Slashdot Mirror
Fingerprints Replace Credit Cards in Seattle
prostoalex writes "According to CNET News.com, Thriftway introduced biometric systems in its Seattle stores as far back as 2002. The customer would have to be identified first and submit his own fingerprints, as well as register credit cards with the grocery store. But then a Pay By Touch system became quite popular among the store regulars. According to CNET, "one man even drove 400 miles to use the technology". The store also reports 0% of such transactions being fraudulent."
The store also reports 0% of such transactions being fraudulent."
I don't think anybody's going to let you buy stuff with a severed finger.
Here in we've been using a similar system for unique biometric identification of customers for years. It works a bit like this:
1) Walk into stor
2) Say 'Hello Ifan' to Ifan, the shopkeeper
3) Ifan says 'Hello ' back if he knows you
4) Say '2 grenade launchers, one baboon, and a pint of guinness please, my good man'
5) Ifan produces the above, charges your account, takes payment later. Nice and easy. And if you don't pay....
6) Chop!
Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.
This way, if someone steals your card info and puts their own fingerprint info on it (or onto the back-end database, or whatever), there is an immediate method to start tracking them.
Of course, there are ways to defeat fingerprint scanners, see Schneier for a starting point.
I therefore think that the danger here isn't in the fingerprinting itself, which is just another way of tracking usage. It is that cost/risk of fraud will be passed on from the banks to the consumer (or possibly stores).
Someone may have more experience with this than I do, but this is a bit scary. Has anyone else read the book "Stealing the Network". It goes into some detail on the subject of synthetic fingerprints and just how easy they are to make at home. The book is at home and I am at work or I would post the links that they have as refereneces. I can see the usefulness of the fingerprint perhaps replacing the signature or pin number, but the whole credit card!!! I don't know about you guys but when I realize that I left my credit card sitting around in a public place I freak out. I guess I am going to have to wear gloves from now on, or carry around a bottle of cleaning solution everywhere I go.
Someone with more experience please comment, especially if you have the links from that book, I am curious to read up.
Thanks
Crawl This - http://darkry.net/test/test.php
1) Have sales of gummy bears experienced a dramatic surge in the area?
and...
2) Can I choose which finger to give them for my biometrics?
But this is not surprising concidering the cost of a home finger print scanner of only 39$.
This technology would be a field day for law enforcement. Any and all crimes that happen in that area where they find a fingerprint but it's not in their database... the first thing they'll do is call up Safeway.
Fingerprint systems like this seem to work as well or better than most forms of ID. Most security on credit card purchases I've made has been limited to comparing my signature on the receipt to the one on my card, which can be forged pretty easily. They don't ask for picture ID any more on credit cards. A lot of them don't even keep my card long enough to check the signature, and automatic chargers like gas pumps will take your credit card without any cross-check. In that sense, using an account activated by your fingerprint is probably an improvement.
:)
Yes, there are concerns about the government tracking you through your fingerprints, but they could do that through your credit cards now anyway, so I'm curious what the difference would be. Besides, we're more at risk from all the commercial entities who have access to our electronic transactions. Unlike the government, they routinely do all sorts of things with the information they collect on our purchasing habits.
Here's my main concern: What if someone manages to impersonate you and establishes an electronic account that ties your financial information to their fingerprint. Someone could wreak havoc in a fairly short time if biometric systems are trusted blindly.
Then again, if the scammer impersonates a person with huge debts, maybe they'd get stuck with them.
Biometrics may be a miracle cure or snake oil. As with any potentially useful technology, which it becomes will depend on the implementation.
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
just check:n ?language=en
http://www.ccc.de/biometrie/fingerabdruck_kopiere
I guess the barcode-on-the-forehead project didn't go so well.
If someone gets an electronic imprint of your credit card number, you call VISA and get a new number.
If someone gets an electronic imprint of your finger print, you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.
Ticketmaster, 5 years later, "I'm sorry sir, but you *DID* buy 10 first-row superbowl tickets. Our computer says you did it over the internet and we have your finger-print scan on file to prove it."
RUN, don't walk, when someone in a store asks for a scan of your finger-print.
Sam
People don't realize just how *dangerous* the fraud would be if this became widespread.
