who you are and what you have. This invasion of privacy crosses it by far too much.
If Australian banks want to do it all the power to them but the reason is to dumb!
Secondly, the idea reminds me too much at Minority Report.
There will be a big increase in transmissible diseases of the eye...
but what about a rose or lilly scanner?
Little do they know that we secretly replaced their ATM Iris Recognition System with an "ED 209" courtsey of OCP.
Let's see what happens....
/sig "Shop smart! Shop S-Mart!"
What do you bet that they will implement iris recognition on every ATM and there will still be braille on the buttons -- just like there is at every drive-through ATM in the U.S.?
I once inserted my ATM card and just after, the machine experienced a malfunction and kept my card (apparently for security reasons)... ...I'd hate to see when happens if the ATM malfunctioned as you were putting your eye to the device...
So rise up, all ye lost ones, as one, we'll claw the clouds.
Comment removed based on user account deletion
They'll scan the eyes of the guiding dog ;)
Here is how criminals, the paranoid, and people who want to use their wife/boss/mother's account will do so.
-- The reader anything less than completely failing to not misunderstand this sig is cursed.
In case the eye scan doesn't work? if so how would this stop anything?
"If any question why we died, Tell them because our fathers lied."
All I have to to is aquire one of Bill Gates' eyeballs and I'll be able to quit my job!
Trolling is a art,
So they can recognise my Grandma? Why don't they make it for everyone?
Wreck a nice Beach.
How bout the blind, and or people with damaged/missing eyes? As it stands now, ATM's do have braille support.
www.GamezCore.com For Hardcore PS2 Gamerz : By Hardcore PS2 Gamerz
Wow - you guys have drive thru ATM's? We may have the most corrupt police force in the world, but drive thru ATM's ar as yet a distant dream of the excessively lazy.
so instead of stealing credit cards, potential criminals cut out your eye now? i'd rather be poor than sightless....
Personally, I'd rather have someone steal my ATM card and PIN number than rip a frickin' eye out of my head. Maybe that's just me. It will be interesting to see public reaction the first time some thug tries this Hollywood-style crime.
I'm just thinking of the cashier at the supermarket checkout counter, rolling items over and over the scanner until the machine reads the UPC.
I predict neck injuries!
quiquid id est, timeo puellas et oscula dantes.
That this sort of things leads to people cutting out my eyes.
If that doesn't trigger the Freudian gaze, then what does?
There are some odd things afoot now, in the Villa Straylight.
Awww crap mate, I got $200,000 in my account!
www.GamezCore.com For Hardcore PS2 Gamerz : By Hardcore PS2 Gamerz
Everyone is worried about a rash of eyeball thefts but being robbed at an ATM is pretty rare. I foresee a wave of Pink-eye, followed by little kids and a chef chopping zombie heads off with a chainsaw.
... RTFP it says IRIS not Retina. Iris is the color part in the front, retina is the light sensitive part in the back.
And to the people who asked about lasik and retina scans
Are blind people required to have their eyes removed? As for "drive through atms", don't you think that it's just a lot cheaper for ATM manufacturers to have one model of ATM vs having specific ones for drive through vs walkup vs embedded (I'm talking mechanisms, not the "body" of the atm). Why would they want the hassle of keeping track of two seperate button styles for every atm they manufacture?
ROFLMAO
god knows, if that were to happen in our little town, no one would ever use that ATM again. FOREVER! Heck, folks here are just beginning to USE an ATM
LFS. Have you built your system today?
The sun wouldn't damage your iris, just your retina, making you blind...
--
no sig for you. come back one year.
Yeah, try to scan my glass (actually sort of plasticish) eye. Stupid bastards....
The ultimate criminal!
If you want to know more about who supplies this technology, go to http://www.iridiantech.com/
The site has some brief background on the technology and how it works.
If you want more technical information, go to http://www.cl.cam.ac.uk/users/jgd1000/
From the article...
"In Australia, iris technology is already being used by Qantas Airlines, Sydney Airport, foreign embassies, some banks"
"Mr Grimes predicted that Australia's financial institutions would begin adopting iris technology at automatic teller machines within five years."
""It is predicted that within five years every ATM in Australia will have iris recognition technology," Mr Moss said."
A pizza of radius z and thickness a has a volume of pi z z a
So my understanding on how biometric security works is when a scan is made (in this case the iris), the scan is transferred into some sort of form that a computer can understand, like say a hash, and is then sent to the computer for verification.
