Slashdot Mirror
Biometric Payment Arrives in a Store Near You
"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"
how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?
Because you leave them on everything you touch?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
From the article:
WTF? How can they say that? Don't they know how many times each day people lose their fingers? Not to mention the countless times people give each other the finger! (Done so a few times myself.)
Also:
I experienced this at Epcot... in Orlando. I don't know if it was in its experimental phase, but it introduced lots of confusion as people entered the park. And, it was not clear how or where it was used the rest of the time we were in the park -- if it was exclusively to prevent abuse, so be it, but it was an eerie experience at the gates.
I do wonder about the statement: (FTA)
How can that be? I know my prints are on file (Top Secret clearance, cool!), but I wonder how these prints would differ. Are they storing some kind of hash with no backup of the original scan or image? Weird, but doubtful.I think this is great technology as people get more comfortable with it. I would (and do) worry about how soon people get good at counterfeiting fingerprints. Thought I'd read a couple of articles on that very hack and that hacking fingerprints turned out not to be too very hard. Any resources on that?
Regardless, great point about it not being that much different (and quite a bit less likely to wander off) from keychain fobs, credit cards, etc.
Didn't Slashdot run a story a while back about a supermarket fingerprint pay
_ defeat_fingerprint_sensors/
system that was tried a year or so ago? It could be faked out REALLY easily
using a Gummibear.
I can't find the slashdot story - but check this out for example:
http://www.theregister.com/2002/05/16/gummi_bears
Does this new gizmo do something magical to avoid this rather easy attack?
Just google gummibear and fingerprint and you'll find a gazillion How To
articles.
If the biometrics guys are 'a bit puzzled by customer privacy fears" then
they are horribly ill-informed!
I can avoid leaving my credit card lying around for someone to steal - but
it's very hard indeed to avoid leaving my fingerprints in all sorts of
public places. If I could find out how to defeat their scanner so easily
with about 10 seconds of Googling - you can be very sure that the bad guys
will be lining up.
www.sjbaker.org
Fingers today only, next month, we charge an arm and a leg!
Officials from the Tampa police department respond to a rash of armed index finger amputations. Meat cleaver sales rise, while guitar sales plummet.
Film at 11:00.
I read this line too and it made me want to scream. "Company pledges" are worth exactly shit these days. "We pledge to protect your privacy and retain the right to alter this pledge at any time." "We pledge to never sell or distribute all of this personal information that we insist on gathering, really, unless we're bought out by another company that doesn't pledge this."
I don't want pledges. I don't want them to have this info, period. I don't want to receive marketing from them any more than I want it from third parties.
Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."
Those are some pledges that I'd be slightly more inclined to believe.
John
Some people's fingerprints can't be scanned by these machines... Last year I went to Florida and they have fingerprint machines at all the big theme parts and at the airport. None of these machines could pick up my prints... And every second time I used them I got rejected ... So this flawless technology is anything but... I do nothing special with my hands, so it must be one of those "from birth" things... But if you're unlucky like I am then don't expect to be paying with your fingers any time soon.
I am not looking forward to going back though American customs as I know the fingerprint machine will reject my prints and I'll get sent home or something crazy.
"After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?"
Just look at murder victims whose hands have been lopped off to hide their identities. It doesn't take much of a (morbid) leap of logic that someone could hold onto a thumb, and surrepticiously use it to withdraw someone's entire finances.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
How is this news? The Pay-By-Touch service has been in like every Cub Foods (grocery store chain) in the Minneapolis area since I moved here.
After all the bullshit being done the Government lately, I don't goddamned well think I'll sign up for any voluntary fingerprinting.
I for one, welcome our new Biometric Paying Overlords!
My sig sags.
Let's face it... biometric authentication/payment is really cool. As long as I can be sure the cryptographic basis of it is secure (i.e., that my fingerprint can't be recreated from it), I would be comfortable using it. But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it. I understand that people are afraid about invasion of privacy and identity theft, but the issue should be "Are we sure that company $X's implementation will preserve our privacy?", not "Aaaaaaaah, fingerprint scanning will get your identity stolen!" or, worse, "Religion $Y says that biometrics are evil!" even though biometrics didn't exist back then, and nobody could have envisioned them.
ttuttle is a rankmaniac
But just watch...it could be USED by law enforcement in about ten seconds!
California has required you to give a scanned fingerprint for years just to get or renew your driver's license. I've always wondered how many divisions of law enforcement now have MY fingerprint in their dtatbase. When I asked the guy at the DMV, he said he didn't know, but was SURE that law enforcement could access their fingerprint database without ant warrants.1984 was 22 years ago. We're WAY past that privacy wise!
