Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pay By Touch Goes Online

Posted by ryuzaki0 on from the sort-of dept.

Max Fomitchev writes to tell us that Pay By Touch, the biometric identification service, has announced an online version of their service. While currently the only implementation of this service is in the brick-and-mortar storefront of Star Markets grocery stores, the company hopes that online vendors will start signing up soon.

85 comments

  1. Finally! by Corbets · · Score: 4, Funny

    Finally, the world of "Back to the Future" is coming to us! Now if I can just get that hoverboard I've always wanted....

    1. Re:Finally! by sugapablo · · Score: 5, Funny

      Back to the Future? What kind of /. nerd are you? First thing that came to my mind is Quark handing me a data pad for my thumbprint.

      Now if I can just get into one of his holosuites and take a spin at "Vulcan Love Slave 2: The Revenge"!

      --
      Sugapablo
    2. Re:Finally! by Plocmstart · · Score: 1

      I'm thinking more of a movie like Gattaca, where the guy goes as far as glueing fake fingerprints of another person on his to pretend to be another person. Not sure how hard that really is, but I'm sure it can't be too out of the question, specially if some con artists wants to pull it off that badly. Of course you have to get a good copy of the originals to make the fakes to begin with.

    3. Re:Finally! by Jimi1337 · · Score: 1

      In the spirit of correcting miniscule technical inaccuracies, the correct spelling is "PADD", an acronym for "Personal Access Display Device". http://en.wikipedia.org/wiki/PADD

    4. Re:Finally! by JanneM · · Score: 4, Interesting

      Not sure how hard that really is, but I'm sure it can't be too out of the question, specially if some con artists wants to pull it off that badly.

      Fingerprints are not hard at all; it's been done, and done well already. You can google for detailed instructions.

      Basically, you scan the fingerprint by any means you have (it depends on how and where you could lift it). Print it on transparent OH film, then use it to etch a negative print on circuit board - this just requires standard stuff you can get in any electronics store of course. Use that negative as the mold for a latex positive; in the simplest case, just dab a solid layer of latex on your fingertip and press on the mold until the latex hardens.

      The beauty, if that's what you want to call it, is that once you have one scanned print, you can trivially duplicate and send it as a black and white image to anybody, anywhere who wants to use your print.

      Fingerprints very seriously suck for identification nowadays.

      --
      Trust the Computer. The Computer is your friend.
    5. Re:Finally! by b0s0z0ku · · Score: 2, Insightful
      Basically, you scan the fingerprint by any means you have (it depends on how and where you could lift it). Print it on transparent OH film, then use it to etch a negative print on circuit board

      Why bother? Just steal the hash data that is generated by the scanner and use a hacked driver to inject it into a browser or whatever. Passwords can be changed. Fingerprints can't be (painlessly). Let's hope that this system is using both fingerprints and passwords/keys. And let's hope it won't become ubiquitous - I like my anonymity, TYVM.

      -b.

    6. Re:Finally! by WeeBit · · Score: 1

      Back off! that hoverboard is mine! All mine!

    7. Re:Finally! by Belial6 · · Score: 1

      Or just steal the fingers with the prints.

      I like my anonymity too, but I really like having my fingers staying attached to my hand.

  2. Grocery Stores? by JonathanR · · Score: 4, Funny

    What about strip clubs?

    1. Re:Grocery Stores? by tomhudson · · Score: 2, Funny

      "What about strip clubs?"

      Sorry, but its only in Soviet Strip Clubs that you're allowed to pay for touching yourself!

      I can see someone might want to substitute "pay-by-touch" in such situations, though:

      An anglo from Toronto, a Quebecer, and a newfie from Newfoundland go to a strip club in Montreal (yes, this is a Kanuckistani joke)
      The Quebecer gets a lap dance, and slips $10.00 in the strippers' panties.
      The Torontonian gets a lap dance, and, not to be outdone, slips $20.00 in the strippers' panties.
      The Newfie gets a lap dance, asks the girl to bend over, pulls down her panties, and slides his ATM bank card through her ass-crack.

