Slashdot Mirror
Fingerprints Replace Credit Cards in Seattle
prostoalex writes "According to CNET News.com, Thriftway introduced biometric systems in its Seattle stores as far back as 2002. The customer would have to be identified first and submit his own fingerprints, as well as register credit cards with the grocery store. But then a Pay By Touch system became quite popular among the store regulars. According to CNET, "one man even drove 400 miles to use the technology". The store also reports 0% of such transactions being fraudulent."
I guess this is the future... I just hope such info won't be crosschecked for national security's sake.
Trolling using another account since 2005.
Geek
The store also reports 0% of such transactions being fraudulent."
I don't think anybody's going to let you buy stuff with a severed finger.
What it could also mean is that most people don't reconcile their statements at the end of the month, and that the people who use this system are even more likely not to bother, because they trust it more.
Or not.
But give it time, someone will figure out how to scam it.
Here in we've been using a similar system for unique biometric identification of customers for years. It works a bit like this:
1) Walk into stor
2) Say 'Hello Ifan' to Ifan, the shopkeeper
3) Ifan says 'Hello ' back if he knows you
4) Say '2 grenade launchers, one baboon, and a pint of guinness please, my good man'
5) Ifan produces the above, charges your account, takes payment later. Nice and easy. And if you don't pay....
6) Chop!
How is this a really good thing?
How well does it work on someone that does a lot of physical activity (woodworking/metalworking) who might not have very good ridge detail?
Is this susceptible to Gummy Bears?
While there may have been 0% fraudulent transactions, how many people were inconvenienced when the scanner didn't read properly?
I know someone like my mother would be the lucky one person who's standing there trying while the system refuses to let her use the credit card / account.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
You think the idiots they hire for $4 an hour will notice?
You think the machine they make to replace them will need the rest of the hand to identify the finger?
No, probably just somebody who thinks run-of-the-mill fingerprint scanners are reliable, and does not care for privacy implications.
Picture of a fingerprint, how could you "print" it out, complete with ridges? Laytex, or maybe silicone would be nice, something I could glue to my fingertips, temporarily. Also, what are the oldest fingerprints available, that would show up in a search? I'd like to be a 170 yr old, 90 yrs dead suspect, or, supposing celebrity fingerprints are available, George W. Bush himself!
And then for when I get caught, fingerprints with an embedded "Fuck You Pigs" logo that would show up on the fingerprint card....
Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.
This way, if someone steals your card info and puts their own fingerprint info on it (or onto the back-end database, or whatever), there is an immediate method to start tracking them.
Of course, there are ways to defeat fingerprint scanners, see Schneier for a starting point.
I therefore think that the danger here isn't in the fingerprinting itself, which is just another way of tracking usage. It is that cost/risk of fraud will be passed on from the banks to the consumer (or possibly stores).
to say thumbs up to privacy invasion!
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
You already give them your fingerprints at the customs, so I guess they exactly know where you are at every moment you buy something...
Now, if they want to arrest you, they will remove all your priveleges remotely so that next time you want to buy something you'll be retained by the caissier until the police comes.
</tinfoil>
Trolling using another account since 2005.
Someone may have more experience with this than I do, but this is a bit scary. Has anyone else read the book "Stealing the Network". It goes into some detail on the subject of synthetic fingerprints and just how easy they are to make at home. The book is at home and I am at work or I would post the links that they have as refereneces. I can see the usefulness of the fingerprint perhaps replacing the signature or pin number, but the whole credit card!!! I don't know about you guys but when I realize that I left my credit card sitting around in a public place I freak out. I guess I am going to have to wear gloves from now on, or carry around a bottle of cleaning solution everywhere I go.
Someone with more experience please comment, especially if you have the links from that book, I am curious to read up.
Thanks
Crawl This - http://darkry.net/test/test.php
Well, severed fingers don't work on optic fingerprint readers, so it doesn't really matter if the clerk is an idiot
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
Do they actually REPLACE credit cards?
"Pay over the internet with your fingerprint now!"
Damn hackers, intercepted my finger print. Could I block my account and get a new fingerprint, please?
News story about the poor bankrupt grocery...
"The store also used to report 0% of such transactions being fraudulent before the story was posted to Slashdot. Then the number of frauds by using "stolen fingerprints" skyrocketed."
Anagram("United States of America") == "Dine out, taste a Mac, fries"
1) Have sales of gummy bears experienced a dramatic surge in the area?
and...
2) Can I choose which finger to give them for my biometrics?
Maybe he just lives in the middle of nowhere and it was the nearest cashpoint...
Hmm. Currently, malevolent hackers try to trick me into entering my CC# in a box. I don't mind that, I'm used to it.
But I would mind if tomorrow's scam will be fake candy boxes all over the place, featuring some kind of Guillotine-o-finger(TM) system...
But this is not surprising concidering the cost of a home finger print scanner of only 39$.
We tested a system like this a few years back in the company cafeteria (We are a third party credit card processor) As I recall they dont actually store the fingerprint itself when you register the card but rather a pattern hashed from the registration scan, in other words you couldn't take the data that was stored and get back to an actual fingerprint.
This technology would be a field day for law enforcement. Any and all crimes that happen in that area where they find a fingerprint but it's not in their database... the first thing they'll do is call up Safeway.
I've always wondered about this. So there's a thermal component to the readers that won't read a cold, dead finger?
Don't call me a cowboy, and don't tell me to slow down!
Fingerprint systems like this seem to work as well or better than most forms of ID. Most security on credit card purchases I've made has been limited to comparing my signature on the receipt to the one on my card, which can be forged pretty easily. They don't ask for picture ID any more on credit cards. A lot of them don't even keep my card long enough to check the signature, and automatic chargers like gas pumps will take your credit card without any cross-check. In that sense, using an account activated by your fingerprint is probably an improvement.
:)
Yes, there are concerns about the government tracking you through your fingerprints, but they could do that through your credit cards now anyway, so I'm curious what the difference would be. Besides, we're more at risk from all the commercial entities who have access to our electronic transactions. Unlike the government, they routinely do all sorts of things with the information they collect on our purchasing habits.
Here's my main concern: What if someone manages to impersonate you and establishes an electronic account that ties your financial information to their fingerprint. Someone could wreak havoc in a fairly short time if biometric systems are trusted blindly.
Then again, if the scammer impersonates a person with huge debts, maybe they'd get stuck with them.
Biometrics may be a miracle cure or snake oil. As with any potentially useful technology, which it becomes will depend on the implementation.
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
"Fuck You Pigs"
You know, your comment was mildly interesting up to this point. But I have to ask, why the anger at the police? I hope the comment was a joke.
For every bad cop you can point to involved in something like the Rodney King beating or the Abner Louima torture, there are tens of thousands of professional police officers dedicated to preventing and solving crimes, as well as enforcing basic laws which help us survive as a peaceful society. Some of them even die for you while you're resting peacefully at night.
So if it wasn't a joke, lose the 'tude. It's disrespectful of a lot of hard-working people.
"We're sorry, but the website you're trying to reach has been disconnected."
I live near Seattle and I can say for sure, you can still use that trusty ol' plastic everytime you have the urge to shop. Man does it feels good to swipe!