Take into account that we touch a LOT of things. Daily. You know those seedy, scammy ATM's? Wouldn't be very difficult to make one with a thumb reader to conceal an instant CCD-based scanner or something of the sort. All the machines check for is the pattern, and it would NOT be hard to fake this.
Rubber thumb overlay, anyone? The HEIGHT WOULD NOT MATTER, the machine would detect the right print no matter how long the grooves were. Sure, it won't work at a store, but it WILL work at an ATM.
But here's the worst part.
Once your print has been *breached*, you simply *can't get another one*. You're screwed.
Yes, safeguards can be put to minimize the use of overlays, but once again, only in official locations. Independently owned ATM's either won't ever be able to use this technology or will ruin it the very moment those prints are made public.
It would NOT be hard to rapidly prototype a piece of rubber (or some other, better, squishing polymer) based on a figureprint picture, let alone streamline the process to make dozens or even thousands more.
Of course, if it was purely for stores (and stay wary of those self-checkouts), maybe.... maybe.
I dunno, maybe I'm off my rocker here, I just came up with this counterargument instantly. The thought of someone with lots of stealing in mind coming up with a way to fake prints to use in unmanned scanner locations (let alone someone forcing someone else's thumb onto the scanner in a much scarrier mugging incident) is kind of scary.
Wait a second now...
Perhaps a bioelectric scanner that doesn't work (has to be tested with a variety of conductive materials, constantly, along with calluses...) unless a real live thumb is touching it still leaves you in danger of mugging (and setting it up so that the customer can't purchase unless they're calm would only lead to MUCH scarrier mugging incidents) but would stop fraud for the most part.
Yeah, still a long way to go before widespread use.
But he would drive 400 miles,
And he would drive 400 more,
Just to be the man who drove 800 miles
To be a big lo-ser.
(apologies to the Proclaimers)
Right, everyone knows Thriftway is just a front for secret government projects. Watch out for seven-11, too. Your Slim-Jim preferences are being logged into the anti-terrorist database. And don't even THINK about buying gas there. Then they'll KNOW about your ties to Al-Qaeda.
Disclaimer: all tongue-in-cheek; no attack on parent
Yes, but a fake skin replica that fits tightly over your real finger can fool any machine any time. It has warmth, it has blood flowing under it, and it has the right pattern. Remember, what you have, what you know, and something you are. But nowadays that last one is becoming just a weaker version of something you have, because you can never trade it out if it gets copied.
- Times I have already given the government my finger prints:
- First Grade: They came in and took everyone's prints.
- Grade 11: Once again, came and took our prints. It wasn't mandatory.
- 2002: Took my prints when I recieved a concealed handgun permit.
For me, I'm not worried about giving my prints. The man already has my prints. I'm just worrying about someone chopping off my finger and going to thriftway to buy groceries!Pretty Pictures!
The only finnicky part is getting your fingerprint pattern key (the raw info is not sent, it gets crunched down by the scanner,) into the database on somebody ELSE's account. HE will be the one stuck with the bill.
You can then run the scam the same way.
Actually it takes less balls to do it because either it works and your laughing or it doesn't and your mutter something about a new scar on your fingerprint to a clerk.
You don't have to worry about getting caught because you're going to have created a false positive (doubling the key) rather than replacing a real record.
Your fingerprint is essentially worthless for security when you've got access to a scanner and to the system.
The trust-worthyness of the original scanner and scannee is the key. The more paranoid you need to be, the more data points you pick, and the more tightly you control the access to the system.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
does everything have to be an evil conspiracy? Is it not possible that bio-metric devices could be used for pure good? Do you really think the gov't needs your fingerprint to track your credit card purchases?
I mod down so you can mod up. Your welcome.
...because you CAN'T change your finger print.
Hrmf! Telling me I can't change my finger prints?
*revs up the workbench sander*
I'll show you! ARRRGGHHASDFWDasdfsdaf12~!!!
sea i cntoo chadnfge my ow ow ow fignr prnits ow ow
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I know several people who have season passes to Disney World... when you enter the parks, there is a fingerprint reader for season pass holders.
I've borrowed 3 different season passes before and never had a problem getting past the scanner, it just isn't reliable.
I bet a warm hotdog would work too.