What happens if someone gets ahold of that hash with a sniffer or some other form of technology? Unlike say a credit card #, you can't just call up and ask for a new set of eyes (or even probably a new hash). Wouldn't this make identity theft an even bigger potential problem?
Maybe I'm kicking a gift horse in the teeth here, but my wife loots my checking account on a fairly regular basis (Share and share alike when it's my wallet but not her purse.. I still haven't figured that out) I'd like to have the extra control on my card to lock out people that do have regular access to my wallet.
On the other hand, if I get thrown in jail or put in the hospital, she isn't going to be able to get to the funds to get me out.
A joint checking account is not a viable option unless I want to live in a cardbaord box.
Interesting quandry.
-beacher
Is it just me, or is anyone else scared shitless of getting their eyes cut out by someone after your bank account? The added safety of iris recognition isn't worth losing an eye...
Hopefully hackers will find a simple way to fake an iris, lessening the chances of an eye theft.
In most identity databases there is absolutely nothing to assure that the entry actually represents you. The trust is inherent...we just assume that the phone company or credit agency has correctly assmebled a profile of you. Result - rampant identity theft. We live in a database society and nothing is going to change that. At least let me provide a reasonably secure means of verifying myself.
Where do I get a set of fake eyes to use?
I figure the best thing I can do is to set up the system with a set of "eyes" that are not my own. I would really rather that my personal biometric information not be in a database somewhere.
This is scary stuff...
With all the times you use your atm card, in all the different locations, how often do you find yourself calling up the bank and having to report fraud on your account because of someone stealing your card and pin number? If these things happened often ATMs would not have become such a necessary convenience. I know in the past 10 years when ATMs have really been readily available my account has never been compromised due to me losing my card and someone finding my pin, and I'd say that is the same for most people. Isn't that why most banks offer fraud protection anyways??
with iris recognition these two pieces of id are always on me.
2 1337 4 u!
I have to submit to a retina scan to get money from an ATM is the day I stop using an ATM.
One of the above posters mentioned that they already crteate and audit trail of your banking habits so why should this be such a big deal.
Because for one, I do not, DO NOT, want my bank to have a detailed copy of my retina on file. I see ABSOLUTELY no reason for that. As long as you aren't retarded and obvious about your PIN number there is not THAT much more to be gained by this, well, by us anyway.
I'm getting sick and damned tired of people using excuses like "I have nothing to hide" and "why not, it might be safer".
You not having anything to hide RIGHT NOW isn't the issue. What happens when (and I KNOW we can all see it coming eventually) our government steps out of line and we start getting trampled on?
We are giving them every means they need to deal with us however they watn, whenever they want, track us and spy on us in any way they want. And for what? So credit card companies who are already insecure can CLAIM to be more secure (they obviously don't give a damn, look at the related article posted within the last week).
I DO NOT want my Iris matched against ANYTHING, period, unless they can gaurantee me without a doubt that the DB will NEVER, EVER, under ANY circumstances be read by ANYTHING other than the ATM (which is already BS because the gov. could force them to grant access and force them to deny it) and that IF there is a fraudulent purchase they will IMMEDIATELY credit back my account.
But since neither of those will happen, I refuse to let my bank scan my Iris'.
"The saddest words of mice and men, are not those which were, but should have been."
...The schween scanner? Just stick your willie into the pecker recognition device for verification.
Gives new meaning to "ATM withdrawal".
I mean, you go ahead and feel free to argue with the mugger carrying the scalpel. I'll just hand over the card.
Government of the people, by corporate executives, for corporate profits.
While it would seem that iris would be a great biometric secutity device for ATM machines, it turns out that there is absolutely no way to make it pay off. If you look up the statistics it turns out that the average ATM fraud in the US per ATM machine per year is something like $50. As a result, even a really cheap iris scanner becomes hard to justify putting in EVERY single ATM out there. I doubt the fraud cost is much higher in Australia....
This is not meant to knock iris biometrics. I think they are probably the only real sensible one out there. The false pos/neg of stuff like face recognition is truly a joke...
The primary manufacturer of iris scan devices is:
http://www.iridiantech.com
braille on the buttons -- just like there is at every drive-through ATM in the U.S.?
Back in 1990, my wife had an account at a bank where the drive-thru ATM had braille instructions (here's the fun part) for the TOUCH SCREEN interface! Think of the implications...
