Slashdot Mirror
Biometric Payment Arrives in a Store Near You
"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"
how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?
Because you leave them on everything you touch?
Send email from the afterlife! Write your e-will at Dead Man's Switch.
Didn't Slashdot run a story a while back about a supermarket fingerprint pay
_ defeat_fingerprint_sensors/
system that was tried a year or so ago? It could be faked out REALLY easily
using a Gummibear.
I can't find the slashdot story - but check this out for example:
http://www.theregister.com/2002/05/16/gummi_bears
Does this new gizmo do something magical to avoid this rather easy attack?
Just google gummibear and fingerprint and you'll find a gazillion How To
articles.
If the biometrics guys are 'a bit puzzled by customer privacy fears" then
they are horribly ill-informed!
I can avoid leaving my credit card lying around for someone to steal - but
it's very hard indeed to avoid leaving my fingerprints in all sorts of
public places. If I could find out how to defeat their scanner so easily
with about 10 seconds of Googling - you can be very sure that the bad guys
will be lining up.
www.sjbaker.org
Fingers today only, next month, we charge an arm and a leg!
Officials from the Tampa police department respond to a rash of armed index finger amputations. Meat cleaver sales rise, while guitar sales plummet.
Film at 11:00.
I read this line too and it made me want to scream. "Company pledges" are worth exactly shit these days. "We pledge to protect your privacy and retain the right to alter this pledge at any time." "We pledge to never sell or distribute all of this personal information that we insist on gathering, really, unless we're bought out by another company that doesn't pledge this."
I don't want pledges. I don't want them to have this info, period. I don't want to receive marketing from them any more than I want it from third parties.
Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."
Those are some pledges that I'd be slightly more inclined to believe.
John
Some people's fingerprints can't be scanned by these machines... Last year I went to Florida and they have fingerprint machines at all the big theme parts and at the airport. None of these machines could pick up my prints... And every second time I used them I got rejected ... So this flawless technology is anything but... I do nothing special with my hands, so it must be one of those "from birth" things... But if you're unlucky like I am then don't expect to be paying with your fingers any time soon.
I am not looking forward to going back though American customs as I know the fingerprint machine will reject my prints and I'll get sent home or something crazy.
"After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?"
Just look at murder victims whose hands have been lopped off to hide their identities. It doesn't take much of a (morbid) leap of logic that someone could hold onto a thumb, and surrepticiously use it to withdraw someone's entire finances.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
Scuttlemonkey wrote "An anonymous reader writes..." despite the fact that this is my journal entry, and says qo quite clearly at the top of the story: "Journal written by anaesthetica (596507) and posted by ScuttleMonkey on 14:12 Saturday 24 June 2006"
I mean, I may not stand out in a crowd, but this is just an unnecessary blow to my ego.
The Rise and Fall of Online Community
> "The company pledges not to sell or rent personal information, or access to it."
...."
That should read "The current management of the company pledges not to sell or rent
http://www.paybytouch.com/privacy_policy.html
Notification of Changes
If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.
Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.
Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.
We all know how secure third parties are.
"In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."
Er, they are fingerprints, how anonymous are fingerprints!
http://www.paybytouch.com/member_terms.html
THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.
Great, that's the feel good factor !
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The 7 digit number is probably there to conform to the normal standard of requiring two pieces of ID for confirmation of who you are. The 7 digit number is one, and your fingerprint is the other. This not only confirms your identity but also confirms that their records are accurate with respect to any identification that you have previously provided them with. If something doesn't match up with their records, they can ask you for details and confirm your identity another way before processing your payment.
File under 'M' for 'Manic ranting'
It is important to know that these sensors are not optical in any way. They are using sensors similar to those from Authentec which use an RF scan to penetrate the first layer of skin. This eliminates problems with "too wet" and "too dry" fingers and also prevents spoofing by just about everything except cutting the finger off.
There are some systems that can be fooled much easier, but they are not being used by PayByTouch. Nor is anyone serious about using a fingerprint scanner anymore.
Microsoft sells an optically-based fingerprint scanner that can be fooled by latex molds, gummi bears and lots of other stuff.