Bear with my bad SF for a moment. Western civilization seems to be converging to the point where citizens will have no choice, but will depend upon a handful of mega-corporations for their sustenance, while at the same time having to give not only their time and energy, but also their identity in return. By this time, privacy will have been successfully abolished and its last traces outlawed. Every adoption of RFIDs, DRM technology - as well as every merger between huge corporate actors is pushing the world nearer to a dystopic future.
Not a flamebait, just feeling the need to vent. Mod me a fool and placate me, please.
The store also reports 0% of such transactions being fraudulent
in other news, a survey of the first 5000 apache users reported 0% suscessful intrusion attempts during a trial period.
the system is obviously not used enough to make it worth spending a lot of time figuring out ways to exploit it... once it is the only way to shop then we would quickly see how secure the system really is
But Seattle's progressive nature probably allows for something like this; I dont think it would fly in Nebraska, or the Midwest.
There's also the matter of having you credit card information on file; fraud need not occur at the counter; If that financial information is compromised...
Fingerprint scanners are pretty cheap. I wonder though based on this how far off inexpensive retina scan security/transactions are.
Blacker than my baby girl's stare. Black like the veil that the muslimina wear. Black like the planet that they fear...
We might have gotten 0% fraud for that
But I think your sentiment is spot on. Well, for the most part. I think this has the capability of being more secure, but it has the flaw of its users expecting it to be perfectly secure, which would actually make it less secure (see also Why Things Bite Back, by Edward Tenner).
Just like at least one reason Linux is more secure is that it is less used, fingerprint scanners will be unlikely to be a target for the next few years. If they become the primary means of verification, whether they become more secure than the current system depends on how much their shortcomings are acknowledged. (Naturally, most /. readers already know about the various ways to circumvent these systems.)
Ben Hocking
Need a professional organizer?
just check:n ?language=en
http://www.ccc.de/biometrie/fingerabdruck_kopiere
hacking of people's fingers so someone could buy nail polish remover at thriftway.
Sadly... some idiot will actually attempt to do something like that if this technology takes off. Just watch.
There is some bozo out there who will think that's a brilliant idea.
Let's think here. First off, not many people know about the existence of this new form of SpeedPass, which if you'll pardon me saying so, is a stupid thing.
More likely case: even if they had experienced fraudulent activity, they probably wouldn't know yet. Who is using the system? ANSWER: store regulars. They are the least likely to notice an extra charge on their accounts. Think coffee shop people. Would they really pore over their credit card bills enough to notice an extra $3.00 latte? Also, would their be enough incentive for someone to try to defraud anyone yet at the low dollar amounts and get caught or knock themselves out of a bigger score later?
Trust me. We won't hear of an issue with fraud until it's worth their while.
Now accepting PayPal donations!
I guess the barcode-on-the-forehead project didn't go so well.
A person with good slight of hand talent could easily use the gummi bear trick.
I also wonder if they allow this to very age for purchase of alcohol and tobacco.
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
If someone gets an electronic imprint of your credit card number, you call VISA and get a new number.
If someone gets an electronic imprint of your finger print, you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.
Ticketmaster, 5 years later, "I'm sorry sir, but you *DID* buy 10 first-row superbowl tickets. Our computer says you did it over the internet and we have your finger-print scan on file to prove it."
RUN, don't walk, when someone in a store asks for a scan of your finger-print.
Sam
I no longer sign my credit cards. Instead I write in big block letters CHECK IDENTIFICATION. Thi serves two purposes:
1) It stops Chip the clerk from being forced to practice the handwriting analysis skills (which he could not have learned in Quantico since he is 16).
2) When they do not check ID I point to the back of the card -- they will be a little embarrassed and maybe they will start checking to see someone wanted the ID to be checked.
If someone ever steals my card then maybe the ID check will have some effect....
Of course, let's not mention that, if they wanted to do that now, all they'd have to do is.. well.. revoke or suspend your credit cards. It doesn't sound like they refuse cash, or even that they could (foodstamps, etc). Just, if you want to use a credit card with them, you use your thumb instead of signature as proof.
Rather it be "I keep my ccard number until I come into the store and sign my transaction with my fingerprint" rather than "Here's my ccard information, let me authorize it by only ever showing my fingerprint." The former is more secure. The latter opens the possibility for their systems to be broken into (internally or externally) and lots of credit card info stolen.
Hey, no problem... you just keep the severed finger in your mouth to keep it warm until it's time to perform the deed. Always works for me... uh, I mean, I've heard that it works ok...
Cool, now you can just chop someone's finger off and go shopping.
What is stopping someone from taking your fingerprint and creating a thin plastic membrane copy, which you just slip on your finger.
Sweet! Now when you get held up, they will take your finger instead of your wallet!
Amazon: "I'm sorry sir, you *DID* buy 20 copies of the first season of STAR TREK: ENTERPRISE. We have your finger-print scan in our computer to prove it."
If you are using a finger-print scanner to make ANY purchase, get ready to spend the rest of your life tracking down fraudulent purchases.
Sam
A fingerprint check might be secure and convenient. But what guarantees that the fingerprint, and the ID of its owner, will be used only in that authorized transaction? We have copyright control over our personal info. But our rights to restrict distribution are not explicit in law. The Congress must pass a law making such personal info copyrights clear and current. We need at least the same protections we give to copyrighted corporate info, like songs and music. Or corporations will own all our info, too.
--
make install -not war
... when try pry them from my cold dead fingers.
Biometric is not EVER revokable... despite being accompanied with a PIN or other form factor authentication.
Once your biometric is stolen, nothing can replace it.
When is general populace going to get a clue, like us esteemed Slashdot readers do?
It is interesting to see things like this, as innovations.
I lived in Mexico where my father had a ranch, he used take us there every saturday to pay the pawns for the weekly job (harvesting, cleaning, etc) and he had a book where he annotated down the money he gave to the workers (like a spreadsheet). He used the fingerpirts of the workers (with ink) so that the people who didnt knew to write could sing.
Ubuntu is an African word meaning 'I can't configure Debian'
'cos the Bush voters living in "Jesusland" would refuse to use it, going on about the Book of Revelation, man's mark required to buy or sell, etc.
When I am king, you will be first against the wall.
Oh yeah it probably will, but the large corporations making the devices will have an 'easy' button hiddenon the underside for the Republican supports to press when things look like its going bad for them.. :)
That tinfoil hat scenario may be more real than you think in a decade or so. It's both exciting and saddening, but one thing we can all agree on is it's inevitable.
Isn't fraudulent activity, though that's a concern.
I just don't understand why people want to hand over their credit card information in an on-going basis to these companies. Same as with those 'Speedpass' things (those I don't trust at all).
If I use my credit card at a store, they do the transaction and they're done. Having a company keep as part of its corporate records and stuff they track about a consumer including their credit card info seems kinda scary.
I guess there'll always be people not phased by this, but I suspect I'm not alone when I say I wouldn't use it.
Lost at C:>. Found at C.
The truth shall set you free.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
IIRC there was a company developing a product that used a separate technology in conjunction with the optical reader to measure the bloodflow in the finger. That way you couldn't just heat up a finger and have it pass, it'd actually have to have blood running through it at the right temperatrure.
It seems that technology like that would make it near impossible in practice to forge.
Why, o why must the sky fall when I've learned to fly?
I think that there is confusion over the distinction between "Identification" and "Authorization".
A good secure transaction would require both.
