Slashdot Mirror
Fingerprint Payment System Gets Financing
prostoalex writes to tell us Yahoo! News is reporting that Pay By Touch, an electronic payments startup that connects your fingerprint to your wallet, has received an additional $130 million in financing to move forward with their biometric payment system.
Isn't technology wonderful???
... actually i'd like to pay for everything with my middle finger...
Fucking sweet.
...what is wrong with my credit card?
Everything I have read about biometrics security amounts to this:
Biometric security can be sniffed with a network sniffer and reproduced by the person with the sniffer. In short, biometrics is no more secure than a four letter password.
That's going to make it a bitch to type.
yeays, just another place that will log my fingerprint ... lets see people getting access to my personal information that I might not want hrmm, that must be good.
I never liked the idea of even the government having my fingerprints on file, so I always opted out of it during the 'class' field trip to see what the government office was like.
I like the idea of heat patterns for this instead because that doesn't leave a trace that someone can duplicate unless they have a thermal monitor and something to replicate it.
<sig>Guvf vf abg n frperg zrffntr
lol. nice
This is going to kick ass when I find out I have the same print as Oprah.
yes great when someone steals your finger print your fucked aren't you. not to mention it's the easiest to steal and duplicate
If you mod me down, I will become more powerful than you can imagine....
I have a chronic problem with the skin of my thumbs and occasionally my index finger. Do I get to choose and alternate finger? Multiple fingers?
"terrorism" and "pedophilia" are the root passwords to the Constitution
Don't sign up for this right away. Wait a while for the bugs to get worked out, and for the early adopters to get robbed blind. Only when the bugs worked out should anyone who is technically literate sign up for this.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
We use fingerprint technology at work. Without scanning our fingerprint (in addition to entering a personal code of digits) we cannot get through the door. On occasions this scanner fails to recognise your fingerprint and after a few tries, you either try a different door or get someone else to scan their fingerprint. I cringe at this to be used for payments for this reason, not to mention somebody using standover tactics and forcing you to pay for their purchase or even like the parent mentions, getting your finger cut off.
some dirty sod will sitck their finger up their own arse then use it no doubt.
If you mod me down, I will become more powerful than you can imagine....
Is there anyone here who would actually USE this?
Ignore Alien Orders
You mean I have to wash my hands now before I can pay after my dinner at a restaurant. Well it will save my shirt.
so... all i have to do to pay, is give them the finger!
How do I get the tin foil hats to stay on my fingers now?
And I have this neat idea for a glove that captures finger prints when you shake peoples hands...wonder if I should patent that idea?
Now I just need to figure out how to setup a meeting with Bill Gates and shake his hand....
Profit!
Does it have to be a finger, or can it be a different body part? I'd like to pay for gas with something else.
--- -- - -
Give me LIBERTY, or give me a check.
One wonders how secure this is after seeing how relatively simple it is to create a fingerprint mold from nothing more than a residual fingerprint.
The information in credit card magnetic strips can be copied, but the person copying the credit card must at least have physical access (even if only temporarily) to the card in order to make a copy. Using fingerprints, however, is like writing down your PIN on everything you've touched...
This can't possibly catch on, can it? I mean why would you entrust your confidentiality to something as insecure as a fingerprint? You leave it everywhere you go! Imagine that everytime you leave a room, you leave behind a piece of paper with your credit card number written on it.
End transmission.
Seriously - have you guys thought how many FSCKING FINGERPRINTS are there in the streets? Any glass, seat, trash can, paper, door handle, glass, clothes, suitcases...
sheesh! With credit cards at least someone had to steal it first! But now it only takes some scotch tape to do the job. What are those morons thinking?
...would require a fingernail payment system.
Not to mention a modesty curtain to shield your opinion of Big Oil from the kids in the back seat.
You can hold down the "B" button for continuous firing.