      Then again, perhaps not.

    2. Re:Grocery Stores? by Anonymous Coward · · Score: 0

      Well, yes, you could use your "extra" digit for payments, but when the thieves come to take your "payment facility" you might end up regretting it even more than you have ever regretted buying champagne for the "nice girls" who just want to "talk" to you.

  3. dinger? by adam · · Score: 4, Insightful

    FTFA: "allows making online purchases with a slide of a dinger across the scanner" (emphasis mine)

    really.. a dinger..? you don't say...

    The whole fingerprint-for-payment-at-the-store thing has been debated here plenty before, so i'll steer clear of it.. but TFA (well, TFblogpost) is centered around Pay By Touch launching a service that lets you scan your fingerprint at home and autopay at various online websites with a simple swipe of your finger. I don't know who steered them down this path, but they should be fired.. promptly.

    I can recall several dotbombs that had this same business model (an e-wallet that had all your info in it already so all you needed to do was purchase from participating vendors and a username/password/whatever was all you'd need to make each purchase), and they all failed miserably. Anyone remember flooz? Maybe i'm just a cynic and these guys will have a fresh new approach that will catch on like wildfire.. but it seems a nonstarter to me, since none of the failed dotcoms so much as required you to have a biometric scanner in your home.

    --
    I am Jack's complete lack of surprise.
    1. Re:dinger? by Bastian · · Score: 1
      I can recall several dotbombs that had this same business model (an e-wallet that had all your info in it already so all you needed to do was purchase from participating vendors and a username/password/whatever was all you'd need to make each purchase), and they all failed miserably.


      Except, of course, for PayPal, which is wildly successful to the point of being the only payment option for many (possibly most) small-time storefronts I see on the Web.
  4. Privacy Concerns ? by Davemania · · Score: 5, Insightful

    Inevitably, this issue will come up. Traditionally, if your credit card or bank card is compromised, you can simply cancel it and acquire a new one but what about biomatric data used for identification ?

    1. Re:Privacy Concerns ? by Xugumad · · Score: 1

      Hey, stop asking awkward questions about problems security experts have known for years! Bad consumer! No biscuit!

    2. Re:Privacy Concerns ? by failedlogic · · Score: 1

      Simple. Chop of the fingers and attach new ones. Why do you think there is this research on atrifical limbs and skin regrowth? To make you a good consumer! It also increases security, as each of the 10 fingers can have a different password since new fingerprints can be put on each.

      So, don't ever ask to have your password reset. You have been warned!!!!

    3. Re:Privacy Concerns ? by smchris · · Score: 1

      Let's follow the steps:

      1. We are in a nation of, by and for the corporations.
      2. With the new bankruptcy laws, corporations do not have a problem with your lifelong responsibility and if a method can be agreed upon whereby the incurred obligations "more clearly point to you" all the better for the corporations.
      3. So the nation does not have a problem. Any squawking is just the sound of poultry caught in the machinery of the system.

      The general public could prove to be too inteligent to make wide adoption of this system practical. Anything's possible. Consider the guy who successfully argued that the bank shouldn't have let him use so simple a password. Generally, the more "individualized" the ID, the more a hack is going to hurt the _individual_, not the corporation. So schemes like this are not your friend. They are just attempts to throw the financial burden of proving you are _not_ guilty until proven innocent upon the consumer.

    4. Re:Privacy Concerns ? by panoplos · · Score: 1

      The answer here is called "anti-spoof," or more appropriately "live finger detection."

      Quite a lot of research has gone into how the fingerprint scanners themselves can distinguish live human skin from other materials, or even dead human skin. There has been much success in this area to date, and you should expect to see this new technology in products before too long.

      What this equates to is you having to be physically present at the time of authentication, as it will be impossible for someone to spoof your finger, even if they were successful at lifting a latent print from off of something you touched.