For example: To withdraw money from an ATM, you have the bank card (identification) and the PIN (authorization).
So.... I think a distinct likeness like DNA or fingerprint would make a reasonable form of identification, I do not think it is reasonable as a form of authorization.
IMO, a monetary transaction which involves a fingerprint will still require the user to enter a pin number for authorization.
Just my 2p worth.
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
There's a Pick N Save grocery store downtown, that's not quite like a normal Pick n Save in that it has lots of high priced specialty foods. Anyhow, it's had this pay by touch system for months now. I'm not willing to use it, nor is anyone else I know. But sure, it's a neat idea?
From an article (reg req'd) on identity theft:
True story? Who knows, but the moral of it is not to put all your faith in technology, and never underestimate criminals. Some may not be very bright, but that's more than made up for by their cunning.
True, and they will already have the fingerprints of those who dared vote against them.
That, combined with the Patriot Act will probably get you an orange jumpsuit and a meal a day in Guantanamo.
Welcome to the christian taliban and the red states of America.
details here
and probably on slashdot somewhere.
Bottom line - you can use concentrated gelatine to make a fake fingertip. as seen in the movie Gattaca
But he would drive 400 miles,
And he would drive 400 more,
Just to be the man who drove 800 miles
To be a big lo-ser.
(apologies to the Proclaimers)
Those exist, but they're more expensive. The problem is that a dead finger should be used immediately, because after a short time, the fingerprint kind of fades and becomes very difficult for a reader to recognize it.
/. readers know that there's absolutely NO 100% secure system. Such thing doesn't exist, the goal isn't to render fraud completely impossible, but to reduce it as much as we can. Fooling a fingerprint reader + magnetic card + signature, etc is simply harder than doing the same on non-biometric systems. Other advantage is agility and simplicity, on some systems, you might authenticate just by placing a finger on a reader, instead of using maybe more annoying solutions, and in such a case you might gain some security (a lot in fact, just not 100%) but you also gain in simplicity for the users.
Anyway the real point here is that biometrics, specially fingerprint recognition is a very good and mature solution, which can be used for lots of things. Of course it could be fooled eventually by someone with enough determination and resources, but I would think that
There are no magic cures, the real problem with biometry is not that it doesn't work 100% perfectly but to make people aware of the fact that while it's more secure, it *could* eventually be fooled, and contingencies have to be considered too, just like with any system.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
howto:n
http://www.ccc.de/biometrie/fingerabdruck_kopiere
copy in action:
german: https://ds.ccc.de/084/fingerprint
(d0h, google still can't translate https documents directly?!)
Right, everyone knows Thriftway is just a front for secret government projects. Watch out for seven-11, too. Your Slim-Jim preferences are being logged into the anti-terrorist database. And don't even THINK about buying gas there. Then they'll KNOW about your ties to Al-Qaeda.
Disclaimer: all tongue-in-cheek; no attack on parent
Exactly.
As I said before, never put all your faith in ANY system, you can tighten security with technology, and fingerprint recognition does that fairly well, but of course nothing is 100% secure. You have to consider contingencies.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.
The five second rule doesn't apply here.
You must be pretty brave to eat something that just touched something that everybody else has touched and probably has some amount of everything else they had touched on it.
I would be wary even putting my finger on there nevermind eating off of it.
I bet he just lost his credit card...
Yes, because will all know how much more secure a little plastic card is.
Seriously, did you just make that up hoping no one would notice that you don't know what you are talking about?
But my assumption is that once forging fingerprints begins to cost companies some money, improvements will be made to make it harder to forge. I'm familiar with that experiment where every fingerprint scanner at a specific expo was fooled (or at least every one that would allow itself to be tested), but I don't think that means that the scanners can't be improved - just that the designers underestimate the ability of the scanners to be fooled, or the ability of crooks to fool them. Eventually, I expect (based on no evidence whatsoever, and very little meaningful information) that fingerprints will be harder to forge than a credit card, due to improvements in scanners.
As for getting new fingerprints, I anticipate that the problem in the future is that rather than emulating your fingerprints, crooks will hack the database storing your fingerprints and convince the database that the crook's fingerprints are in fact yours (and/or vice-versa). The headache will be convincing the fingerprint companies that you are who you say you are. Naturally, one safeguard might be to prevent two people from having the same fingerprint - on file, that is. I'm assuming (quite ignorantly I might add) that nature has already prevented it from being the case in reality.
Ben Hocking
Need a professional organizer?
A friend of mine works on a stock exchange as IT manager. He could unlock a workstation of a trader using his own fingerprint (without any further hacks). Local security didn't believe him untill he demonstrated it.
It is not as airtight as you may think...
Sig (appended to the end of comments I post, 54 chars)
I think the point of the parent was not that a little plastic card is more secure, but rather that a card is not permanent.
If a credit card gets stolen... you get a new card (with new numbers). If your fingerprint gets stolen... do you get new fingerprints???
It's when cash is no longer accepted that I leave the country.
I've only got 9 fingers, you insensitive clod!
this gives a new meaning to the word 'goldfinger'
Has there ever been any kind of study showing how reliable fingerprints are? From what I've read there hasn't been any such study. And if something like this is irrevocable, shouldn't there be definitive proof that it works?
If someone gets your credit card number, you call VISA and get a new card.
If someone gets an electronic imprint of your finger-print you can't change your fingers. Hence, "get ready to spend the rest of your life tracking down fraudulent purchases".
Sam
Genital imprints. :)
So to commit fraud, all you have to do is go to the subway and take fingerprints from some surface, isolate the thumbs, create cheap replica thumbs using high-technology (digicam, gummibears and photo-sensitive printed-circuit board) and try them out.
The only way to have this thing "secure" is to wear gloves all the time.
Actually the fraud is so obvious, I am really shocked that anybody is so stupid and believe that the system is secure. The police is taking fingerprints for over 100 years already and that's not a secret either.
Yes, because will all know how much more secure a little plastic card is.
It is. You don't get far with a digital photo of a plastic card. But a digital photo of a fingerprint (not even the finger!) e.g. from the refridgerator and a few tricks allows you to fool fingerprint scanners.
Yes, but a fake skin replica that fits tightly over your real finger can fool any machine any time. It has warmth, it has blood flowing under it, and it has the right pattern. Remember, what you have, what you know, and something you are. But nowadays that last one is becoming just a weaker version of something you have, because you can never trade it out if it gets copied.
Hey there's new invention called fire, the trouble is that it can cause fatal injuries and it has been known to destroy property. Even if precautions are taken against these calamities, it won't work if its too damp. I think that it is a bad thing that should be banned before its too late.
The point is that no new technology is all good, so asking if something is "a really good thing" is kinda dumb. What you should be asking is "do the pros outweigh the cons?"
how many will be driving 400 miles to use it now it's been on /. ?
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
Those fingerprint will be available to law enforcement, just as videotapes of street scenes by store security cameras are routinely requested/demanded. I'm somewhat oppposed, why not instead design an RFID device that the customer keeps in a wallet that only contains certain minutae of the fingerprint. Then when the customer approaches the fingerprint scanner the card gets automatically read and then compared with the print which then sends an authorization token to the store. If you really want to make it secure, include a decryption PIN for the fingerprint minutae stored on the RFID device. Something you have, something you know, and you. Not a bad security device.