In walking, just walk. In sitting, just sit. Above all, don't wobble.
-- Yun-Men
Dude,
You're so totally stoned, you can't don't NEED any cash.
There is no way that is an improvement.
With a card and a password, you at least have to be able to obtain the password in order to get money. For iris recognition, you only need to hold up someone's eyes. Personally, I'd rather a mugger know he can't get any money out of my account by killing me than have him know that he can just cut off my eyelids and prop me up against the iris reader.
Dunno how many of you have this problem, but I find that many ATMs are far too low to use comfortably. I'm 6' 2" tall, which isn't too huge for where I live (the UK), but I still find that most ATMs require me to bend fairly low in order to read the screen. There's one near my house that needs me to bend over like I'm about to take it up the ass. Hopefully when this takes off round here, the scanner will be placed in a nice and easy-to-use position for everyone (ha!)
Game dev and music blog
Don't mistaken Iris scan as retina scan...
retina scan is at the back of your eye scanning the blood vessels patterns.
Iris scan is at the front of your eye scanning the cracked patterns.
Sigh.
And I thought that all this technology was supposed to make my life easier.
So what about lazy parents that need money and have Junior go grab his car and take Dads ATM card to the Bank and get him some money from the machine, used to have to run that errand frequently for my parents. This new system while creating better secuirty is also going to cause quite the hazzel.
"Nimis exalatus rex sedet in vertice - caveat ruinam!"
"Nimis exaltatus rex sedet in vertice - caveat ruinam!"
FWIW --
Iris scanners check to make sure the pupil moves and the eye is made of liquid BEFORE doing other checks, so a screenshot isn't going to help.
They do a neat little radar-screen-like scan, transforming a circle into a 2D map. That 2D map is what's compared. I would make a stab and say it's difficult to reconstruct the iris from the map.
Iris scans (as of right now) have the lowest failure rate of any biometric. They're better than fingerprints because the iris is behind the cornea, so it's less likely to be damaged or changed than the fingers - which are always going places they probably shouldn't.
HAND
Keep your packets off my GNU/Girlfriend!
What about iridology? Your iris will change according to the amount and type of disease conditions you have in your body. It doesn't stay the same after age 1! I have seen it myself with my own eyes! What does someone do who gets sick(er) or healthy(er)??
...to explain to your wife why you bought all those tank-tops.
Laser eye surgery scratches the cornea. Not the iris, which, although the colors may change during your life, or even during the day, the patter of light vs. dark remains constant.
I seem to recall reading somewhere that babies seem to have large eyes because they do. Their eyes are the same size as adults' eyes, just in their smaller cranium.
-Xoder
Accessibility worries me far more than the chances of increased identity theft, since I guess you will still need a PIN. Disabled groups are already angry (I know I would be) about bank practices like charging for counter service. Also, there are an increasing number of internet banks which cannot offer cashiers at all.
Hopefully those who cannot (or do not want to) use the iris ID will have some alternative form of ID available (a separate smartcard? another PIN? voiceprint?).
Googled and found this article from a few years ago: ATM accessibility
Blind? No cash.
And a noble spirit embiggens the smallest man.
I believe the movie Demolition Man accurately portrayed just how difficult it is to fake it :-)
Must-not-watch TV!
I read somewhere (and I think it's a great idea) that all good security should have three things: something you have (in this case, your ATM card), something you know (in this case, your password), and something you are. This iris recognition completes the triangle. With all three of those systems in place (you need a card, password, and you have to be the right person) it gets quite hard to get at someone's money unlawfully through an ATM. Assuming (and yes, this is a HUGE assumption) that the database is kept securely, then this is good news.
Karma: pi (Mostly due to circular reasoning in posts).
You use a pin number, because that's the backup. Lowtech. Or your housekey. There are flaws in every system, and total technology can mean total failure. Or rather, Biometrical Access Control could become the Single Point of Failure for future secure systems.
"I'd say 'Have a good time,' but arson is still illegal.
Just great... Now, instead of worrying about having my ATM card stolen, I have to worry about spoon-wielding sickos.
Are blind people required to have their eyes removed?
Many blind people have artificial eyes (glass eyes). Many of those who do still have their eyes are unlikely to be able to, as the article says, "look into a camera while a snapshot is taken." Others are going to have eyes that are physically damaged so that the iris pattern cannot be read.