      So, though this is a legitimate concern, rest assured the fingerprint sensor companies are not sitting on their thumbs. ;-)

    5. Re:Privacy Concerns ? by sacbhale · · Score: 1

      what if someone chops off your finger and uses it? huh! huh!! huh!!!

      UP Next: How Muggers cut away their victims fingers and make sure it lives long enough to make a withdrawal.

    6. Re:Privacy Concerns ? by symbolic · · Score: 1


      If your fingerprint is compromised, they'll just ask for your password.

    7. Re:Privacy Concerns ? by b0s0z0ku · · Score: 1
      What this equates to is you having to be physically present at the time of authentication, as it will be impossible for someone to spoof your finger, even if they were successful at lifting a latent print from off of something you touched.

      Only good if the scanner is being watched all the time. With a scanner on a computer and on-line purchases, you could just spoof the datastream coming from the sensor and feed it into a hacked driver. Mark my words: the protocols *will* be cracked. And this will be good in the end, since it'll allow those who want anonymity to be anonymous.

      -b.

    8. Re:Privacy Concerns ? by VENONA · · Score: 1

      I'm betting on on them asking for the last four digits of my social security number. Wow, how did I get that cynical?

      --
      What you do with a computer does not constitute the whole of computing.
    9. Re:Privacy Concerns ? by timmyf2371 · · Score: 1

      Consider the guy who successfully argued that the bank shouldn't have let him use so simple a password.

      Did something like this actually happen and did someone win a court case against a bank? Whatever happened to personal responsiblity and taking the blame for one's own (erroneous) actions?

      --

      Backup not found: (A)bort (R)etry (P)anic
    10. Re:Privacy Concerns ? by h4ck7h3p14n37 · · Score: 1

      Don't forget the fact that most (all?) cards provide some sort of fraud insurance (typically you're only on the hook for the first $50). What kind of insurance is this vendor offering?

    11. Re:Privacy Concerns ? by panoplos · · Score: 1
      you could just spoof the datastream coming from the sensor and feed it into a hacked driver.

      Hacking this protocol would mean hacking the PKI security it is wrapped in, at which point you would be breaking the equivalent to SSL and stealing someone's banking information. Good luck.

      The data coming off of the sensor is not going to be usable by anyone without the private key of the hosting system; and if you can get this key, the problem is no longer specific to the biometric system being used.

  5. Dumbasses. by wfberg · · Score: 4, Interesting

    They say: "Your finger is unique to you, which means only you can access your financial accounts. The Pay By Touch service helps protect you from physical or identity theft. Because there's nothing to carry, there's nothing to be lost or stolen."

    Really?

    What about the fingerprint information you're evidently (there's nothing to carry) sending over the wire? No way to intercept that huh? How about the fingerprints you leave on just about everything you touch? No way to lift those off of that surface and to use them on a scanner, in the case of on-line purchases, a scanner that's right there beside you without anyone looking over your shoulder to see you're actually using your own finger and not some copy made out of gummy bears.

    --
    SCO employee? Check out the bounty
    1. Re:Dumbasses. by Bozdune · · Score: 1

      You win for best comment in this thread. Gummy bears. Loved it.

    2. Re:Dumbasses. by Rich0 · · Score: 3, Interesting

      Agreed - a biometric authentication needs to run on trusted hardware. I could use one safely to let people into my computer. However, I wouldn't tell my fileserver to serve up my files to any computer that claims I stuck my finger onto their scanner.

      The reason is simple - whoever controls the hardware can tell the scanner to report whatever it wants, mount data replay attacks, etc.

      Even if the scanner this company is using is ultra-strong and can tell fingers apart from gummy-bears, who is to say I'll even use their scanner. All I need to do is take one apart, figure out how it works, remove any embedded encryption keys, and then create my own "virtual" scanner that reports whatever finger-prints I want it to. As the parent mentioned, there is a ready supply of fingerprints - I might start with my mailman who leaves his on my front porch every day.

      And even strong biometric systems have problems (inability to change compromised credentials for one). This system isn't even remotely strong from the start.