- Times I have already given the government my finger prints:
- First Grade: They came in and took everyone's prints.
- Grade 11: Once again, came and took our prints. It wasn't mandatory.
- 2002: Took my prints when I recieved a concealed handgun permit.
For me, I'm not worried about giving my prints. The man already has my prints. I'm just worrying about someone chopping off my finger and going to thriftway to buy groceries!Pretty Pictures!
gives a new meaning to the term giving them the finger.
In a couple episodes of CSI, the perpetrator made rubber hands that had fingerprints from a live person. (Admittedly, his own, but that's a plot complication I don't feel like explaining.)
Extend that concept to rubber-mold gloves.
tasks(723) drafts(105) languages(484) examples(29106)
Due to limited availability of this technology, it's not surprising that they have no fraud. Start putting this on something gas pumps where you can buy something most people need on a regular basis and don't have to interact with people, and the fallability of this process will become much more apparent.
Stores will be suspicious of anyone buying Gummi Bears
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
The store also reports 0% of such transactions being fraudulent.
OK, so a voluntary system that requires you to submit your fingerprint and no criminals have tried it out, even for malicious purposes? That's incredible! I hardly think that this counts as an endorsement of this technology. If it were to become more widespread it might be worthwhile for the "bad guys" to come up with ways to defeat it, but as it is they will just go down the road to the place that uses the good old credit cards they can get out of a stolen wallet.
THIS SPACE FOR RENT
You must live in a high-rent district. Around here, idiots go for $2 an hour.
I only have 8 fingers you insensitive clod!
Caesar si viveret, ad remum dareris.
Maybe after I finish waiting in line for the next Star Wars film.
From Demolition Man:
Lenina Huxley: That is correct, money is out-moded. All transactions are through code.
John Spartan: All right, so he can't buy food or a place to stay for the night. And, it would be a waste of time to mug somebody. Unless he rips off somebody's hand, and let's hope he doesn't figure that one out.
"...At the end of the day"..."when everyone goes home, you're stuck with yourself." RIP Layne Staley
I ask because at the science museum in London, there is an area where you can experiment with several computer based activities and save the results using your finger print. I had to try several fingers before I found one which wasn't incorrectly identified as someone else's.
I would guess that the technology used in this situation is not as accurate as that which would be used for credit cards but still it is still a rather worrying thought that someone else's fingerprint could be mistakenly thought to be mine by a creid card system.
I wish to remain anomalous
Dunno about you but I have 5 digits on each hand.
The only finnicky part is getting your fingerprint pattern key (the raw info is not sent, it gets crunched down by the scanner,) into the database on somebody ELSE's account. HE will be the one stuck with the bill.
You can then run the scam the same way.
Actually it takes less balls to do it because either it works and your laughing or it doesn't and your mutter something about a new scar on your fingerprint to a clerk.
You don't have to worry about getting caught because you're going to have created a false positive (doubling the key) rather than replacing a real record.
Your fingerprint is essentially worthless for security when you've got access to a scanner and to the system.
The trust-worthyness of the original scanner and scannee is the key. The more paranoid you need to be, the more data points you pick, and the more tightly you control the access to the system.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I recall a review of some new biometric-enabled mice that came out, and the trivial way to trick them - cup your hand over the sensor, and breathe softly on it.
The existing oils will pick up the water vapor to form the pattern of the last finger on it, and the heat of the breath triggered the sensor to read it.
What amused me the most was I went to tell my boss at the time how these researchers had found such a simple way to break it, and he said "Oh... I just bought one of those yesterday." Heh.
Especially as in TX, where they require (I believe the right) THUMB print only. One is not allowed to use other fingers for authentication.
Yeah, right.
I don't know about you, but I've never once had a CC stolen/lost. I don't know -anyone- who has had 10 CCs stolen/lost, much less 10 cc's stolen sequentially (which is a better analogy, since one print id's all of your CCs here).
"Stumble before you crawl"
I, for one, just have to say... "Get over it, you whiny-ass". If you want to win the election, run a candidate who has a chance. Not some leftover, pot smoking, hippie-wannabee rich boy.
it'd actually have to have blood running through it at the right temperatrure.
So, when I run out to the ATM (or Supermarket, etc) on a cold winters day, and don't wear gloves, I'll get denied because my finger is too cold? Oh, yeah, that'll go over well.
It can be faked pretty easily if nobody is watching, and I assume in the future even if someone is watching.
Oh no! then you might have to use a bank card!
UDA all the way, fuck the pope and the IRA.
--
P.S. No surrender.
Before anybody gets up in arms claiming that this is a hideous privacy infringement that is frighteningly Orwellian, let me soothe your tinfoil-infected brain by pointing out the obvious: you're dropping your finger prints all the time on everything you touch! Unless you wear gloves all the time like Jacko or have burned off your fingerprints in some tinfoil-cult ritual this is nothing to worry about.
The preceeding paragraph was of course complete fuckery, because of course this is a terrible idea! I don't even use freaking customer benefits cards because I don't want my purchases tracked to my name. Us slashdotters know how big a database can be, and we also know how easy it is to link databases. Would you feel comfortable with some giant database buried deep within a missile silo that tracks your every purchase, has your dna and fingerprint on file, and is searchable by library book!? Yeah that sounds just freaking dandy.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Monkeys attracted to bright shiny objects. Weee fingerprint instead of swiping a card and signing a piece of paper which sucks up a total of less than one minute.
Register your credit card? Did I hear that right? I can safely say that my response to that is go fuck yourself and the grocery cart you rode in on.
Wait lemme guess what the Starbucks crowd in Seattle wants next.....
Pay using Paypal from my Blackberry. Yeah that is the shit. I will be massively more 1337 than you !!!! Weeeeeee !!!
does everything have to be an evil conspiracy? Is it not possible that bio-metric devices could be used for pure good? Do you really think the gov't needs your fingerprint to track your credit card purchases?
I mod down so you can mod up. Your welcome.
The reason they have 0% fraud rate is any thug can rob you for your wallet or steal your purse and thus get your credit card. But how many are smart enough to figure out how to steal your finger print. Those who are that smart aren't going to go through the effort just so they can go buy groceries. I can just picture somebody getting held up in a alleyway..."Place your thumb here and nobody will get hurt".
Plus, once an individuals print has been compromised you flag the system to have someone validate the individual the next time the print is used.
these guys are going to duke it out with BioPay over patent rights.
http://www.biopay.com/press-release-012405.asp
High Tech Burrito in Berkeley used a thumbprint reader as an optional payment identification system back in 1998. It was a pilot program for SmartTouch, a Berkeley biometrics company which later changed its name to VeriStar then apparently went out of business.
The problem with biometric payment then was the barrier to entry. Most people didnt want to fill out a form with CC info just so they could easy-pay at one store. What they wanted was their burrito.
Still, when there's a confederated system (sign up once, thumb around anywhere) I'm sure we'll see a lot more uptake.
Kevin Fox
tm
Support TBI Research: http://www.raisinhope.org
If I lose my credit card, I phone up and get another one. I am inconvenienced for a week or so while they send me a replacement, but I take care that I don't lose the next one. AND I can get cash from the ATM in the time being. However, if I cut my finger, then I can't use my credit card, OR an ATM, etc, until they allow a second finger to be used. In the meantime - no food, petrol, whatever. Depending on what your job is, you will cut your fingers, get splinters or just wear away those fingerprints. It's fine for companies trying to improve security, but when it could so easily get in the way of normal (lawful!) day to day life, something needs looking at.