Well, I am not in favor of such devices. piggly wiggyl is getting this ? What is wrong with this picture ? For those of you who have never seen a Piggly wiggly it is a lowend grocery store. I would think Walmart would be the first with this. ( Walmart already pushes for RFD ). Well I guess that money is driving the thing but before long money won't be worth anything ( the dollar ) and so better buy some gold. I think we should go back to specie with silver and gold coins as the currency, this is at least worth something and is more accountable. Besides I hear from a woman I used to date ( her parents own 5 banks in ohio ) that the banks in ohio have 65% plus counterfit money and that they can not tell the difference between the real and counterfit money. No wonder so many people from up north can afford to buy homes in the south.
A rectal thermometer insures a live body is used during all transactions.
...change your fingerprint every 6 weeks:
How To Fake Fingerprints
Thanks for giving me your fingerprint.
Well, you had to, to give us your 2 cents...
I'd be OK with the whole idea if it would never be made mandatory for payments...
You can hold down the "B" button for continuous firing.
Unless everyone starts wearing gloves, they'll be leaving their fingerprints on their wallets.
Well, at least the leather ones. And if not there, then on their credit cards, inside.
So now, the thieves just have to be extra light-fingered, so to speak, and then they can go back to their lair, turning the goods over to their boss, who has some tape ready...
Good news is, at least Oliver will eat more regularly, since Fagin probably won't have to worry about PINs any more.
caus' that's an anal probe...
It takes 40+ muscles to frown, but only four to extend your arm and bitchslap the motherfucker
Considering the patent is about to expire on retinal scanning, they ought to wait a few more months and utilize that type of biometric. It is much harder to forge, more accurate, and does not require physical contact (which spreads germs).
Dan East
Better known as 318230.
Are Pay By Touch's machines among them? (TFA doesn't say...)
You can hold down the "B" button for continuous firing.
Actually i don't know that it would be that much easier for you to purchase items fraudulently with a skin swipe versus a card. The hell would you do if someone came up to pay with a severed finger or a peculiar latex glove on the credit finger. I think it might be a little easier to pass with a credit card, especially since no one checks to see id. I think if they are getting hundreds of millions of dollars to piss all over R&D I think something somewhat knowledgable can come from it. That is unless google hires out all their talented people and then starts indexing finger print files.
I am not a crypto or security expert, but I gather most experts agree that the more pieces of information you need to provide to be authenticated, the better. For instance, the combination of a personal password with some certificate/token on a USB key is (theoretically) better than either acting alone. Many of the comments in this thread make the point that fingreprints are pretty easily lifted and forged. So, perhaps it is not of much use, from a security standpoint, as a stand-alone authenticator. If, however, it was combined with another token, like the credit/debit card itself, then it could serve in place of the customer's written signature or PIN. That would require a perpetrator to have, at least for a little while, physical access to the card, as well as a print, before going out and defrauding the customer. Using a fingerprint would probably be a little better than using a written signature, which no one ever checks anyway, can also be forged, and could easily be lifted from a number of public documents (or, for that matter, the card itself).
Anyone think this idea, of combining fingerprints with a physical token, have any merit? Naturally this system could still be forged or broken, but would it be more or less hard to break than the current system of cards and signature/PINs? I think we all have to recognize that, if a perpetrator specifically targets you, it won't be too difficult for them to nail you, but what about more casual and random defrauders?
Hey kid, thumb a hundred bucks will ya, help save the clocktower.
Perhaps they can implement it just in time for the spreading of Bird Flu ...
Ok, so i had another joke too...
Oh jeez, I read that as "Fingerprint Pavement System."
There is a more profound problem with using body parts for trusted metrics, which has been brought up on this site and others before. If your "ID" is stolen, you cannot change it. Until, and unless, we can secure digital information (doubtful from this perspective), biometrics will remain interesting but unuseful in wider implementation.
Using plain ol' text since 1968
So now it will be easier for me to make impulse buys which I certainly can do without (I don't have a nano yet and that is mostly due to the fact that the Apple store is a few miles uptown)
AND
Now getting mugged on the way home from work will involve permanent dismemberment... great. Maybe they could make something like those anti-mugging belt wallets for when you visit countries with high crime. It would basically keep your hands in your pants all the time to make them unavailable to theives. I am patenting that.
to thumbing a ride (hitch-hiking)
also, if you weren't happy with the service, do you pay with your middle finger?
----- Concentrate on promoting more than demoting.