      Here is an idea for a payment system that would work. Credit card with no mag stripe - just a smart-card interface, a small LCD display, a small PIN entry pad, and a small acoustic modem (possibly an external device that the card can be attached to easily), and a tiny USB interface. Card contains SSL key known to nobody, but the cert is signed by the bank issuing the card (with CRL available). I walk up to a check-out counter, and insert my card, and then remove it. The card displays the transaction amount on the display, and I enter my PIN on the card. I re-insert the card, and the transaction is complete. Transactions are time-stamped and cannot be replayed (unless the transaction is a subscription which would be noted on the display). PINs are entered on the card itself - so no capturing these unless you have a camera overhead. SSL key never leaves the card, so without physical card presence you can't make transactions. Acoustic modem / USB can be used for online or phone transactions - again with full security.

      This would resist just about every form of fraud that is common today. Without the card and the PIN you can't make a transaction. Sure, you could steal the card and force somebody to enter a PIN at gunpoint, but this is not a significant source of fraud (and while we're at it we could have a 2nd call-police PIN that still makes transactions appear to work). The only downside is the implementation cost - but I wonder if it wouldn't pay for itself pretty quickly...

    3. Re:Dumbasses. by Anonymous Coward · · Score: 0
      All I need to do is take one apart, figure out how it works, remove any embedded encryption keys, and then create my own "virtual" scanner that reports whatever finger-prints I want it to.
      Can I make a suggestion? You scanner should take the form of a rubber finger attached to a laptop by a bundle of brightly-coloured wires, and it should flash thousands of fingerprint images across the screen before displaying the final fingerprint in green with the message "ACCESS GRANTED". Also, it should probably beep or talk in a sexy female voice.
    4. Re:Dumbasses. by Duncan3 · · Score: 1

      Exactly, it's been shown over and over and over again that fingerprints are trivial to fake.

      And ANYTHING done remotely is insecure unless you control the hardware, and you can't.

      Rather amusing that people still try this crap.

      .

      --
      - Adam L. Beberg - The Cosm Project - http://www.mithral.com/
    5. Re:Dumbasses. by noidentity · · Score: 1

      Now instead of handing the a mugger my debit card or whatever, they'll be demanding a finger. Thanks a lot ye pushers of unnecessary technology.

    6. Re:Dumbasses. by Anonymous Coward · · Score: 0

      The problem with your payment system is there is too much on the card, so the card wouldn't be cheap, and it also wouldn't be durable, the LCD and keypad would be prone to braking and since the cards aren't cheap the cost of continually issuing new cards would mean the savings from reduced fraud just wouldn't make it worthwhile implementing.

  6. Fingerprints works really? by Devv · · Score: 1

    I mean how do we know that fingerprints are 100% unique? And what if someone finds a way to abuse the system? I think this will just be to open unecessary doors for abuse.

    --
    +1 Agree -1 Disagree
    1. Re:Fingerprints works really? by sbaker · · Score: 1

      Fingerprints certainly aren't that unique. They are unique in the sense that in very fine detail there are no two alike - but they most certainly aren't unique when it comes to the resolution that these scanners work at.

      A typical fingerprint scanner has to allow for rotational and translational differences and differences in pressure and pad and finger cleanliness between applications of the finger to the pad.

      Then it has to cope with image recognition matters - it has to pull out features from the print and match those to the database.

      If you cut your finger then it may be unreadable - so you can't buy stuff online until it heals up again a couple of weeks later? If you have a cut on your finger when you first register - then when it heals you won't be able to get in again.

      It's basically horribly flawed as a technique.

      Then there are a bunch of articles out there on how you can lift a fingerprint (eg from your next door neighbours car) and transfer it to latex (or even a gummy bear!) and that will fool the scanner 90% of the time...which should be plenty good enough because it's doubtful that the real finger will work 100% of the time.

      Nah - this is never going to fly - and if by some horrible mischance it does, it'll be discredited the very first time some gummybear wielding teenager manages to steal a bunch of stuff with it and all of the scanners out there will be consigned to the junk heap overnight.