Mugger steals your finger, worse.
God spoke to me.
You can pay and receive service at the same time
Iris scanners are not that expensive anymore, and I don't understand why thumb scanners are used anywhere outside of having a little usb toy attached to your computer. This confusion doubles when you consider it in situations where security is very important, like cash transactions.
VC cash
..."Virtual Cash"? but why say "cash" twice? that's redundandt and stupid. Like saying "VIN Number".
Okay as a WWII, Vietnam, Gulfwar and modern reenactor...
"VC cash" only means one thing to me! It's the brightly colored paper money those little guys in black PJs carry around with them...
What's VC mean, other than "Victor Charlie"?
Hmmmmmmm
finger-print scanners as payment. Check.
fuel from anything in 9 years. Check.
Now all we need hoverboards and Pepsi Perfect.
"I would say that 99 per cent of what my father has written about his own life is false." - L. Ron Hubbard Jr.
Scuttlemonkey wrote "An anonymous reader writes..." despite the fact that this is my journal entry, and says qo quite clearly at the top of the story: "Journal written by anaesthetica (596507) and posted by ScuttleMonkey on 14:12 Saturday 24 June 2006"
I mean, I may not stand out in a crowd, but this is just an unnecessary blow to my ego.
The Rise and Fall of Online Community
We've had this in South Carolina for a couple of years now at the Piggly Wiggly. No major stories of problems yet. (And South Carolina wasn't last to something... wow...)
--The Mad Crasher has struck again! Or something along those lines...
I'm going to start a new company called "Tag Your It", where I start by making everyone 'It' and then requiring them all to tag the tagging stone. Rules of the game states, "you must be all thumbs".
Five-fingered discount: 10% off if you use all five fingers to verify yourself!
Cub Foods also uses it. You need to enter a 7 digit number along with your finger print. It really didn't seem easier than swiping a card and entering a four digit number, so I didn't go with it. They suggest using your phone number for the seven digit number. I imagine the number is needed to make the database lookup practical. I wonder what would happen if LOTS of people started using the same seven digit number "1234567"...
here is a similar article about the same thing:r 2006/tc20060328_901806.htm
http://www.businessweek.com/technology/content/ma
For all you phobic people out there who don't want them to "have a copy of your fingerprint" from what I found out from the employees it doesn't work that way. It doesn't store your fingerprint, just certain points on it. So really there is not a way to one way hash back to your actual fingerprint. Now, maybe the employee didn't know what they were talking about but for them to have any knowledge about the device at all suprised me so I believed them. The article also mentions that it doesn't store the actual fingerprint. By the way, I am a the paranoid type too so I don't use it.
Hey, there is only one Return and it's not of the King, it's of the Jedi.
Fingerprint payment is already in trial in the UK by the Co-op.
8 818/op-users-back-pay-touch
More info:
http://www.computing.co.uk/computing/analysis/215
Fingerprint payment is one of the must stupid ideas ever. It just encourages some idiots to cut off your fingers to get a couple bucks. Besides, if the fingerprint gets stolen, which can be anticipated, how do you revoke it and create a new one? I can't believe someone was actually stupid enough to give those guys some venture funding.
I can't wait until this becomes common as cash... That way I can pay my prostitutes while they do their services!
all it takes is an aerosol can of super glue fumes and some tape and they can retrieve it off anything someone else touches...then it's just a matter of making a thin skin like mask that fits over the finger to reproduce the fingerprint...i saw Drew Barrymore and Tom Cruise do it...
Which finger did they want on file, again? :eg:
With spending like this, exactly what are "conservatives" conserving?
Man, I wish I could come up with jokes like that... Are you a writer for SNL?
I've seen this around in Pick'n'Save stores around Milwaukee, Wisconsin. I'd like to sign up for it, but I fear the government will steal my fingerprints and use them to clone me and harvest my organs to create an army of super Noxals that would come to my apartment, tie me down, and rape me.
Whether or not I would like this is another story entirely.
Piggly Wiggly has been doing this for at least a year from what I know.
4
http://www.findbiometrics.com/viewnews.php?id=226
"Not knowing when the dawn will come, I open every door." - Emily Dickinson
We did an interview with these guys long before the SP Times did, when they first started rolling the system out in the Bay area. Supposedly their machines require a normal body temperature and a pulse to be detected and the process can take a few seconds.