I'm sorry sir, your finger was declined. It says here that we're supposed to cut it up...
TODO: come up with a clever sig
or did anyone else read the topic as:
Fingerprint Payment System Gets Fingering
i need new glasses.
HD Trailers
If somebody says you drive like a wuss, show them the finger and it'll show them that you can have driving lessons anytime you want! :))
And if a policeman pulls youi over for driving like a maniac, all you have to do is raise your middle finger and not only will it relieve you of your anger at the cop, you can pay the ticket right there! =))
after work, my hands can be dirty as hell.. i hope that wont effect it
I lost my wallet. I'd like to be able to call it and hear it ring so I could find it, or talk to the person who found it. Of course this idea isn't for serious.
God spoke to me.
What happens when your fingerprints are stolen. How will you ever prove that it wasnt you that made said transactions? Its not like you can just change your prints. Then any further system that requires your prints will again be under the same potential attack.
I can see institutions then refusing to deal with you because your a liablity or you get stuck with high fees and charges because your a high risk customer.
I say no to biometrics!
This technology could be easily paired up with some sort of pass-code (Like the PIN number you use with a debit card), and it would be even more secure. Sure, it may be easy to dupe a fingerprint, but with the added pass-code, it would be much harder to fraudulantly use.
Personally, I would never trust my financial assets on a finger-print alone. I think the only bio-metric device I would trust alone without some additional form of security is a retinal scanner.
...
The car, a Mercedes S-class, was protected by a fingerprint recognition system.
...
But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner's fingerprint to disarm it.
They stripped Mr Kumaran naked and left him by the side of the road - but not before cutting off the end of his index finger with a machete.
As someone with no fingers I find this to be a very digitist concept.
*puts socks and shoes back on, gets coat*
Although I hate to show ignorance, I cannot understand the word "cancable", and cannot find a reference to it in google or elsewhere (except as a website name). I note that your posting history pertains exclusively to biometrics, and I hope you can explain - no sarcasm whatsoever - I am trying to learn
Thank you in advance
Pete
Using plain ol' text since 1968
If you view the flash demo on the paybytouch website, you will discover that the system only makes the need to carry the actual (plastic) credit card redundant. You will still need a checking account or credit card account to charge the purchase. In the demo you can see that you are give a choice on how you wish to pay, presumably from your payment choices given when you first registered for the system. You will also notice in the demo you are also required to enter a PIN number.
More information can be found here
Do you have any idea how incredibly stupid most people are. How often do you think someone is going to press the wrong finger onto the scanner by accident. After the first time, the police department is going to stop sending in a SWAT team and just call the store and ask if they have another very confused customer.
What if when you use your fingerprint a photo of you also pops up and to complete the sale the cashier would have to verify that the photo matches you?
stupid people from giving out their information to phishers. Really who would be so dumb as to scan their finger and send a copy in reply to an email? You would have to be....ahem pretty um dumb. Nevermind.
piss off
Bears repeating: biometrics are good for identification (login) but poor at authentification (password). Just too easily circumvented.
Joining dupes and software update announcements is "new tech startup gets funding." Plans for "tech start up goes under" are in the works.
You opted out of the fingerprint???
;-)
I bet they took your prints off the next tax return.
http://request-header.info
you could always stop fingering yourself at work, heh
Mongrel News all the news that fits and froths
Anyone remember which Mexican town's PD has Bill's fingerprints on file? My bags are packed...
If I stole someone's personal information or credit card, I could simply walk into a store with my arm in a sling or bandages on my fingers. I could then proceed to talk the compassionate clerk into letting me avoid the finger scanner. I think this is a horrible idea that has many fatal errors.
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
From now on, all prostitutes will be installed with fingerprint payment systems.
you'll have to guess where!
or...
put a scanner up your ass... now at least yo can charge for that cavity search!
----- Concentrate on promoting more than demoting.
I shake my head with sadness as the early technology adopters blindly increase the dangers to our general public without much forethought...