      --
      www.sjbaker.org
    2. Re:Fingerprints works really? by b0s0z0ku · · Score: 1
      I mean how do we know that fingerprints are 100% unique?

      Passwords and crypto keys aren't 100% unique either, most likely, especially with the weak passwords many people tend to use.

      -b.

    3. Re:Fingerprints works really? by Devv · · Score: 1

      It's easier for me to choose a good password than a good fingerprint.

      --
      +1 Agree -1 Disagree
  7. What a dinger? by krell · · Score: 1

    I figure it to be a biological dongle

    --
    Where were you when the voynix came?
  8. Never leave home without it by thedletterman · · Score: 1
    I've often criticized that anyone that would have a feasible success with a system for purchasing using biometeric identification will be one of the major credit card companies. Also, what I find discouraging, is that the system offers no apparent form of biometeric confirmation. A fingerprint and pin number would be far more desirable than simply a biometeric reading. What happens in the event of a false positive? Fraud? Lifting fingerprints is easily done, and the technology exists for even hobbyists to forge a biometeric fingerprint scan.

    For a system like this to be feasible there needs to be a centralized, secure storage of financial information by a large, secure, and reputable financial institution with nationwide access to merchants and customers. The system itself also needs to be exponentially better protected from fraud and theft than the current system, and at least equally convenient.

    There's many reasons I suspect this program is destined for failure, but most obviously, the threat of a middle man attack by a malicious website. I mean, if you want to be a major financial institution, then why bother storing login information for websites?

    --
    Any fool can criticise, condemn, and complain, and most fools do. - Benjamin Franklin
    1. Re:Never leave home without it by Noxal · · Score: 1, Interesting

      Actually, there is a PIN that you have to put in after you scan your finger. They call it a "search number" and recommend that you make it your phone number...crappy, but you can still set it to whatever you want.

    2. Re:Never leave home without it by Anonymous Coward · · Score: 0

      This system requires a 7 digit PIN, also. They suggest your phone number, but it can be anything you want.

  9. I want paying to be harder, not easier. by Anonymous Coward · · Score: 0

    Why do people seek convenient ways of giving their money to someone else? You worked hard for it, it should be hard to get rid of it too.

  10. Incidently.. by Propagandhi · · Score: 3, Funny

    This isn't directly related to the topic at hand, but my collection of people's fingers also goes 'online' today.

    I needed a hobby and a little more cash, this should solve both of those problems.

    1. Re:Incidently.. by JPFitting · · Score: 1

      Agreed; crimes will turn from attempting to steal someone's purse to chopping off their index finger.

      --
      Music, my drug; dance, my ecstasy.
    2. Re:Incidently.. by mrogers · · Score: 1

      It's 3am - do you know where your finger is?

  11. have i missed something? by kickedfortrolling · · Score: 1

    finger prints are quite cool in real life, cos they can produce random numbers but with common features that can be identified. They also have a prescence-thats a bit hard to explain, but imagine going into a shop, approaching the cashier and saying you've left your cc at home.. its ok tho, cos u remember the number and they can just type it into the till manually.

    go on, try it :)

    When we're transmitting over the web, it becomes just a number we're sending, a number which can be intercepted, saved, stored or faked. In the same way firefox automatically puts my password into boxes online, it wont be long before you dont need to actually swipe your finger, just access a saved copy, then it just becomes a fancier, longer password.

    No system where the method of scanning is given to home users will ever be fraud proof. i personally think this system is poorly thought out. if you dont like typing in your cc, there are lots of programs which will run alongside browsers and automatically input your details.

    --All that and i dont even mind my fingerprints being held on file.. i cant wait to see how the data protection fanatics jump on this one :D

    --
    --AlexC
    Just because I dont agree with climate change doesnt make me a troll
    1. Re:have i missed something? by RenderSeven · · Score: 1
      imagine going into a shop, approaching the cashier and saying you've left your cc at home.. its ok tho, cos u remember the number and they can just type it into the till manually.