That means there's a one in 100,000 chance that someone has the same hand. Unless you mean hex.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
If it was required (fingerprint)...I'd almost be willing to drive 400 miles to AVOID shopping at this store...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Or you can only use the fingerprint in person, or you need to use it with a secret pass-code. It is much better then a credit card option (and harder to manufacture).
Your statement was made to just scare people.
I mod down so you can mod up. Your welcome.
"does everything have to be an evil conspiracy?"
Only on Slashdot.
What if someone was at a doctor's office or pharmacy getting medicine because they have a fever?
They can't buy it because their temperature would be off.
to break their system
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
I agree that a fingerprint might be suitable for identification (except for the potential fraud and irrevocability problems). It's not suitable for authentication for the simple reason that it won't remain a secret once people start using it more for identification!
Other examples of Identification would be something like your SSN or drivers license. It's not really a secret--the party you're identifying yourself to needs to be able to confirm the information somehow (database of drivers license no's). When you call your bank and they ask for mother's maiden name, recent transactions etc. they are trying to confirm your identity using information that both you and they have (but presumably other people don't have).
In this case, Card + PIN = Authentication.
Authentication also requires identification. In a credit card transaction, you identify yourself by name and card number (and perhaps with a drivers license or something if the merchant is unconvinced). Notice that knowing the card number (a piece of identification) and posessing the physical card are not necessarily the same thing.
There are 3 secret factors you can use for authentication:
(1) Something you are (e.g. biometrics)
(2) Something you have (e.g. credit card)
(3) Something you know (password or PIN)
(1) is a risky way to go because its hard to change it in cases of fraud or identity theft. (2) is risky because the thing you have can be lost or stolen.
(3) is usually the safest--as long as you don't forget it or tell it to anyone else.
Notice that these things have to be SECRET or not-very-easily accessible to others, in order for it to be safe to use for authentication. You might tell other people your username (your identification) so they can send you e-mail. You wouldn't tell them your password because then they could impersonate you in authentication.
The best systems available combine at least two of these factors--usually (2) and (3), or even all three.
This really creeps me out. Do they actually expect people to participate in this? I thought this is the type of stuff we are trying to avoid happening...
...because you CAN'T change your finger print.
Hrmf! Telling me I can't change my finger prints?
*revs up the workbench sander*
I'll show you! ARRRGGHHASDFWDasdfsdaf12~!!!
sea i cntoo chadnfge my ow ow ow fignr prnits ow ow
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
How do they avoid the common problem of fingerprint scanners: too stringent or too loose settings. If you set it too stringently, you get false negatives (rejecting people it should accept). In the other direction, you can get false positives.
I did an implementation at a hospital that used fingerprint scanners for the drugs in the unit. The nurses constantly complained that it wouldn't take their fingerprint when it should. This was partly due to settings and partly due to the scanner getting dirty and scratched.
I'd be interested to know how Thriftway is getting around those things.
No, sometimes evil works alone. No, there is no such thing. No, they just use orbital mind reading satellites.
Don't bother with tinfoil, that's just what _they_ want you to use. The government has been secretly controlling the thickness and purity of commercially available tinfoil for years to prevent you from blocking their rays. The only thing to do now is to cast your own solid lead helmet and vest. You will need to get lead that has been in storage since at least 1948 when Project Helius was started and the spooks began placing secret tracking numbers in all shipments of domestic metals and make sure it's at least two centimetres thick.
That's right, two centimetres. Why do you think the USA is the only country in the world to resist the metric system? Because the wavelengths of all of their sensors are calibrated in even multiples of one inch. A lead sheet exactly one inch thick would be just like a picture window to them now. All those crazy measurements? They're in on it. Why are there still twelve inches to the foot? The government. Sixteen ounces in a pound? That's so they can see where you're going. Fourteen days in a fortnight? It's all because of them.
Trust no one. Especially me. This message may have been compromised so don't take any of this advice. It may be coming from someone you can't trust.
Note that fingerprints are used only for verification. This explains the process. The actual search is done by person providing phone # at the checkout. Cnet article and main page of paybytouch fail to mention it, and make it look like fingerprints are used for identification. If fingerprints were used for identification, it would have been really easy to fool. My guess is that 10,000 is the upper limit of enrolled persons for identification. Say, if they have 100,000 enrolled customers, you would have walked to the store, presented fingerprint, and most probably it would match to other 10 already enrolled fingerprints. This is just an example of reporter not doing proper research before writing article, and making all the fuss.
Funny? Not really. While thriftway isn't a branch of the government, the government could easily seize the database from them and add it to their own. How long before there are laws that force companies like thriftway to allow the FBI to search the database as often as they like? How long before companies like Thriftway are forced to send database updates directly to the FBI?
Think it can't happen? Take a look at the Patriot Act. Did you hear the President's speech? Did you happen to catch his statements about improving IT infrastructure for law inforcement? If you have nothing to hide, then you shouldn't be worried. Right?
When will people learn that identity factors are not the same as authentication factors?!?!
A Fingerprint is something you are
It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.
The biggest deal here (not mentioned very much in these
That makes their DB such a huge target
Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.
And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!
Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.
This has happened to me. Went down and attempting to buy a handful of CDs. Circuit City would NOT take my cash unless I produced ID. WTF?
Related, Wells Fargo refused my attempt to make a withdraw unless I produced two forms of ID, one of which HAD to be a credit card. I politely asked them: "If I don't have enough ID to make a withdraw, do I have enough ID to close my account?".
There is being secure, and there is whoring for my personal information. I'm uncertain where the biometric ID falls, but when a bank can issue a line of credit with little more than an address and a SS number, AND take no fucking responsibility for the fraud that ensues; I don't think my security is one of their aims.
Yesterday I fixed my ripped shower curtain with seam sealer glue and I got some on my thumb when I pinched the edges together. Right now, I can't feel anything with the tip of my thumb because it's covered with extremely strong glue. If all purchasing eventually goes by fingerprint, then I assume folks like me will occasionally not be able to purchase anything! Maybe that's a good thing. Seriously... I can't get this stuff off!!!
I remember hearing how gelitan gummy can be used to fool a fingerprint reader. I thought it was kind of cool. If someone questions you, just eat the evidence. read the story here
There's no place like ~/
So the fingerprint recognition could be total vaporware, and it would still appear to work.
Even if it's real, typical Equal Error Rates for fingerprint systems are around 5%. So if you have a list of customer phone numbers and access to a fingerprint terminal, you should be able to crack the system in about 20 tries. Then you have access to someone else's accounts.
I think you meant to say "made up for by their evil" rather than cunning. I totally agree with you....
"Lack of technical competence coupled with the arrogance of power, as usual, leads to no good end."
Is is me or is this an assinine program. Who in their right fucking mind would volunteer their fingerprints to #@^#& GROCERY STORE?
They can have a stool sample if they like, wrapped in a flaming paper bag for effect.
WTF? WHERE DID YOU LEARN YOUR ENGLISH, DUMBARSE!
I BET YOU'RE FROM INDIA.
FAG.