Also note that the system is closed. Merchants have no ability to troubleshoot or fix their machines, it requires a full visit by the company. It also requires a broadband connection. Yes, it goes over the Internet. Many, many small stores still use dialup connections for credit card processing.
This system is far from flawless. Realize that this system only pulls funds from other sources such as your bank account. To be secure, all systems would have to go based on fingerprint only and have no other method to withdraw funds. If a criminal can get your money out just by swiping your account number from a check, why would he bother chopping off your finger? Unless he eats it with his peas and carrots, that is.
Krogers/Jewel-Osco stores all across the midwest have been using Pay-By-Touch since at least December of last year in all of their stores. Why is this just now getting known?
The Jewel stores in the Chicago area have this already. I haven't touched it. ;)
how can using a unique fingerprint for identification be riskier to theft...
I'm more concerned with the risk of spreading diseases. How often do you think a convenience store employee will wash the finger scanner?
Basic security priciple states that information is protected in one (or more) of three ways:
Something you have (like a debit card), something you know (like a PIN), or something you are (like a fingerprint).
Currently we use debit cards at the supermarket, which requires two elements of security (the card and our PIN or signature). But with biometric, it's only based on something we are; only a single element of security.
What's more, if hackers comprimise my CC database I can get a new CC number in a day or so. If hacker's comprimise the digital keys that verify my fingerprints, then what? Will I be issued new fingerprints?
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
"They took my thumbs, Charlie!"
Best Free Utilities for Windows
I do not think it will be an issue in another one or two generations because people are getting fingerprinted more and more for other purposes anyways so the stigma will probably not last forever.
File under 'M' for 'Manic ranting'
bit puzzled by customer privacy fears
... my head hurts from even trying to imagine how ignorant dumb*sses these guys must be.
Well, they seemingly are stupid like a dumb ducks behind, and still they will get rich. Why ? Because such moves will be backed heavily by US government, since they will be able to get a nationwide fingerprint database in a few months and they don't even have to pay for it.
I'd prefer living without money in a jungle than using my fingerprint as a payment method, that's for sure.
how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
How long until theme parks and such will start cooperating with authorities to prevent convicted sex offenders from entering thus protecting the kids?
*most fingerprint systems don't store the actual fingerprint*.
The easiest, most computationally inexpensive way to check fingerprints against a database is to hash the print that you found at the crime scene--or the point of sale--and compare it to a database of hashes stored in the same way.
If you have the hash database, you have the fingerprint. Just because it's not the *same* hash as what law enforcement uses doesn't stop the NSA from using it against you. If you had more than one hash database, you might have to compute several hashes on the same print, one for each database, and do one search against each database. But the cost of doing that is tiny.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
Up here in the frozen tundra of Minnesota. Cub Foods has been using this for close to a year. After talking with a few cashiers at Cub Foods, they have told me that every few people use the fingerprint system.
-- A computer without Windoze is like a choclate cake without mustard
Jewel's in Chicago have had this for over a year now.
And we have implemented Pay-By-Touch as part of our payment authorization system.
However, our CEO said recently that PBT has not been as successful as they had expected. As a result, we are looking at developing other forms of non-magstripe payments, such as by inserting RFIDs into our cards, as Mastercard has started doing.
Have you been reading the issues people have brought up here? Identity theft is too easy when your 'credit card' is something you leave on EVERYTHING YOU TOUCH. It's not about privacy and the government - its about privacy and companies, financial security and thieves. What happens once your id is stolen here? You need to get new fingerprints?
It amazes me how people think that because it doesn't currently overlap with government databases, we should have no worries about its abuse and misapplication.
The story on fingerprint scanners being fooled by play-doh? I can't find the bloody link anymore though.
if so, who's IP is it? if it's the company that just went bankrupt, then what?
Enjoy Every Sandwich
That some hacker will start getting free gas when he uses the techniques used to fool cheap biometric security devices you can get for your PC (like this one)
I'm suprised that this took so long to be implemented, seeing as it is not a very complex setup (heck, I could make one)
They've been doing this fingerprint payment stuff at the High Tech Burrito places here in san fran for 6 or 7 years I think. This is nothing new....I'm just surprised that other places are starting it up....it obviously isn't catching on.
It is important to know that these sensors are not optical in any way. They are using sensors similar to those from Authentec which use an RF scan to penetrate the first layer of skin. This eliminates problems with "too wet" and "too dry" fingers and also prevents spoofing by just about everything except cutting the finger off.