General populaces are at increasing risk due to:
1. Loss of biometric data (finger detachments, eyeballs ripped out)
2. Duplication of biometric data (back-end hacking; once stolen, always stolen; you are non-revocable)
3. Transference of ancillary foreign objects (Infectious disease; fecal matter; Leprosy; Acid; Alkalinity)
It is a non-starter. Only takes one plague to avoid the scanner 'like the plague.'
Yup, and what's worse, if you have your credit card number stolen, you just cancel the card and get a new one. If you have your fingerprint stolen, the thief has a permanent personal identifier for you forever.
...while he laughed and laughed and laughed...
---- I have nothing more to add.
I know a lot of the comments about this will be that fingerprinting is not any more secure than using a CC number... that the digital data of the fingerprint can be intercepted along the way and used.
But couldn't the fingerprint somehow be used as a hashing function. For example, lets say your bank scans in your thumb print in a 1000 x 1000 32 bit array and has it on record.
Now, when you go to the store, instead of the machine scanning in your entire fingerprint and sending it to the bank, the bank sends to the machine "give me the value for 534 x 123" or some other randomly determined location on your thumb. The reader machine, reads that one location and sends the value, and if the value matches the transaction is improved.
The benifit of this system is that even if the data is intercepted, it is only one possible code out of a million possibilities. The likelyhood of that grid point being requested again by the bank is very small.
This is just one possible idea, but I imagine if someone talented spent a lot of time thinking about it they could come up with a lot of good ideas to make this secure.
The ideal method of identification will require something you have (card or fob), something you know (PIN or password), and something you are (fingerprint, retinal scan, photo ID.) For many purposes two of these may be sufficient, but a system that uses only one of these methods is by default insecure, and the least secure out of all of these is fingerprints.
Severed fingers should be the *least* of anyone's worries--rest assured, working artificial fingers *will* be developed. Even better, the fingerprints could undoubtably be found at the very same location that they are used. Crooks can simply use the self-checkout lane and sprinkle corn starch everywhere. And God help us if they start using these as the only means of ID at ATMs--the equivalent of your PIN AND your account number will be printed right on the "Ok" button!
If they don't combine this with a PIN, I predict this system to fail and fail spectacularly.
Signing slips of paper is a good system: each individual signature is hard to duplicate in its original form, the terms (total amount etc.) you agree to are clearly spelled out on the piece of paper, and both sides get a copy. All these electronic payment systems have the problem that the credit card company or store can, potentially, generate arbitrary numbers of transactions and you have no physical basis on which to challenge them ("please produce the credit slips"). With credit cards, you have some legal protections if you pay enough attention to your credit card statements, but since the same systems are also used for debit cards and other forms of payment, companies can empty your account and if they don't want to cancel bogus charges, there is nothing you can do.
And this sort of thing is not theoretical: I have had duplicate charges to my credit cards several times, with the company claiming that they had a signature (electronic) for each charge. Of course, it was the same signature; it is possible that they just keep a record of all signatures you ever made to them and all transactions, and just pick and choose.
Note also that it's software developers and engineers--geeks--that are responsible for creating these bogus payment systems. Please use your heads (a bit more) if you work on these kinds of systems.
They actually introduced this first at the grocery store I work at.
When they first came, all employees where required to watch a video, so that we could help customers with it.
The video reminded me a lot of 1984.
"Repeat after me. Pay by Touch is fast - secure - free"
I aruged with those folks for a bit. Tried to explain to them how it is insecure and that the use of two types of verfication is recommended.
"Oh, there is a pin number as well. It is your phonenumber."
My freaking phonenumber? Might as well put it as 12345.
When I mentioned 1984, the guy started talking about the mark of the beast and doom sayers, and 666. I sorta just gave up after that.
While reading the terms of service, I discovered they can sell your personal information to other companies that are associated with them.
Anyways, the touch pad is intergrated into the self sliding credit card thing. I'm told by the cashiers that not many people use it. The only people I have seen use it are the Pay By Touch ones.
You can have different accounts on different fingers, and you get to decide which one you want to use.
The first Pay By Touch person found it particulary funny that he used his middle finger. He kept flicking us off, exclaiming, "Yes, and this is the one I use. Har Har Har."
Anyways. Not that great. I don't use it, and I don't know any co-workers that use it.