As for "drive through atms", don't you think that it's just a lot cheaper for ATM manufacturers to have one model of ATM vs having specific ones for drive through vs walkup vs embedded (I'm talking mechanisms, not the "body" of the atm). Why would they want the hassle of keeping track of two seperate button styles for every atm they manufacture?
Christ almighty, it was just a humorous little comment! But, no, I don't think it's a lot cheaper. The buttons are a plastic overlay those buttons with braille are more quickly torn and damaged. We've all seen that on ATMs. One service call to the machine to replace a torn braille button overlay is going to cost more than it would ever cost to track two button styles.
just one problem, what happens if you get cateracts or lasik surgery.. then arent you pretty much screwed?
Maybe I'm just paranoid, but I'll be damned if I submit to biometric identifiers to bank. It is afterall MY bank account that is insecure, not anyone elses, if I decide to remaim with using a so-called less secure PIN method. And only I to blame if someone steals it, which by the way has not happened once in all the years there has been a PIN number. I've been using ATM's since they were first introduced, and not once, have I had any security breach on my accont. Your crazy, if I'm going to let some corporation get their hands on my unique biometric identifiers which they will most likely sell to other companies. Before you know it, my biometric date will be on hundreds of databases outside of my control. My identity, both analog and digital is my own. Period.
Planet P Blog
www.enthea.org
...until somebody loses an eye!
--
Don't like it? Respond with words, not karma.
Qantas airline...definatly safe airline.
Back in dem old'n'days when you had a safety deposit box, to enter the vault you had to countersign a signature card and show ID. Usually you had to go into the bank and get a hold of the right person who was the person with the keys and wait until they were available.
Once you were in the vault you could access the deposit boxes with your key. Typically the bank had a second key as well for the same box.
The bank I have now uses a hand scanner. I walk in during normal business hours, enter a secret code on a keypad and put my hand in the scanner. I have to know both the code and have the verified hand scan. Then the vault opens automatically and I go in and get into my box with just my key.
Personally, I find this vastly superior to the old system where I had to find "the deposit box guy" and wait. Now during normal business hours I can just go right in, thanks to the biometrics.
Also for the bank, they probably have one less thing to worry about during the day. I hate to sound cliche, but it's win-win!
Never confuse feeling with thinking.
What happens if you get a scratch on your eye, since this "tear" they are talking about happens at an early age, what if something gets in your eyes. I just see this as another way for people to track EXACTLY what you do. With a form of paper identification you give it to someone and they record on paper. The key point here _paper_, if someone is really looking for you, they have to go through written records. With the eye technology once you are "verified" with the system they know exactly where you are. There would have to be some form of tracking involved in the database for records. This sounds like a very neat and secure idea, but sometimes stepping back and finding problems with it, will give you a better understanding of the technology.
Why can't it be setup like current digital signatures?
1) Walk into bank and use their equipment to scan your eye and from that information create a public / private key pair. Essentially your eye would be the private key, and you would hand over your public key to the bank.
2) The bank could then use your public key to encrypt your PIN, or whatever else they wanted to protect.
3) When you approach the ATM and scan your eye it uses the scan to decrypt your PIN thus giving you access to your account.
For me the beauty of this is that the bank can't even get at the information once it has been encrypted. Of course it would have to be against the rules, if not the law, to store someone's scan.
Am I missing something here?
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
When they can recognize chrysanthemums, I'll be really impressed. ~SL
I don't get it...we have to hold a member of the iridaceae family infront of a cash machine to get our money?
How are we expected to carry these flowers around without wilting and dying?
-psy
The way to keep personal biometric information secure (and still be able to use it for authentication) is to have the hash of your retinal scan encrypted and stored on your ATM card, and NOT in anybody's database. Instead, your smart card verifies the hash sent it by the ATM machine, and then cryptographically signs a token certifying that you are you. Your bank knows the public key on your card and can believe that you are you, without having access to your actual biometric info. Your card will refuse to sign anything unless it's provided with a valid retinal scan.
If they do it this way, I'll use it and encourage others to; if not, I'll do the opposite.
One time for all you paranoid types:
Nobody is going to steal your eye. It would be a lot easier to wait for you to withdraw your money and then just take it from you. A lot easier, safer, and less illegal.
You people have such a warped view of reality -- in the real world, only someone with a severe mental disorder would cut out somebody's eye. And guess what? You're a lot more likely to have your PIN stolen than you are to ever even meet a true sociopath. Geez.