      I dont have to imagine that since Ive done it... works great! No more or less secure than paying by CC over the phone. Also my wife using my CC even though she's not technically authorized. A clerk that wants to make a sale is going to do whatever it takes to get the charge through. Once I called my bank and had them give me my CC # over the phone (card wasnt in my wallet) so I could buy some laptops over the phone to be picked up by a 3rd party at a shipping dock across the country. Theres a transaction that should make the security guys scream, but my customer that needed the laptops ASAP thought I was a miracle worker. But it proves how and why security will never work, because EVERYBODY wants to bypass it to make a sale.

      Banks get their 6% fee and 20% interest by selling CONVENIENCE not by selling SECURITY (only slashdotters give a hoot about security). Biometrics can make it easier to buy things... a bank will use it when they think it will make a customer more likely to use their card than another bank's card. The banks long ago wrote off fraudulent use as a (small) cost of doing business, which they pass on to consumers anyway.

  12. Chip & Pin by blowdart · · Score: 1

    You're almost describing the EMV (Europay MasterCard VISA) standard for smart cards, implemented in the UK as Chip & PIN. The chip on the smart card is used during the encryption process and cardholder presense verified by a PIN, which is encrypted on the numberpad, before it gets any further (thus providing two factor authentication.

    It has drawbacks, direct and indirect observation of the PIN plus it doesn't stop card cloning, as the mag strip still exists. Indeed specially rigged readers were used this year in petrol stations to capture the mag strip and save the card information where it ended up being cloned in India.

    1. Re:Chip & Pin by Rich0 · · Score: 1

      The system has a few drawbacks:

      1. The merchant can charge you for more than the authorized amount. They need only modify the PIN-pad device to display one amount and charge a different one. The charge should be displayed on hardware controlled by the cardholder/bank.

      2. Not sure if the device is using SSL certs and signed transactions. If it is just a static account number with a PIN it could easily be cloned.

      3. If criminals are using rigged readers they wouldn't even need to clone the cards. They could just capture the PIN and then generate a dozen fraudulent transactions while the card is still present. This would defeat even an SSL cert. Unless the card contained its own time reference this could not be prevented simply by only accepting 1 transaction per minute - the PIN-pad device would just back or future-date all its fraudulent transactions and submit them all to the card, which would not realize that it has gotten 10 requests in 2 seconds with times a minute apart.

      Having the authentication hardware self-contained would defeat these attacks. The only thing the card should obtain from the outside world is the name/ID of the merchant and the amount of the sale. Both could be displayed on-screen for verification prior to PIN-entry.

  13. I'm not a germaphobe but...... by Chineseyes · · Score: 0

    doesn't anyone else find that a bit disgusting to have at supermarkets?

    --
    I think the invisible hand of the market has its middle finger extended

    --A wise old fart named SC0RN
  14. Not the only stores by WhiteWolf666 · · Score: 3, Informative

    Star Markets may be the only stores in the U.K., but in the U.S. the cub foods and Jewel/Osco chains both have deployed Pay By Touch. That's a fairly significant foot print, at least near Chicago.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
    1. Re:Not the only stores by Anonymous Coward · · Score: 0

      Those are all Supervalu stores (well Supervalu owns Star Market, but I'm not sure if that's the same chain as the U.K. one you're talking about).

    2. Re:Not the only stores by gaveawaymyname · · Score: 1

      Yeah, I saw one at a Cub Foods outside Chicago. I only go there for banking and the only one I saw was near the cigarette booth. Wasn't that long ago they went through some construction to put up those self-checkout aisles. I probably only bought deodorant and pack of chewing gum or something, but that (self-checkout) was quite expedient. Might be a bit quicker, but is fingerprint ID much safer?

