Biometric Payment Arrives in a Store Near You

"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"

Gummibears anyone?

[sbaker]

Didn't Slashdot run a story a while back about a supermarket fingerprint pay
system that was tried a year or so ago? It could be faked out REALLY easily
using a Gummibear.

I can't find the slashdot story - but check this out for example:

http://www.theregister.com/2002/05/16/gummi_bears_ defeat_fingerprint_sensors/

Does this new gizmo do something magical to avoid this rather easy attack?

Just google gummibear and fingerprint and you'll find a gazillion How To
articles.

If the biometrics guys are 'a bit puzzled by customer privacy fears" then
they are horribly ill-informed!

I can avoid leaving my credit card lying around for someone to steal - but
it's very hard indeed to avoid leaving my fingerprints in all sorts of
public places. If I could find out how to defeat their scanner so easily
with about 10 seconds of Googling - you can be very sure that the bad guys
will be lining up.

Re:thoughts

[DrSkwid]

> "The company pledges not to sell or rent personal information, or access to it."

That should read "The current management of the company pledges not to sell or rent ...."

http://www.paybytouch.com/privacy_policy.html

Notification of Changes
If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.

Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.

Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.

We all know how secure third parties are.

"In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."

Er, they are fingerprints, how anonymous are fingerprints!

http://www.paybytouch.com/member_terms.html

THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.

Great, that's the feel good factor !

Modern Biometrics

[cdrguru]

It is important to know that these sensors are not optical in any way. They are using sensors similar to those from Authentec which use an RF scan to penetrate the first layer of skin. This eliminates problems with "too wet" and "too dry" fingers and also prevents spoofing by just about everything except cutting the finger off.

There are some systems that can be fooled much easier, but they are not being used by PayByTouch. Nor is anyone serious about using a fingerprint scanner anymore.

Microsoft sells an optically-based fingerprint scanner that can be fooled by latex molds, gummi bears and lots of other stuff.