Does this mean I need to stick my eye up to a cup-thingy like at the optomatrist? ATM's get handled all the time, all day long. Seems like if not built properly, such a device could promote the spread of the common cold :(
*cough*
Because now instead of being beaten a bit and forced to give a 4 digit pin, I will get my eye cut from me and left bleeding and shocked. Thank you technology advance.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
so you cannot use a fancy glass eye, or an amputated eyeball.
Better start informing potential robbers of this important fact I guess.
I sure hope the local hoodlums down under are are tech savvy enough to not have to discover this by trial and error...
"First lesson," Jon said. "Stick them with the pointy end."
The result of this is that everyone's pin number must be 2020
----
Squirrel
Look at the link above from extremtech from another poster. Apparently they got beat the system with a high res scanned photo and a hole in the middle. So apparently for some of the system, a live eye isn't that much necessary.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Is there a chance that ARMED ROBBERIES near ATMs will increase now that you can't steal ATM cards? You'd have to have the person at GUNPOINT making a withdrawal.
Iris biometric devices also require some blood pulsing to be detected as well (as do fingerprint devices) so you cannot use a fancy glass eye, or an amputated eyeball.
Can you back this up with anything? According to this article the iris is recognized by a single snapshot, not a "scan". How then could you determine if blood were flowing or not?
Every fingerprint ID device I've ever seen is comprised of a clear plate and a scanner. You could press a ham against it and it would take its picture.
Links? Support? Shooting things down arbitrarily doesnt fly with me.
Attention deficit disorder is a complicated issue, spanning several major... HEY LET'S GO RIDE BIKES!
It is possible to fool such devices with a high-quality digital picture of someone's iris.
Again, like in fingerprinting, the essential criterium is not so much the uniqueness of everyone's iris, but rather the capabilities of the scanning device.
- While, for example, it is extremely unlike that two persons have the same fingerprint, it is not so unlikely that the scanner thinks their fingerprints are the same.
This is because the scanner does only look for certain characteristic points in your fingerprint, which are saved. By the way, if you know german, there has been a very interesting article about these topics in c't magazine.where's all that Karma?
until somone loses an eye!
So now instead of straining to reach the buttons from my car to an ATM clearly designed in favor of a semi-truck driver I can totally mess up my neck trying to giraffe my head into position to get a light flashed in my eye.
I don't know about the US, but in the UK and many other countries your ATM card is also your debit card (Switch).
If you ATM card is lost or stolen, usually what will happen is the thief will visit a number of stores in a short period, buying a small amount of goods at each place, but using the "cash back" facility most supermarkets offer to withdraw a maximum of £50 each time.
("cash back" is where the checkout person will give you cash straight out the till, which is debited from your account. You don't need your card PIN number, you just sign the receipt and they're supposed to verify your signature, but we all know how unreliable that is).
For this system to be effective, every place you could use your ATM/debit card would need to have the iris recognition equipment.
While I still don't necessarily support requiring an iris check, the bank doesn't necessarily need to keep a database of iris patterns. The pattern just needs to be stored on the card registered in your name. An iris check would just involve the ATM matching your pattern to what's on the card. Thus, the card is still the key to the account, but only you can use the card.
This isn't a solution if you want the supposed "extra convenience" of just needing to flash your eye in a scanner to match to a database. A card match method does provide increased security, though.
Who the hell is Iris and why is she so important anyway?
Harpo Tunnel Syndrome--my wrist feels funny.
...for thieves. Damn it. Now when I want to rob someone, I either need to gouge out their eyes, cut off their head or drag them to the ATM machine and stick their face in front of it to get their money. Gone are the good ol' days of guns.
I just visited the University biometrics lab this week for a tour...
Some grad students were studying ways of countering biometric devices. They were successful in spoofing an eye scanner with a picture of an eye that had a pupil hole cut out (the scanner looks for depth or reflection from in the pupil, I believe).
They had 4 different fingerprint scanners (AC, DC, optical, something else?), and the most reliable and easiest way to fool it (ALL 4 scanners) was with a simple PlayDoh mold!
Pinkeye.
Screw that, I'll use checks.
What if a person does not have eyes? Shouldn't the ATM be accessible to them as well?
Donate background CPU time to fight cancer.
The system relies on the fact that all people have eyes that can be photographed properly. What about the people who have lost both eyes, or the people like me who have a condition that makes the eyes twitch quite sporraditcally. I'm not talking about an occasional twitch either. It's constant, and would make iris scanning difficult, and retnal scanning much more difficult.