There are some systems that can be fooled much easier, but they are not being used by PayByTouch. Nor is anyone serious about using a fingerprint scanner anymore.
Microsoft sells an optically-based fingerprint scanner that can be fooled by latex molds, gummi bears and lots of other stuff.
My bank requires that their customers provide a password so that they can "verify" who their dealing with over the phone, or even at the teller line. Here's the funny part...the tellers will just ask, out in the open, "what's your password?" and the customers just stand there and blurt them out for anyone to hear. It's the dumbest form of "security" I've seen.
Stores in my area have been doing that for a while now. It is good to see that /. is up to speed on technology.
They put this system in Jewel stores in the Chicagoland area.
You enroll by providing your personal details and checking account information and fingerprint, of course. Then, when you pay you have to (1) scan your finger (2) key in your phone number (3) sign for the payment. It is then direct debited from your checking account.
WHY WOULD ANYONE DO THIS??? It is no faster than a credit card and you can't earn points/cash back as many credit cards do. You are basically giving up the float and the 1-2% you can get back from a good CC program. Oh, and it only works at Jewel.
is a fear of two-factor authentication. Really, the solution here is to keep the fancy fingerprint-system and to *combine* it with a PIN that can be changed readily by presenting a second form of photo ID. This way, if your fingerprints get compromised, your PIN is still unique and you can change it whenever you want. The fact that they're so insistent on "touch it and go without any work!" is the security downfall, and it's kind of sad when it would literally take an extra 10 seconds at most to input a 6-digit PIN with your other hand while your hand was being read by the reader.
Two (or three) factor authentication is really the way to go for any system that you care about. Apparently people aren't remembering this from Security 101.
Actually this is how all law enforcement data bases work. They find places where print ridges have certain kinds of discontinuities, bifurcations etc... then store the potions of these points relative to each other. Very few database matches rely on a complete match, nor are they actually comparing actual pictures of prints, but rather how many points in common line up. Since lifting prints often distorts the print or misses some areas, exact matches are really ever found, but the quality of the match goes up with the more points in common. I believe the standard is 5 points in common to be considered a match. A figure many feel is too low and has probably falsely identified many people -- especially when you are just trolling for matches in a database of millions, and no other evidence.
Point is, there is nothing to keep some future law enforcement under newly enacted laws from subpoena the database and converting it to troll for matches, with as mentioned before the high likelihood of false positives.
Congratulations! You are our One Millionth Customer to be accused of Homicide!
Letter To Iran
have had this for about 6 weeks now. I still pay with cash or credit card because the notion of giving my fingerprints to the government (via Jewel) doesn't appeal to me.
I wonder if any of the people who signed up for this considered the fact that the government could obtain their fingerprints by doing nothing more than getting a subpeona. In fact, I suspect that most businesses would gladly divulge them for the asking, so long as it was for fighting terrorism.
The society for a thought-free internet welcomes you.
So...someone gets your card with your biometric data on it, and the card gets hacked. Now they can make new cards with your info including your fingerprints on it. Fingerprint readers can be faked pretty easily these days, using all sorts of products available in the home. Once your fingerprints along with your ID are stolen, that's pretty much it. You can't change your fingerprints. With username/password or credit card info, if it gets stolen, you can simply change all that info or get a new card with a new #, but if your biometric data is stolen and copied/faked, then that's pretty much it - your identity is stolen forever. This is why fingerprints, specifically, are a horrific idea for security.
:(
Perhaps something like retinal scans are more secure, or typing patterns, or vein patterns and suchlike, the problem with biometric data will ALWAYS be, "What happens if this data is stolen and cracked?" Many of them will be hard or impossible to fake in person at a store with even a halfway alert shopkeeper, but when this info is to be used for purchases online, forget about it.
I think the days of remote payments that only work in certain ways are sure to come sooner rather than later. Why debit cards can be used as a credit card with just a signature is beyond me. Sure, it's convenient. But it's also convenient for someone to steal your debit card and use it as a credit card once they've learned your signature on the back of your card (and many places don't even bother to compare them, much less require some photo ID). And that's not even taking the hacking of the data on a debit card into account, assuming that's easily done (I don't know what kind of security the data in those strips have).
Intelligent ID theft monitoring services combined payment methods that REQUIRE some type of real authentication, and ID confirmation that can be changed if hacked seems to be the recommended course to me.
But then again, all of that doesn't fit into a nice soundbyte for the news media.
"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions...
Okay, we just need an Australian court to decide the distribution of remaining assets to Japanese investors on the sellers in Nigerian government officials to make this truly a world-wide story.