Sliding a card is much faster than -
Pressing a button
wait to load
enter in PIN number (phone number)
enter
press finger on scanner
wait for it to scan
Did it find it?
Did dirt mess up the scan?
A scratch on the finger?
For hell's sake, just use a damn plastic card or cash.
Parent makes an excellent point.
Here's a helpful diagram of the proper finger to use. As you can see, this method of authentication is so simple that anyone can use it.
Note also that the the remaining fingers serve as ALERT fingers.
This is an extremely bad idea, since while you can cancel a credit card, you can't cancel your fingerprints . It's just a matter of time before someone figures out a way to use a fingerprint gathered by some undetermined means (discarded coke can, mail-in response form, etc...), scans it and spoofs the terminal into draining your account. And since it's allegedly been "signed" by your print, you can't refute it.
Quite frankly, this system scares the heck out of me.
I have no hands? can I use my toe?
So with this, to be safe you must wear gloves the rest of your life since fingerprints are easy to steal. Wonderful. Also, the idea of every 7-11 clerk or anyone on a store network having access to your fingerprints is less than enthralling.
I like the touchless alternatives better, like RFID dongles, or how about retina scanning?
I find it amazing that this article about a new use of technology has not a single positive comment on it. Why is everyone on Slashdot so against the use of technology to make our lives easier? Reading through the comments I see all these far fetched ideas of how the technology is going to be abused.
Yes, anytime something new is developed or implemented, someone is going to try to find a way to use it to commit fraud or do some bad thing. Believe it or not, everything has risks.
If you folks had been around when they invented the car you would have hated it.
"Oh great, now someone is going to use this thing to run me over while I am walking down the street." "Gee, with one of these things, a bank robber could get away really fast!"
First of all, people are not going to cut your finger off to pay for stuff. How are they going to use your severed finger at a public place like the grocery store? Don't you think that would raise some eyebrows?
Second of all, if you are so concerned about germs, bring a clorox wipe with you and wipe the thing off before you use it.
And if you are saying "You can't change your fingerprints!" -- well gee, I guess you *could* just cancel your Pay By Touch account, couldn't you? No surgery required...
If you still think the technology is too scary or too risky or whatever, don't use it.
Personally, I would love to be able to pay by just scanning my fingerprint. It's a convenience, the likelihood of fraud seems to be about the same or less than a credit card, and the merchant saves money in lower transaction fees.
I thought the point of developing biometrics was additive and used as another form/layer of verification, not to stop using all other forms of ID and just use the fingerprint. This idea is doomed to fail: what about handicapped persons?; false reads; the fingerprint signature files from being stolen....? I would rather use a credit card w/ "ask for Id" written in the signature field for all of my transactions.
Finally, who's to say that eventually that this data won't get sold to the federal government by private companies as test data for the TSA/homeland security. Where does the data go when this company goes bankrupt?
Now you get booked before you shop; not if you are a shoplifter.
In the genetic's course I took this past Spring-- my professor told us that there has never has been a study done proving that fingerprints from person to person is unique. And, in fact, there has been cases where law enforcement has fingerprint overlap of two people.
Thumb a hundred bucks, will ya, and save the clock tower!
I can't get over all the FUD and BS that the anti-biometric crowd comes out with, so predictably, when confronted by the reality that existing authentication methods don't work, or are too inconvenient to be practical. This stuff works, and is much more convenient, lower cost, and secure than the alternatives - get over it.
To the poster who said they use it at work and it doesn't match:
You are using crappy technology. The state of the art not only doesn't need a PIN, it can match using any of over 20 different readers, against a population of millions. There are two components to a quality system - the scanner, and the software to perform extraction and matching. If either is inferior, the entire system appears to stink. For example, mating a great engine to a crappy transmission results in poor performance. There are many scanners which ship with crappy software for free, and many ISVs use that crappy software, and give the industry a bad name. Add a quality software matcher to a quality reader and you have an entirely different experience.
To the poster who thinks that the bad guys will cut your finger off:
Modern readers don't allow dead fingers to work, so stop worrying. Plus, we are talking about retail POS usage, where a cashier *might* notice a bum holding a dead finger on the sensor...