It does mean that every robber can safely ignore the response that "I don't know my PIN number" when they keep you hostage in your home for weeks, sucking the maximum withdrawal day after day while your family is home at gunpoint.
Whatever happened to distress PIN numbers? You can't do a distress eyeball because all a robber has to do is follow you home from an ATM to know what bank you go to, what your balance is(it's on those slips they spit everywhere), and which eyeball you use to access your money.
This is just stupid. Get some $7/hr tellers back behind the counters. The banks aren't going broke any day soon.
I need to rip his eyes off, to make the extra cash! how gruesome! cant they use finger prints instead? fingers are much easier to rip I guess.
Even drive thru ATM's have braille. Hmmm....
I'm surprised at the number of slashdot users who have completely overlooked this fundamental flaw in the security system: The bank has a biometric identifier for you that you cannot change. A PIN or password is something that can be unique to each institution you use it in, and a photograph or signature is so easy to fake that they're not as trusted. But an Iris-identifier would be considered a basically infallible method of determining someone's id (there are methods of determining whether the eyeball is alive) and until a method of faking an iris becomes common (it will eventually), someone could commit ENOURMOUS fraud by developing such a method.
What happens if an airline, tax office, or other institution requires iris-scanning in order to use it? Suddenly, any unscrupulous bank employee can book airline tickets in my name or collect my tax returns and there's NOTHING I can do about it. Furthermore, what if I work in the military and my iris patterns are used to access classified material, or worse, launch nuclear weapons. Does this mean that I, or for that matter the President of the U.S., cannot get a bank account for security reasons? These seem to be very important concerns that are justifiable reasons for NOT adopting this system.
"I said RETINAL scanner!"
-ted
Back in '93 I had a chance to talk to someone that worked at Sandia National Labs. He said that there had been at least one case where a women failed the retina scan because she was pregnent. It turns out that, at least in some cases, a women's retina changes when she becomes pregnent.
I wonder if the retina scanner makers have addressed this problem?
Has anyone else heard of this issue?
...of not being able to share your ATM card with a trusted individual? I can't count the number of times I've given my bank card to my girlfriend so that she can grab me some cash when she goes to do her own banking.
Firstly, The Australian Cash Transactions Reporting Authority, make it mandatory for financial instititions to report certain transactions. An Australian bank account can to 'frozen' by a public servant or clerk - not a Judge. The prints will become govt property.
Public Hygine and vandalism.
Can I get germs from an eyescan, become sick and possibly die?
What if the last person using it had aids or worse -
Alergy rashes from womens eye makeup rings containing peanut oil?
I avoid atms, because you can see the grime, layers of finger grease, snot, and in some cases excement.
BSE prions now supposed to 'sneezeable'
Chewing gum, spraypaint.
Banks just got hit for Public Liability insurance - people slipping in front of an ATM. Wait till they cop suits for skin and eye infections.
Anyone got links to what bugs are in public telephone handsets?
The serverlocker my servers are in is retina-scan protected. The device that does the trick requires precise alignment to get a good scan, and every other time I have to do it twice. If there are three people in front of me I can just sit down on the edge of my briefcase because at least one of them is going to have a problem. Most of the delay after getting successive good scans is in the scanning device looking up the eye in the database 30-50 seconds, then it reject you you align your head again, scan, and wait another 30-50 seconds.....
Ugh.
This company is also planning an IPO later this year. I wont go into details on who has invested so far in this company, but a little bit of research will reveal that many "important" people have an interest in it, so they will try and push it.
Dont believe the hype.
All this talk about removing eyes and such....
It would make more sense for the criminal to just wait around the corner or whatever, wait until the eye scan is complete, then just shoot the ATM user, and then just use the ATM him/herself.
Any way you look at it, the owner of the account is penniless. At least with plastic cards/PINs, there isn't an assumed requirement for violence. (Yeah yeah, the crook can just hold a gun to your head while you scan your eyes, but that's not as effecient as a bullet to the head after the scan.)
(The joke works better in person, with gestures. Oh well.)
I feel fantastic, and I'm still alive.
Though, you know, I think the end result will simply be banks throwing up their hands and declaring, "Well if you kids aren't willing to play nice, then we'll just revoke your paper-cash privileges altogether!"
"Awwww!"
"Now, now, children. Debit card consumerism isn't so bad! In any case, only those with something to hide need fear the fact that the government will know what you like to read, eat, drink, watch and spread on your toast. Now then, Dolly, Billy and Jeffy, please go visit the school nurse; it's time for your Paxol."