    3. Re:Not the only stores by Pancake+Bandit · · Score: 1

      A small, family-owned grocery store in Upstate New York started a "pay by touch" system. They took it further by adding individualized rewards. The database will remember what each customer purchases, and offers them customized coupons, promotions and rewards. http://www.paybytouch.com/news/pr_10-18-05.html

  15. Repudiation? by Indy+Media+Watch · · Score: 4, Insightful

    If there is a fraudulent transaction, and someone can argue (albeit wrongly) "the only way the transaction could have happened is with your fingerprint" - won't this make it harder to dispute a charge?

    --

    Indy Media Watch-Proctologist of the Internet

    1. Re:Repudiation? by cluckshot · · Score: 1

      Come on! We are all nerds here! Why hasn't anyone here gotten it? Its really simple. Biometric payment schemes are all just fancy passwords, the only problem here is that the password that is the weakest to break is one that never changes and which may be read by those in public. Your fingerprints never change and they can be read in public. Worse yet they also can be conterfitted easily by very simple technology. They also can be obeserved quietly and without intrusion as was noted by a few other posters on the issue of fingerprints being discarded everywhere.

      Biometric identificiation systems may be useful as adjuncts to other systems but in the end, they are going to be as weak security as the social security number.

      --
      Never Politically Correct ~ I prefer the facts If you don't like what I say, get a life, or comment yourself.
    2. Re:Repudiation? by Rubzo · · Score: 1

      We could all just take a leaf out of Michael Jackson and constantly wear a glove on our ID-finger hand, only taking the glove off to make a transaction. Hell, we could have gloves with zipper-fingertips. I bet glove companies are drooling at the thought of all this.

    3. Re:Repudiation? by RexRhino · · Score: 2, Insightful

      Absolutly!!! As we have learned from the Slashdot story on car anti-theft systems, and insurance companies denying claims against people with anti-theft systems ("there is no way anyone could have stolen your car, you must be trying to scam us!!!")... this kind of system makes things less secure, because no-one is going to believe you if you have money stolen.

      And not only that, if you try to dispute a charge, not only will they deny that - You will be under investigation for fraud!

      So long as I am only liable for up to $50 of fradulent transaction on my credit card, and all I have to do is phone them to let them know of fraudulent transactions, there is no way I am going to adopt a new system that actually puts me at greater risk.

  16. More stores have picked this up since last article by Anonymous Coward · · Score: 0

    Stars Market isn't the only one. We have this in all the Jewels around our area.

  17. First! by anicca · · Score: 2, Insightful

    First it starts as a convenience somewhere, catches on with all the dumb lazy citizens, then becomes ubiquitous, then it becomes mandatory!

    --
    A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
    1. Re:First! by b0s0z0ku · · Score: 1
      First it starts as a convenience somewhere, catches on with all the dumb lazy citizens, then becomes ubiquitous, then it becomes mandatory!

      Credit cards already provide a viable tracking mechanism, and they haven't become mandatory in lieu of cash. I think the first politico to force through a law to make this mandatory would end up strung up from the nearest lamppost courtesy of the more extreme xtians that we have in the US. And rightly so - I'd even help tie the noose.

      -b.

    2. Re:First! by anicca · · Score: 1

      Yes but not everyone has a credit card or the money to pay for one. Won't matter with the chips, everyone can power one of those for the same cost to big brother. However, I hope you are correct but doubt the people will awaken to their peril before it is too late... like the ongoing drug war that PROVIDES the profits for the ruthless, the 'terrorists' RELY upon drug prohibition to wreak havoc but I bet the average US citizen would just think "I dont want my kids strung out on drugs" so keep the drums beating for the war that creates crime and terror. If the people can be made to believe that the drug war is good, they can be made to believe subdermal implants are good too. Manufactured consent by emotional manipulation.

      --
      A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
    3. Re:First! by b0s0z0ku · · Score: 1
      If the people can be made to believe that the drug war is good, they can be made to believe subdermal implants are good too. Manufactured consent by emotional manipulation.