To the poster who thinks that if he uses a finger to ID, that if he loses his finger, it's "game over":
Do you really think that they would be so stupid as to make the *only* way to ID you be your finger, without any alternative, albeit less convenient way? Every system has to handle the unenrollable, just like if you lost your smart card.
To the poster who thinks that if the hash for the fingerprint (not how it works, by the way) is cracked, he can't get another finger (this one always cracks me up):
The fingerprint is not the key - the finger is. The best systems don't *rely* on the fingerprint being kept a secret, despite the misconception that if compromised, you're toast. They create a binding from the sensor to the matching server that assures that no fingerprint can be inserted into that pipe. Again, your finger is the key, not your fingerprint. Fingerprints are public data for any quality finger matching system.
Before you start talking about latex overlays and gummi fingers (I read your mind, right?), know that the new readers also prevent gummi fingers from working, and the advanced software systems in the matchers require a much higher quality image than the weak algorithms that were fooled by earlier gummi attempts.
I have some reservations about biometric systems since I know how most of them work. "Population of millions" is still remote future for biometrics. You need accuracy, you need speed (indexing), you need some standard protocols.
The key to solving many problems is combination. There are scanners which can determine liveness of a skin and there are fingerprint scanners. There should be: combined fingerprint and liveness scanner. ETA: 2-3 years. Almost perfect scanner: all-in-one fingerprint, liveness, chemical, blood vessel, hand geometry, palmprint, (DNA?). ETA: 10-20 years.
The main critique of the proposed system: the protocol is not standard. The fingerprint should really be combined with some token, like credit card. The required phone number (or any other number) is really the key for this system but company's sales department is at work here, and it is conveniently forgotten when vaunting the product.
New crime type (completely innocent): I pay for groceries and 'accidentaly' enter wrong phone number. Scan finger, if does not work enter correct phone number and proceed. After 100-1000 shopping trips and changing 'accidental' phone numbers: lo and behold - some phone number (not mine) worked with my fingerprint! Forget my own phone number and go to a shopping spree!
Pay by touch, is an option at all Charleston, South Carolina Piggly Wiggly grocery stores. Sadly, being a cashier there, I can comment a bit on it's use.
Basically, it connects your fingerprint (or an algorithm derived from your print, as I'm told) with either your checking account or credit card along with your PFC card (Pig's Favorite Customer- or insert discount card here depending on the store). The self swipe terminal has a scanner for your finger, which you use to pay. Along with your fingerprint, the system does use a pin, but it is just your local phone number without the area code. I suppose you could make up your own seven digit number to make it that much more secure.
Surprisingly, the people who sign up for this option the most have tended to be senior citizens who live in nursing homes nearby. They seem to like the option of not having to bring their wallets or purses with them. The younger crowd is much more suspicious of the system in general.
It is also, far from perfect. For one reason or another, although the older crowd appreciates it more, it tends to have more trouble with wrinkly hands. Even people that have signed up, sometimes are not identified by the scanner and end up paying the old fashioned way. It isn't any quicker than credit or debit card, and if the account is linked to a credit card then you still must sign the slip.
Overall, it's an interesting system, but it still has a number of kinks to work out. I'm sure there's room for abuse, but I don't think that severed fingers or fake fingerprints are a concern at the present time. I'm rather well educated in the fake identity field, and the biggest problem with this system is people breaking the readers because they think they have to mash their finger down on the damn readers and they crack the plastic. Every system has its flaws, but since it's much easier to deal with stealing credit cards than fingerprints, I would guess that the criminals will stick with what they know, at least for the time being.
The key phrase in your post was "I know how most of these systems work." There are state-of-the-art fingerprint matchers which are in production now, which obviously lie outside your familiarity.
Adding a second or third factor (Combinations):
Good point - you are correct that adding additional verification checks such as skin chemistry, blood vessel, etc raise the bar even further, but your expectation of timing is a little off. There are readers less than 1 year from large scale production which bring at least two of those additional verification components to the market, at prices even lower than the cheapest fingerprint-only scanners now. Still, the model for the use of these technologies remains to first ID the person based on their fingerprint, then confirm that ID with the second and third factors. The reason is that fingerprint searching is much more accurate and scalable that any of these additional factors. Companies that want to start with fingerprint technology can do so now, if they use a state-of-the-art technology which will allow complete portability to any of these new readers, without re-enrolling.