Fantastic Lad
I know what you're saying; eye snatching probably isn't going to become a big problem. Especially when, as it has been purported, all you currently need is a color photocopy of somebody's eye to fool a recognition system. But I did want to put this in; I happen to know a couple of sociopaths. You probably do as well. They're a lot more common than people would like to think. Psychopaths are just the ones which went wrong. Or got elected.
-Fantastic Lad
Here in the US, I know one thing they'll do with that data - the Feds will find some excuse to take any eyeprints that banks collect, maybe to track drugs or money-laundering or discrimination against the visually challenged or blue-eyed people, and they'll pop it into whatever they've renamed the Total Information Awareness office these days, from whence it will leak out to all sorts of police, bank instpectors, driver's license bureaucrats, etc. Europe pretends to have data protection laws that might help with this, except that most of the laws seem to have clauses about "unless the police need to know %s, of course."
At a very minimum, it's possible to design systems that don't pass a full-detail eyeprint, but do some sort of comparison that works with a much smaller subset of the eye data, with each application program collecting a different small section of the eyeprint for its applications. Even that's abusable, but it's not _as_ risky.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The current lot of banks can't hardly keep up with any other tech, how can they pull off this?
Last week ANZ (one of the 4 big banks) sent me a new card since the last one has "issue" with its chip. Its issue is you can ask the dam thing "is 0000 my pin" and keep going till it says "yes". I wonder if the new one is better. At least they sent me a free USB card reader too. Not bad for an account I use only to pay the rent.
How are the other banks going to do this. Right now they can't even dor CVV or CVC2 (or whatever it called). Not one of them can. Ever pay a bill on Telstra net banking? 666 worked fine. I figured maybe it just happend to hash the same way and tried others. Still it works fine.
Any bank that can't do address verificaion because of privacy issues, won't be able to do eyeball scans for the same reasons.
I suspect teh only reason this has gotten this far at all is the banks call get 150% deduction on R&D. With their current profit margins as high as they are, they have to do something to cut their taxes and throwing money at collr R&D projects makes them look good to the investors and helps their tax situation.
Is much as I like the Aussie banks (sort of the same way way comedians like pres Bush), I don't see any of them getting far with this.
ATM (at the moment) my password is kept within my brain, hidden under millions of billions of neurons. I bet, that if i had also billions of dollars in my account, that any robber would kill me to get my eye, but if ATMs (automatic teller machines) still use passwords, i've got several minutes to think of an escape plan!
And what about funeral directors, or those people that make dead people look pretty? Would they not be tempted to take an eye, and replace it with a glass one, then take off with the dead guys millions?
I agree with the personthat said, i think atm (at the moment) we have enough security with a card and a pin number. The chances of someone stealing your card and guessing your pin number (unless your stupid enough to write it down somewhere[like on the back of the card]) is very high. High enough for me!
Giving IE users a taste of their own medicine since 2005 - http://pods.-is-a-geek.net/
Is there a difference between an iris scan and a retina scan? The iris contracts and dilates depending on light levels. It would seem that this would make it difficult to use for identification, unless the camera forced the iris to contract to a fixed diameter by flashing light into the eye.
Perhaps the article was referring to retina scans, but used the term "iris" due to a misunderstanding.
I can get your PIN now..it requires internal access but the hashing is trivial and the method for reversing exists...We do it to "test accounts" all the time...posting as AC because the bank I work for might get a wee bit miffed :)
Forget the nonsense about privacy. Kids, face it, you have no privacy left. The real issue here is that biometric security simply isnt. Unlike a public key method or even a 4 digit pin, once someone figures out how to mimic your iris, your thumbprint, your voiceprint (and of course someone will) you can't go and get a new eye, hand or voicebox now can you? One need merely 1) invent a device that can mimic arbitrary iris'es sufficiently for the scanner (ok maybe this isn't a small feat but it will happen) 2) pull off the traditional fake ATM scam that has worked since the beginning to collect pin numbers, this time collecting iris prints. voila, account access!
When you have 200 programmers trying to write code for one
product, like Win95 or NT, what you get is a multipule personality
program. By definition, the real problem is that these programs are
psychotic by nature and make people crazy when they use them.
-- Joan Brewer on alt.destroy.microsoft
- this post brought to you by the Automated Last Post Generator...