This means that the Men in Black can't buy anything. :(
Or, hey, maybe people realize that while it's not a problem for grociery stores, maybe it is with ATMs! Maybe people actually think outside Slashdot!
I hope that you didn't strain yourself with that misguided thought. Or were you just reciting something you heard elsewhere?
We use finger print readers where I work. This, of course, only applies to the system I'm familiar with, but I doubt the store one is that divergent. They don't store anything resembling an image, but rather a numerical encoding of a given number of key points. I get the impression the actual process involves some kind of hash number validation.
The reason that "the fingerprint image recorded is not the same as those collected by the federal government or law enforcement" may be chillingly pragmatic. We were told when implementing our system that if we stored fingerprint data up to government specs we would be required to provide that information to the government. As a result our company, and most others, store data below the threshold that will get them noticed by the feds.
The fingerprint validation itself is somewhat fluid. Most people don't press the reader the exact same way twice in a row, the finger distorts under different levels of pressure, reacts to environmental changes, and even the current health of the individual. This kind validation requires a level tolerance to be set.
Some individuals never seem to get a good read, the tolerance for such people needs to be loosened to get any kind of positive feedback. As a result, some of our employees could hoist a big toe on the reader and probably get a pass. I simply wouldn't trust these things not to mistake me for the granny with the bad fingerprints.
then store the potions of these points relative to each other
Eye of frog, tail of newt, wing of bat, potion of fingerprint points. Great. Now they've resorted to spell-casting in order to confirm identities.
Ok, it's not that funny. Laugh anyway.
(Good points, BTW. I doubt these people's databases are any more secure than anyone else's - which means, not.)
SB
It's old. The more humans I meet, the more I like my cats. At least they are honest.
Never mind the fact that fingerprint fraud is far easier than, say, Iris/Retina fraud, biometric authentication has serious problems.
I do not need to cut your index finger off to have access to your money. I could gain [painless] access by tapping physically into the device, which is difficult but sometimes doable. The company must have 24/7 surveillance as well as securing any data passed on the intranet between the various systems (it can't be just one device). If someone on the inside gets info that can be translated into an optical image, you are screwed doggy-style.
Gloves.
Fingerprints, when used without secondary means of identification, are HORRIBLE for identification. I seem to recall that 1 in 27,000 have practically identical markings. It's not uncommon in law enforcement for fingerprint searches to return multiple matches. Granted it can usually be narrowed down by obvious elimination, "Well, this person lives two states over, while this person lives next door to the murder victim. Let's see the victim's neighbor." You will never see a conviction in an honest court on fingerprints alone! After all, it's possible for the fingerprint to be there under normal circumstances.
This also means a court case can't hinge on a single piece of forensic evidence. If it's possible for a hair fiber of one person to make it to a crime scene by direct content with the scene, then it's possible for it to make it there by indirect means. If you don't believe this, put some invisible-to-normal-light UV reactive ink on your hands, and shake the hand of someone else. Before long, others will have that UV ink on them, even if you don't touch them.
Granted, that's when someone's life and liberty is on the line. For other situations, I still wouldn't trust a biometric identifier. After all, where do I get a new set of fingerprints when mine or compromised? Financial institutions have had a horrible time with customer data. I don't see how biometrics make that any easier. Even if it did, the criminals would just steal the damned hard drives.
From the article:
...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.
After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?
For starters, you only have 10 fingers. If a password is stolen, you can reset your password. How do you reset a fingerprint for cripes sake?
Other people have already talked about using fake fingers to fake out the readers. However, the fingerprint is converted by the reader into a string of binary digits. If you know what you are looking for, you can steal someone's fingerprint over the network....tcpdump anyone? Now how hard would a replay attack be?
Just say no to biometrics, unless they are used with strong encryption, or other multi-factor authentication.
Oh, just in case someone thinks this is just someone's fantasy, they have the readers installed near my house. Fingerprint readers at Farm Fresh.
Overrated, Troll, and Flamebait mod points are not to be used towards posts you disagree with. That IS censorship.
There is a supermarket chain where I am, Farm Fresh, that has been using fingerprints and "PayByTouch" for atleast a year now. Never tried it, they're food kinda went down the toilet (though they have a good beer selection) so I don't go there that much and the cash I usually use hasn't been rejected yet... It's just one of those POS attachments that sits there but never gets used. Anyone tried it? Anyone had real experience with this system? Is it anything like the fingerprint scanners coming with some laptops now-a-days?
