Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fingerprints Replace Credit Cards in Seattle

Posted by ryuzaki0 on from the well-in-one-store-anyway dept.

prostoalex writes "According to CNET News.com, Thriftway introduced biometric systems in its Seattle stores as far back as 2002. The customer would have to be identified first and submit his own fingerprints, as well as register credit cards with the grocery store. But then a Pay By Touch system became quite popular among the store regulars. According to CNET, "one man even drove 400 miles to use the technology". The store also reports 0% of such transactions being fraudulent."

14 of 376 comments (clear)

  1. Yeah but.... by fusionpit · · Score: 2, Informative

    Is this susceptible to Gummy Bears?

  2. kinda on the same lines... by ozzmosis · · Score: 4, Informative

    But this is not surprising concidering the cost of a home finger print scanner of only 39$.

  3. Re:Supposing you had a decent resolution... by Jack+Porter · · Score: 3, Informative

    You etch it using PCB fabrication techniques, and then cast it with gummy bears. Details here.

  4. copying fingerprints is easy by Torstibutz · · Score: 4, Informative

    just check:
    http://www.ccc.de/biometrie/fingerabdruck_kopieren ?language=en

  5. finger on the problem by Doc+Ruby · · Score: 2, Informative

    A fingerprint check might be secure and convenient. But what guarantees that the fingerprint, and the ID of its owner, will be used only in that authorized transaction? We have copyright control over our personal info. But our rights to restrict distribution are not explicit in law. The Congress must pass a law making such personal info copyrights clear and current. We need at least the same protections we give to copyrighted corporate info, like songs and music. Or corporations will own all our info, too.

    --

    --
    make install -not war

  6. Re:It's the automated transactions I'm worried abo by cHALiTO · · Score: 2, Informative

    Those exist, but they're more expensive. The problem is that a dead finger should be used immediately, because after a short time, the fingerprint kind of fades and becomes very difficult for a reader to recognize it.

    Anyway the real point here is that biometrics, specially fingerprint recognition is a very good and mature solution, which can be used for lots of things. Of course it could be fooled eventually by someone with enough determination and resources, but I would think that /. readers know that there's absolutely NO 100% secure system. Such thing doesn't exist, the goal isn't to render fraud completely impossible, but to reduce it as much as we can. Fooling a fingerprint reader + magnetic card + signature, etc is simply harder than doing the same on non-biometric systems. Other advantage is agility and simplicity, on some systems, you might authenticate just by placing a finger on a reader, instead of using maybe more annoying solutions, and in such a case you might gain some security (a lot in fact, just not 100%) but you also gain in simplicity for the users.

    There are no magic cures, the real problem with biometry is not that it doesn't work 100% perfectly but to make people aware of the fact that while it's more secure, it *could* eventually be fooled, and contingencies have to be considered too, just like with any system.

    --
    "Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
  7. Now i can get away with flipping cashiers off by GatesGhost · · Score: 1, Informative

    gives a new meaning to the term giving them the finger.

  8. Re:No need to chop off your finger. by puddy4lyf · · Score: 2, Informative

    Well, good point if you hold the notion that there will be real-life cashiers working the registers when this would go into affect.

  9. IDENTITY != AUTHENTICATION by malcomvetter · · Score: 3, Informative


    When will people learn that identity factors are not the same as authentication factors?!?!

    A Fingerprint is something you are

    It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.

    The biggest deal here (not mentioned very much in these /. posts) is that the store is keeping your CC info, and obviously stored in some format that they can recover (i.e. either plaintext or symmetrically encrypted (not hashed) ). Assuming the authentication was secure, would you even want them to keep that info for convenience purposes?

    That makes their DB such a huge target ... forget the claims that they have 0% fraudulent transactions ... all the transactions are happening on customers CC from other merchants because their DB traffic was spoofed, hijacked, usurped, or the DB was just plain owned!

    Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.

    And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!


    Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.

  10. Gummy bear fakes fingerprint reader by IASmaster · · Score: 3, Informative

    I remember hearing how gelitan gummy can be used to fool a fingerprint reader. I thought it was kind of cool. If someone questions you, just eat the evidence. read the story here

    --
    There's no place like ~/
  11. Re:Why the hard-on for the cops? by plague3106 · · Score: 2, Informative

    No, I hate the "pigs" because they let thier power go to their head. You do realize that cops are just the bullies from HS...and now realizing they suddenly have to actually do work but have no real skills, they sign up to be cops. They get accepted because they have just high enough a score to pass thier little test, but not too high that would have them thinking for themselves. Yes, I know of someone turned down b/c they scored too high. They want someone with an average of a 6th grade education.

    I hate them because twice now I've been pulled over for a cop wanting to make a DUI or just ticket someone. The first case I went to court to fight it; the state pled me down to a bad muffler. In the second case the cop had NO proof whatsoever (claimed i was doing 55 in a 25...except there are huge speed humps every 250 feet that would have ripped my car's underside off). He said he could technically ticket me anyway, based SOLEY on 'his knowledge and experience' that lead him to believe i was going that fast (never mind that he was much younger then me...). A third time I was harrassed by cops for supposedly breaking into a store and robbing it...in the end, it turned out they spelled the last name of the real person wrong. But 'applogies are against dept. rules.' Bite me.

  12. Fingerprint scanners are not reliable. by LinuxFreakus · · Score: 4, Informative

    I know several people who have season passes to Disney World... when you enter the parks, there is a fingerprint reader for season pass holders.

    I've borrowed 3 different season passes before and never had a problem getting past the scanner, it just isn't reliable.

    I bet a warm hotdog would work too.

  13. Re:Demolition Man by Sparr0 · · Score: 2, Informative

    No, the eye was used for "secure" installations like a prison. The "code" was a chip in everyone's hands (think RFID implant), and was used for routine transactions.

  14. Re:Bad by Long-EZ · · Score: 2, Informative

    I just do not trust any computer system to be 100% unbreakable at all times

    I had my eBay password compromised when an online service I was using to snipe bids was hit with the Slammer Worm. I was lucky. A lot of people who trusted Windows IIS servers became victims of identity theft and had big credit card bills and a lot of hassle to straighten out the mess and get on with their lives in the wake of Slammer and similar Windows security exploits.

    --
    >> My ultraviolent Linux switch video.