# Read other people's messages before posting your own to avoid simply duplicating what has already been said.
# Use a clear subject that describes what your message is about.
# Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
My wife has fairly severly eczema on her fingertips and they are often dry and cracked, especially in the winter. Sometimes she bleeds and has to wear a band-aid. The probability that a biometric device could make sense out of her fingers is zero.
---Technology will liberate us if it doesn't enslave us first.
This is one reason that I hope people don't start using biometrics as their only form of authentication. Banks, for instance, should at least still require a PIN (or actually let a person enter a password with a normal keyboard). If a criminal knows that they still need a PIN/password then chances are they won't steal a finger. It'd merely increase security without (much) impact on ease of use. Of course, on the other hand, if someone severs your finger you will know about it, so you can have your bank lock your account.
Also, what are the oldest fingerprints available, that would show up in a search?
The movie "Gone in 60 Seconds" had a moment where one of the senior car jackers was putting on gloves and the kid says he doesn't need them and gives him some fake fingertips with other fingerprints. Said if they came up they would come up with Elvis's (as in Presley) fingerprints. Already been thought of and used.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
Is it not possible that bio-metric devices could be used for pure good?
First give me an example of ANYTHING that has been only used for pure good.
Sorry bud, human nature makes abuse inevitable.
-Don.
Cwm, fjord-bank glyphs vext quiz
Ice cream
I mod down so you can mod up. Your welcome.
I disagree. Figerprint readers can use two forms of IR. One verifies it's producing heat, the other makes sure it's skin. We've done facial recognition that could tell the difference between a person and a Hollywood mask of that person. It wouldn't even enroll the dummy head as its own person.
Plus, I'll wager that more CC theft is a result of lost/stolen wallet or the card itself. It's much more difficult for your typical criminal to steal your fingerprint, esp. if it requires having a decent educational background just to understand how the biometric device works.
- Sig
I know several people who have season passes to Disney World... when you enter the parks, there is a fingerprint reader for season pass holders.
I've borrowed 3 different season passes before and never had a problem getting past the scanner, it just isn't reliable.
I bet a warm hotdog would work too.
While that is true, what impact does it have? The same arguments being made against this type of technology could be made against using any kind of technology that contains personal information. So go close your bank accounts and get rid of your computer! I'd rather have the requirement to use a fingerprint to authorize purchases on my credit card than what exists now, which is authorization without any form of ID at all. Anyone who get your card can go buy gas, groceries, and make online purchases without any type of identity authentication! I do agree with someone else's post, though, that the store itself has no business keeping a database of my credit cards, or even my biometric ID. The scan of your fingerprint should be sent as part of the credit authorization process. When I worked for company that required security, I was trained that security measures will never completely eliminate a breach of the security. They only make it more difficult and, when possible, more noticeable.
Certified Novell Bigot!
Well, if you use the metric alone, that's going to happen. it's the same reason why you shouldn't fear Govt cameras in public places. With a huge number of people, some are bound to match, regardless of the algorhythim used to do matching. It's more a statistical problem than anything.
;-)
The only way around it is to change the problem. Give a username, picture, something else so that instead of a one-to-many match, you just match the one-to-one. The statistical problem is then altered for the better.
When The Man tracks you with cameras AND rfid, then you can put your tinfoil hats back on
Few problems with your theory:
Identification forgery is a problem for all systems, not just fingerprint systems. Identification forgery can be accomplished by hacking or social engineering. If a criminal stole someone's credit card statement and changed the account PIN (by calling customer service), he would be able to accomplish the same level of fraud as if he had changed a fingerprint on file.
Once the identification token has been swapped within the merchant's system, the original customer would get an error when he next tried to use the system (because the authentication would no longer match up). This would lead to a customer support inquiry, which in turn would result in the identification of the problem.
Once the merchant realizes that identification forgery has been committed (by the presence of a non-matching fingerprint or fingerprint key in the system), the merchant would proceed along the normal paths of fraud response. Most likely, the customer would not be held accountable for charges associated with the fraud.
When the merchant resolves the issue and removes the forged identification token, the hacker then loses all ability to access the customer's account. The danger has been eliminated because the hacker has "inserted" a foreign object into the merchant's system; the hacker has not "stolen" a customer's object from the system.
If a merchant was really worried about fraud, it would keep the customer's fingerprint scan on file within the database. The database would regularly (in a weekly batch job, perhaps) rehash the fingerprint and compare the new fingerprint hash with the existing fingerprint hash. If a mismatch was detected, fraud response would occur. This architecture would require the criminal to submit his own fingerprint into the system in order to forge identification, which I would argue is infinitely more risky than stealing credit card numbers. The fingerprint database could be securely isolated from the purchasing system, so that the danger of hacking is reduced.
The scope of access granted by a single fingerprint identification system is quite limited. If a criminal performed identification swapping at GAP, the criminal would only be able to commit fraud at GAP, and would not be able to walk down the street and commit fraud with the customer's Abercrombie & Fitch account. Therefore, as soon as any given store identifies a fraud occurrence, it would probably implement additional security measures such as requiring photo ID for a particular customer. This is similar to security measures that are required when a customer's credit card has been compromised.
Many new fingerprint scanners (used in security installations) measure biometric electrical conductance/resistance capacity in addition to the fingerprint. This means an 160lb man with 12% body fat and a healthy heart can't chop the finger off a 180lb man and stick it up to the scanner.
Regarding your comment about muttering something about a new scar on your finger, let's see how funny it is when you refuse to provide photo ID to the clerk, walk out of the store, and then the clerk hands over the security camera footage to the police.
Yeah, but now you're going to get the n00bs who can't remember their passcodes writing it (the passcode) on sticky notes or whatnot. Except, instead of just losing a single credit card, those n00bs will lose their one and only identification system.
We all know what to do, but we don't know how to get re-elected once we have done it
I'd have to agree completely, unless the government were trying to make people fat by allowing the purchase or iced cream products. Thus controlling them by making them go on fad diets and buying diet pills... oh it's all a conspiracy...
and don't forget that if you commit the fraud and walk out. They now have you real fingerprint on file which they can just turn over the police.
It has been statistically shown that helmets increase the risk of head injury.
I'd be more concerned about my fingerprint data being stolen. I can get a new credit card if one is compromised.
I thought it was bad when almost everybody volunteered to get a grocery store club card and surrender their privacy for a reduction in the newly jacked up prices. Finger print biometrics at the grocery store? What's next? Am I going to be forced to give a DNA sample to buy Mt Dew and Fritos?
>> My ultraviolent Linux switch video.
>
>...and before someone else says it:
>I've only got 9 fingers, you insensitive clod!
"How about I take from you the finger, and you give me my phone call?"
Err... if their already considering taking your finger, perhaps they won't hesitate to beat or drug your PIN out of you too?
While I have many other problems with biometrics, getting set up to be mutilated for my identity is the one that makes my skin crawl.
On the other hand, no pun intended, it is also worth pointing out that you also have a bad habit of leaving your finger prints lying about, where most anyone can come along and collect them.
your finger print pops up a picture on a small lcd screen.
Yes and now we will go back to the movie with Sandra Bullock where her entire life was modified. There is always going to be a nay-sayer, there is always going to be a con - but you gotta outweigh the cons with the pros.