-=JML=-
Sorry, but if I'm to get mugged or defrauded by a desperate criminal, I'd much rather lose my wallet than my thumb or index finger. Just a thought. I can get new credit cards. I can't get a new finger quite as easily.
Terrorists can attack freedom, but only Congress can destroy it.
They are testing the same technology at many universities at their dinning facilities, i know for a fact that a few schools that are using sedexo dinning are testing this
...large scale studies on the uniqueness of fingerprints (especially the reduced data that is actually stored and compared.)
In addition, if your "fingerprint" is stolen there is no fix. You can't get a new set from fingerprints-R-us.
I'd bet there are many duplicate fingerprints as far as their scanners are concerned if they need you to use such a long pin. The system probably functions primarily on your pin, using a relatively low quality fingerprint scan for verification or duplicate resolution in case two people have the same pin.
I can imagine that this could be really bad it is one thing to have to give up your wallet it is another to have to give a finger to a robber. plus with all the ways we leave fingerprints behind from glasses to car doors it seems like a real easy way to get ones financial inforamtion.
We've only scratched the surface of ways to fool these machines. As soon as there's a financial move then you're looking at financial meltdown.
Somebody needs to tell the PHBs that fingerprints do not work for anything other than catching criminals. You leave copies of them everywhere as part of your daily life, and they cannot be revoked/replaced if somebody steals them.
What's so difficult about carrying a small plastic ID with some electronics in it?
No sig today...
That really inspires confidence...
I bet that once there's a financial incentive involved then number of ways to fool the system will start to multiply.
Besides, can you imagine how icky a fingerprint scanner will get after a few days of public use? I'd rather have an RFID chip implanted. At least a chip can be revoked/replaced/reprogrammed if somebody compromises it.
No sig today...
Just wait until they require an IRIS scan. Can anybody say "Eyeballs on forks"?
No sig today...
There's a chain of gas stations & convenience stores in Portugal that has been using biometric payment services since March 2004. More details here or here here.
This just shows how clueless these "security" people are. Phone numbers aren't much more difficult to get hold of than fingerprints are.
No sig today...
A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch.
Money is so outdated, we should all pay with fingerprints and nail clippings instead!
Biometric scanners identify the characteristics of a number of points on one's fingerprint. The number of points evaluated varies by scanner brand and/or user-definable accuracy level desired. The positions of the evaluated points relative to each other and the points' characteristics are encoded as binary numbers. A string of bits is stored, not an image of one's fingerprint.
Appropriate encryption and safeguarding of the algorithm used to encode the data make it extremely difficult to create an analog facsimile (fake "skin") of a fingerprint.
The whole gummy idea doesn't hold water, I'm afraid. The only way to make a fake 'gummy' fingerprint would be to have access to the original, real finger. Making one from a fingerprint is pretty much fiction -- finger prints don't have the depth information, even if they aren't smudged (which they almost always are). And the finger-print to gummy-bear-finger manufacturing process would be pretty difficult. So, you need the actually finger to use a 'gummy-bear exploit', which generally means you need the full cooperation of the actual person. Not much of an exploit, then.
Jewl stores in chicago have been rolling this out since the start of this year. It takes about twice as long to pay by touch than any other method.
This is not really new news, the Cub Foods grocery store in Minneapolis, MN, that I shop at has been doing pay by touch for a while now. I would say for at least the last 6 months, since i started shopping there....
When I worked at Blockbuster (video) during my last 2 years at college I noticed on our computers one day an option about fingerprinting. When I asked the manager he told me the software had been updated, and we were getting ready to accept payment but fingerptint.
Essentially when someone would come in and set up the account they would have the option of giving their fingerprint on the machine and tieing their credit card to it. That way, when they came into the store the next time they wouldn't have to bring ID, membership card, or a method of payment with them.
As far as I know the hardware of this hasn't been distributed to stores, but the software is indeed setup and ready to go.
Libertas in infinitum
http://www.habitablezone.com/OffTopic/messages/426 554.html
SHYLOCK:
Is that the law?
PORTIA: Thyself shalt see the act: For, as thou urgest justice, be assured Thou shalt have justice, more than thou desirest.
If you think being able to use Gummi Bears to fool these scanners is bad then you should look at the scanners we have at my place of work. If you go upto the scanner and blow lightly on the finger plate then the system 9 times out of 10 will access using the finger print of the last person to use the scanner.
To err is human. To forgive is not company policy.
I don't think that word means what you think it means.