Slashdot Mirror
Ready or Not, Biometrics Finally in Stores
cancer4xmas writes: "It's very exciting to see USA Today's Technology front page saying, "Will that be cash, fingerprint or cellphone?" They're running a story on emerging biometric devices being the most fundamental change in personal finance since 1950, when the credit card was introduced. The concept is now being tested in some stores. Check out the full story." Now couple that tidbit with this morsel from wherley: "In a letter [scroll down a bit] to Bruce Schneier's Cryptogram newsletter, Ton van der Putte tells of a recent invitation from the BBC to comment on the addition of fingerprint biometrics to the British ID card. Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"
I remember I read awhile ago in some magazine how BMW had the technology to use biometrics in place of keys. The reason they didn't was that someone brought up this idea.
Carjacker + knife + need for your finger = not a pretty scene.
That's kind of kept me off of Biometrics for awhile. Now where'd my tin foil hat go...
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
The system in this article is voluntary, and that's great. So long as it's only volutary, I'm all for this.
One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:
(1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.
(2) To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.
Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.
Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister. If it's all the same, I'll keep my ATM card. It's a lot easier to change my bank account number than my fingerprint or eyeball.
Since that bloke showed how to use gelatine to fool a fingerprint machine, how long before jello becomes a controlled substance?
Engineering is the art of compromise.
I've thought about this for awhile, and I am thinking:
Why don't people just cut off their fingers and trade them as a commodity? Each finger is access to a different system...
For instance, if I work for a bank, but I want to get a vacation cheap, I just trade a finger with my buddy who works for some airline. He does what he wants with my bank, and I get the plane tickets I need to get away from this country.
The only problem is, if I want 10 things at once, how do I access the system without any fingers?
Maybe they should sell voice-recognition software with it.
Talk about giving someone the finger, geesh.
Karma Whoring for Fun and Profit.
Well, quite a long while I would think. I would imagine that the teenage checkout person at the supermarket would scream bloody murder at the sight of you using a severed finger, getting blood all over the biometric scanner. I can see it now:
"Paper or plast-- AAAAHHHHHHHH!"
Not exactly the most effective scam to try.
The age old test of "Something you know, something you have, something you are" security reenforces an extra point... challenging three times is always more secure than challenging once!
ATMs are secured this way. You've gotta have your card, know your pin, and look somewhat like you for the camera. (Looking wrong doesn't yet deny the transaction... but is a great tool when it comes to figuring out the "Whodunit?" that comes up when ATM fraud is discovered.)
In-store credit cards are slightly less secure. The card has to be present, and the person using the card has to perform the task of creating the proper signature that's on the card. (Again, a wrong signature might not always deny the transaction, but it creates a paper trail for later.) Some stores are advanced enough to also associate the security camera timecode to the transaction to create the visual trail as well, but that's not used as much as it could be as of yet.
Internet or phone card transactions are weaker because there's no demand that either a card or person been seen. That's why those transactions are also more expensive to get processed... they're more likely to result in a write-off from a scam transaction. They are less secure, and that's an admission of it. Still, smart e-merchants can protect themselves by performing some secondary security like only shipping to addresses related to the card.
Biometrics if used alone just the "somethng you are" test, but as we've seen it's going to be confused some of the time. Merging the fingerprint with a PIN number would at least get us to a two-test level of security... but the marketers of biometrics are insisting that their test alone is good enough. That's where they're seriously wrong, no test alone will ever be that good... that's why it's always best to double-check.
A better system might require several biometric techniques together to reach an identification.(hand shape and finger prints would go together nicely)
This article mentions the Asian woman fingerprint problem about 3/4 of the way down, but doesn't mention a source for this claim.
If all you need is a fingerprint, then everyone will be wearing gloves soon. We leave fingerprints everywhere! New crime of the future: Person gets your fingerprint of a glass or a door or some other public place and racks up a mint. Say what you will about credit cards, at least you dont leave yoru credit card number, expiration date and billing address on every surface you touch. Theres something to be said about slightly insecure systems. The less secure something is the less easy it is to steal, since people are more suspicious of insecure systems then they are of supposedly "secure" systems. I can see a day where your credit card number is quantum encrypted on a microchip implanted in yoru skull. And the ability to dispute charges will no longer exist of course, because the system is unbreakable! Except for the short, easily memorizable password needed to unlock the quantum encryption. We can seethis already with identity theft. Now that youre identifiable by a number (instead of in person, as in the old days) anyone with access to that number is you, and everyone believes that its you, because the system is supposed to be secure.