Here is a great example - last friday I was robbed at gun point (really I was). They got my money, drivers license, credit cards. Now, luckily, I have a passport (many people do not) - but I do not have access to my credit cards, even my bank gave me problems briefly (i used to work at that bank and know their rules so i shut the teller up quick).
Now if my fingerprint could get me direct access to my money, credit card, drivers license, etc I would 1) not have lost anything 2) not have been robbed since there is nothing to rob. A great benefit that in my opinion outweights the potential that the gov't might look at my bank transactions (which they can do anyhow), or me forgetting my pin number (which i still have a fingerprint)
I mod down so you can mod up. Your welcome.
A scan is just a scan.
It depends on the security of the authentication database for verification.
Extremely secure databases could be set up and answer just a "yea' or a 'nay' for subsequent accesses.
Subsequent acesses may be secure as secure as required.
You could have to do it in front of staff, which implies collusion between you (the 'scan'mer) and the staff (the 'scan'me) who would allow you to use a fingerprint defeating technique.
An ATM could depend on several authentication techniques, such as a video recording the 'scan'mer when the scan is made, in addition to the scan itself.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
How many times have hackers stolen lists and lists of CC numbers? Just wait until the thumb prints are warehoused in some database somewhere..
In the James Bond movie, Diamonds Are Forever, James uses a thin latex-like piece of fake skin that he puts over his own finger to pass as someone else. This movie came out in the late 60s/early 70s. I wonder if this could actually be done now.
Even worse, we could feed icecream...lots of it...to enemy combatants and wait for them to get a brain freeze. We could then use the momentary lapse of physical ability to strike! The real meaning of ICBM is Ice Cream Ballistic Missle! They had them all along!
Quick someone call the papers its definatly a conspiracy!!!
*twich* *sudder* *twich*
And when the police take *your* fingerprint pattern key, and match it with either your fingerprint (on file, remember) or the key on your original file, making you suddenly an identified felon with prints. Frankly, if you can get access to the system, just take credit card numbers instead. If the system uses debit, you might be able to get the PIN as well, giving you quite a bit of easy cash.
I know a guy with the serious misfortune to have had 7 of his credit cards stolen, at different times. The poor guy spent nearly 5 years cleaning up the mess. He didnt do anything wrong, was just bad luck and being in the wrong place at the wrong time.
10 times wouldnt be infeasible...unlikely...but it can happen nonetheless.
select * from base where originalOwner = 'you' and currentOwner != 'us'.
0 rows returned.
Nah, not really, but the reliability of fingerprint scanners does give me the creeps... since "wasn't me" won't help you with protesting charges in your credit card anymore.
(Yes, I have had to reverse charges in my VISA. Imagine if they say your fingerprint is good enough and that's that, even though fingerprint scanners have been proven to be not too reliable *shudder*)
MOD PARENT UP - 5 INTERESTING
Management should not be allowed to buy security products.
It's not about conspiracy, it's not about "Mark of the Beast" it's simply a flawed concept.
How many of you have your credit card numbers written on the doorknob of your house? How many of you have etched your social security number on the handle of your car door? Perhaps you've taped a copy of your drivers license to the glass you drank from last night at that restaurant?
I guess you implicitly trust every person who has access to those things if you think this technology is a good idea.
-Don.
Cwm, fjord-bank glyphs vext quiz
http://www.sheriff.co.st-clair.il.us/sexofax.asp/
Child molesters use ice cream to gain the trust of children.
You truly are an innocent person.
-Don.
Cwm, fjord-bank glyphs vext quiz
with fingerprint, add a pin number and your picture....so when you use your fingerprint the merchant see's your picture. When you use your fingerprint you enter your pin number. Now if the criminal can bypass all of these - you better be slapping your mindreading evil identical twin sibling.
I mod down so you can mod up. Your welcome.
We can just steal your credit card.
If they ask me why I'm not using the scanner I'll say my finger is injured and bandaged. (Note : For extra effect actualy bandage the finger. )
Of course, removing your fingers would have the added effect of making it dificult for you to use your handgun for revenge. So I guess both ways of doing it have their advantages.
This is slashdot, he's probably reading this...
ON the other hand perhaps he just drove 400 miles so that they wouldn't track where he got the severed finger from...
.sigs are for losers
This problem appears to have been worked out.
http://www.aavextechnology.com/newsletter/031504/Yeah it's a nice little story but those bozo's couldn't understand how to read a Euro date stamp and sold some *badly* out of date cheese. When brought back because it was putrid, an asst. mngr. said something along the lines of of "aged is better" and I know for a fact he'd never smell it let alone eat it right there. If they're idiots with food, why trust them with a fingerprint?
i am less worried about the govt. having my fingerprints than Thiftway Inc. and Pay By Touch. i can't really think, out side of spy novelish type things what the government would do with that info., i can think of many annoying, fumbling, ways that marketers and advertisers could use them.
also, was grocery store fraud so rampant at some point that the only solution was giving your thumb for your dorritos?
which has been in use a lot longer
That's a good point. There is a safe way to do this. Link fingerprints to a DB of credit cards and photographs. When you scan your finger, it brings up your photo on the clerk's computer, so he can verify that it is you. This way, if someone steals your fingerprint and makes false ones, it won't help them one bit. And this is just as convenient for the customer.
Fingerprints being used as the only means of authentication are a bad idea, though. But if it is implemented correctly, it is a good idea, and a hell of a lot better than using paper signatures.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
They should combine your choice of fingers with a voice password and hash them together. Basically you imprint your finger, and provide a voice password and together they link to your credit cards, bank accounts etc.
A thief will not be able to reliably pick which finger you use and will not simultaneously be able to provide a voice pass phrase as well.
I doubt it's that sensitive. Not everyone has the same core body temperature, much less the same temperature at their extremities (hands).
have you SEEN the saturated fat and cholesterol content of ice cream? Ice cream KILLS!
I just read the Pay By Touch web site - they appear to be using the finger print as an authentication method - linked to a credit card. If this is the case, you would have the same capability of challenging a charge as if you used plastic to make it.
Also they state that they don't capture the image but an unreversable token based off of the print characteristics.
I tend to agree with others statements - a severed finger would be easily recognized at a Albertsons checkout line. And some super-spy glove would contribute to such a low percentage of transactions, it would not be considered more dangerous than a piece of plastic with a magstripe.
Thats why i pay with cash.
---- Booth was a patriot ----
well security programs could be gov't regulated "Ahh thriftway you are limited to seeing the persons first and last name and their picture. Approved or disapproved for the sale" It links up (like a mac machine) to a central database (heavy encryption), retrieves the information.
Now there are companies that might try and misuse this information - and to help give incentive for them to NOT utilize this data heavy penalties could include jail time, and some hefty fees (i.e. 50% of your companies value)...i think marketing firms will be quite reluctant with someone going to jail and hte company losing 50% of their value.
Either way - marketing firms can get your data as it is right now very easily...fingerprint method will only give them fingerprint data on top of what they already know.
I mod down so you can mod up. Your welcome.
In the book One Of Us there is a black market for the fingers of dead people as they allow access to the dead person's bank account and any funds left there. They had devices attached to the base of the finger which allowed the finger to remain "alive". Once we have perfected that technology then we need to worry. ;-)
Then they developed the new ignitions that require a key with a transponder chip. (I think this was a demand by auto insurance companies.) So, as a result, instead of stealing cars, thieves are now carjacking people in order to get the car with the key in it, with the resulting increase in danger to the owner. Doesn't matter to the insurer as they are only liable for injuries in the case of an auto accident, not for robbery, unless you have supplemental medical coverage as part of your auto policy, which I suspect most people don't.