Misconceptions of accuracy of state of the art fingerprint matchers:
Your characterization, which I expect is based on the capabilities of the major AFIS fingerprint vendor technology being used by PayByTouch (which is only accurate to 1 in 10,000 for a single finger), is not reflective of the state of the art in production-deployed fingerprint identification systems, which offer single finger accuracy of over 1 in 200 million, by extracting 50 times more data from the same fingerprint image than these older systems. These state of the art systems also index data using COTS databases such as Oracle, and run on data center friendly platforms such as Windows and Linux. These indexing systems allow a single finger to be presented to databases of - yes - millions of prints, returning a single 1 in 200 million accuracy match. So, if the search is a 1 to many ("with no other information provided, is this person in my db?"), it can be found among millions.
Why PayByTouch uses a separate "key" such as tel. number
The reason for having consumers enter their phone number or other unique identifier, is to allow the back end matcher to retrieve a single record from a traditional DB such as Oracle, containing the biometric template of record for that individual, then performing a "1 to 1" match between the print at the POS with the print from the DB. These types of matches can be performed at huge throughput volumes, which allows the system to scale. Performing "1 to Many" searches are CPU intensive, and so cannot be used in a centralized processing model. Here again, state of the-art-systems have built "cascading search" capabilities, which automate the process of first searching from a local context ("has this person been in this store before?"),then only moving up to larger scale 1 to many searches when a person is not found locally. Leveraging context results in a distributed processing model which scales very well. Cisco is working with the state-of-the-art vendor I'm describing to build the biometric equivalent of DNS, built directly into their new AON switches, to allow the cascading search to be completely transparent, like the DNS process.
New Crime Type - would not work:
The trial and error attack you described would never succeed if a highly accurate matcher is used - and is the reason that consumers should ask what the accuracy (False Accept Rate) of the system being used to match their finger to their record. If the answer is 0.0001 (1::10,000), then it would still take you over 10000 random attempts to have a chance of matching someone else. However, if it's a state-of-the-art system, offering more like 0.000000005 (1::200,000,000), then you simply could never match anyone else's prints. Additionally, these systems perform internal alias/duplicate checks to determine if any two prints are the same (in which case, the person is the same)
So, PayByTouch does have a weak algorithm in place now, but they are likely to move to something more accurate, as they learn the shortcomings of the technology they chose.
Though I'm not interested in arguing or debating the point (I'm not an apocalyptic fear monger or anything), I did find it interesting that Revelation refers to the mark of the beast as a mark on a person's hand or head that will be required for transactional purposes in the world economy. Whether this is the case or not with fingerprint transactions has yet to be seen. For those with no connection to Christianity at all, it doesn't much matter. For those who do practice the Christian faith, it's things like this that I get less and less comfortable blowing off as just another "advance" in technology. To be sure, if my relationship with God is in tact, it doesn't much matter what happens to me on this earth so long as I'm following Him. I'm a technology geek through and through. Sometimes it's difficult to reconcile what I believe in my core with the life that is being handed to me in regards to politics, technology, culture, etc... Can't serve two masters, so it becomes difficult at times, I guess, to operate in a world where you are really just a stranger. You want to be a regular person and not so heavenly focused that you of no earthly good, while at the same time trying not to be luke-warm about your faith. Bottom line: what happens if I refuse to be I.D.'d by my fingerprint for religious reasons? What do they do with amputees and quad/parapalegics?
Testing setup usually greatly influences performance results. "Cleaning", that is removing few (5-10) fingerprints from FVC2002 database would make most fingerprint systems perform perfectly. There is no information how bio-key's algorithm was tested. It would be really interesting to see where this 1:200,000,000 figure comes from.
New crime type still works: scan your unenrolled middle finger with random phone number.
You really have to look beyond PR bullshit and see if technology worth something. It is rather hard to do with bio-key, only information being rather unreadable patent.