If this sort of thing becomes popular, it could trigger thieves cutting people's fingers and stripping the fingerprints. I am reminded of a horrid example in the movie "Fighting Back" where a thief wanted to steal a ring from some woman, but she couldn't get it off her finger. So he used a pair of tin snips and cut her finger off. Can't very well damage the ring, can we?
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The analogy fits very well. Just like it's only the idiot Windows users who are vulnerable to the idiot script kiddies, so will the complacent and ignorant biometrics users be the victims of thugs who learn to copy a trick created by someone with the skills to create the exploit.
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
... 4,000 years ago.
OMFG Bob did you see the new security on the chief's safe? He's using a key.
What an idiot, thats so easy to forge, with the key he could so break in.
Yeah I wonder if there was an increase in metal casting sales in the region.
When was the last time we had a secure security protocall? Credit cards sure arn't.
Has anyone ever heard of the drug called bextra [valdecoxib (val deh COCK sib)]? It's an arthritis drug. It also has the side effect of making your skin so smooth that you stop making finger prints. I may take awhile for the drug to have this effect, but it sounds interesting.
Old people have nothing to worry about.
Grandma could you get the phone. Oh, it's a telemarketer. Do whatever you have to so they go away.
That is, of course, the flip side of the coin. Digitally encoded biometric data that cannot be changed (fingerprint, retinal scan, etc) but can be fed to a computer in some manner or another can be used to falsify your identity. At a cashier's lane, this is kind of difficult to do, as you are under scrutiny. Online, or any place you can use it where you are not under scrutiny, or any delivery method that can be made transparent even when observed will break this kind of authentication scheme, with no way to undo the damage once its done (think DeCSS except with your entire life at stake).
I had actually thought about the theft of biometric data previously (past few weeks), but apparently forgot it when writing. Credit card numbers are changable. Fingerprints, not so much so. Such stores would need both files on hand to do proper authentication, and frankly, I just do not trust any computer system to be 100% unbreakable at all times
I had my eBay password compromised when an online service I was using to snipe bids was hit with the Slammer Worm. I was lucky. A lot of people who trusted Windows IIS servers became victims of identity theft and had big credit card bills and a lot of hassle to straighten out the mess and get on with their lives in the wake of Slammer and similar Windows security exploits.
>> My ultraviolent Linux switch video.
I'd be more concerned about my fingerprint data being stolen.
I'm pretty sure I leave my fingerprint info around quite a bit.
I can get a new credit card if one is compromised.
And I can get a new finger if one is compromised. What's your point?
Huh?
My point is, I can generally control where I leave my fingerprints. I have no control over some grocery store with no concern for my personal data, running some cheese ball Windows IIS server software and the next release of something like the Slammer worm, my fingerprint data is released to who knows who.
Grocery stores do not need to keep a computer file on me containing my name, phone number, date of birth, social security number, address, credit card number, and MY FINGERPRINT DATA.
Can this concept be any clearer?
>> My ultraviolent Linux switch video.
I would think the "I can get a new finger if one is compromised" comment would make it clear enough that I was not being overly serious.
you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.
You'd have to be pretty unlikely to have your finger identity stolen more than 10 times in your lifetime. Sure your index finger may be the easiest to put on a scanner but I don't see why you couldn't just use another finger. Hell, for that matter you could combine two fingers, assuming the scanning device is large enough. You get comprimised, you swtich it up. Done.
If it's not sensitive, then it's easier to fool.
I carry a concealed weapon as well for self-defense. I am licensed by the state that I live in because as a law-abiding citizen, I am permitted to do so (with a permit). I live and work in an urban area with a higher than average crime-rate and see no reason to put myself at a tactical disadvantage should things get dicey. 1. Law-abiding people don't commit crimes because they are carrying a gun. 2. Criminals aren't going to be registering and getting themselves fingerprinted for carry permits prior to committing felonies.
Firstly:/ gummi_bear s_defeat_fingerprint_sensors/
http://www.theregister.co.uk/2002/05/16
Gummi Bears!!!!!
Figerprint readers can use two forms of IR.
Heck, readers can use 20. But how many are reliable, and work under all circumstances? I don't want to be locked out of my bank account because I forgot my gloves on a cold day and my finger is 'too cold to be real'. Nor do I want to be locked out of my apartment building because I have a cut on my finger. Lastly, I sure-as-heck don't want to be arrested as a terrorist because Abu-whoever managed to get a copy of my fingerprint from the thousands of places I leave it every day.
Um, shift the glass/plastic the print is on to the side slightly?
"Kapioski added that one man even drove 400 miles to use the technology."
What a tool.
I heard a rumor that one's fingerprints can be faked by using a gummy bear.
The power of Christ compiles you!
This reminds me of a security conference I was at a couple years back. One of the presenters was talking about using retinal scanners to identify tank gunners only allowing certain personal to fire the weapon. A young lady stood up and asked "what would stop me from cutting of my enemies head and using his eyeball to fire the weapon?".
The presenter responded, "you miss, have a great future in military weapon design!" His point, you have to think a little out of the box. Most optical scanner actually require blood running through the eye in order to perform the identification. A severed head wouldn't get you anywhere.
While it would be possible to lift a finger print I believe it would difficult to use that finger print in scanners that require you to have a certain temperature (wouldn't work so well up here in Canada at the corner gas station) or measure your pulse for instance.
Some design options also combine "what you have" (a card) and "who you are" (biometric). If either one doesn't match up, you're rejected.
Why think when you can just BLOG.
It's not thriftway or seven-11 that we should be worried about.
It's RADIO SHACK!
Most towns have more Radio Shack stores than walmarts!
And how often have you seen anyone SHOP there?
They have got to be a govt front.
This isn't at all hard to believe, if you've ever read anything about the details of handling fingerprints.
There are a number of good texts on the subject. One of the first things they typically do is disabuse the reader of the Hollywood/TV cop-show idea that fingerprints are unique. This is done by mentioning that identifying fingerprints is mostly done by examining the "loops" and "whorls", and noting that the main way to characterize fingerprints is by the "points", i.e., the intersections in the lines caused by the loops and whorls.
Then the text simply shows prints that contain no points, loops or whorls. They are simply an array of wavy lines without any real distinguishing characteristics. In most finterprint identification schemes, these all map to the same code. Such fingerprints aren't all that common. I don't have any. But they're not really rare, either. Chances are that a number of readers of this message can respond by saying "My ___ finger on my ___ hand is like that".
Your friend and the IT manager probably had an index finger like that. Less likely, but still quite possible, is that their index fingers do have points, but the patterns are the same and map to the same code in the software.
Distinguishing fingerprints in such cases takes careful examining to detect subtle differences in the curves or thicknesses of the lines. This often can't be done at all, even with high-quality prints, and in any case is very difficult to program.
Anyway, don't take my word for any of this. Go find yourself a text on the subject. You'll learn a lot about how complicated and unreliable fingerprinting can be even in the best of controlled conditions.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
and so nobody ever accidentally gets shot, and fairly easy access to guns doesn't increase gun usage in crimes?