      I hope that it won't work. As I said, though I'm not one, Christian zealots do have their uses. And politicians who pass harebrained and unconstitutional schemes to track and further erode people's rights deserve no less deportation to some place where their ideals are agreeable. North Korea or Libya would be a good start. Maybe they could even help alleviate famine in N. Korea :D

      -b.

    4. Re:First! by anicca · · Score: 1

      "I hope that it won't work. " Amen to that! :) "As I said, though I'm not one, Christian zealots do have their uses." Like promoting atheism? ;)

      --
      A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
  18. Instant giveaway by steincastle · · Score: 0

    You leave a pass to your bank account on everything you touch.

  19. Re: PayPal's monopoly by Warg!+The+Orcs!! · · Score: 1

    WorldPay, backed by the Royal Bank of Scotland, is gaining ground on PayPal (in the UK at least)and it's fairly easy to use except that unlike PayPal it refuses to store card details so you have to go to the bother of fishing your cc out of your wallet every time.

    --
    Travelling forward in time at a rate of 1 second per second.
  20. Offhandedly by Jaxoreth · · Score: 1
    This isn't directly related to the topic at hand, but my collection of people's fingers also goes 'online' today.
    --
    In general, it is safe and legal to kill your children. -- POSIX Programmer's Guide
  21. I'd rather somone steal my cash by thegnu · · Score: 2, Insightful

    One thing that worries me is at what point are you rich enough for somone to cut your finger off? What I don't like is that it's kind of like assimilating your financial standing with your physical body.

    That seems wrong on plenty of levels, the simplest of which is that when someone mugs you, conventional wisdom says that unless you're far more prepared than they are, you give them everything you have. When 'everything you have' begins to include your right index finger, then mugging is way easier in a crowded subway with a pair of garden clippers.

    Yeeeow. I'd rather be poor. I'd rather use cash. I'd rather have a placeholder for value that a)is not protected by the government thereby predicating their automatic involvement (I don't like them all that much, and the more they stay out of my business, the better. If a friend steals something from me, I'll resolve it within my community), and b)someone can steal reasonably easy without hurting me. Money's just money. And as long as this doesn't become the dominant way to purchase things, making other systems obsolete, I'd be OK with it, because I ain't f-ing using it.

    "Hey honey? Take my finger to the 7-11 and get me a pack of cigarrettes, would you?

    --
    Please stop stalking me, bro.
    1. Re:I'd rather somone steal my cash by hotdiggitydawg · · Score: 1

      Heh. Wait until the government mandate compulsory retinal scans...

  22. It's not as stupid as it sounds by redkazuo · · Score: 1

    Everyone seems to be trying to find the obvious flaws in a system like that. Truth is, it really is easy to get around some system that just checks the print for itself. However, there's a lot more to check than just the print. The easiest would be warmth, then electrical current, although they're also easy to bypass. Put some more checks in and bypassing it feels a lot more difficult, for instance, pulsation and oxygenation.

    1. Re:It's not as stupid as it sounds by Moodie-1 · · Score: 1
      Really? And just how would you get your personal scanner to check for all that?

      PCs have been going down the wrong road ever since the first one came out. The only really 100% reliably secure payment scheme would require absolutely closed PCs, ones that didn't allow third-party software to run, as well as a rigidly-policed network. Any person/company that wanted to write software would have to be federally licensed and would be under extreme 24/7 monitoring. Anyone else would be locked out of the system using the net's & PC's hardware, with no hack-arounds possible. While this would tremendously stifle new program creation it would also eliminate all forms of malware and data theft. How different things would have been if only we'd taken this road! We might have had a fully-computerized world ten years ago!

    2. Re:It's not as stupid as it sounds by b0s0z0ku · · Score: 1
      PCs have been going down the wrong road ever since the first one came out. The only really 100% reliably secure payment scheme would require absolutely closed PCs, ones that didn't allow third-party software to run, as well as a rigidly-policed network.

      And you thing this is a *good* thing? Maybe in Trollville, but not in a free and democratic society. Besides, it would probably strangle innovation completely - some of the best ideas in computing, including the PC itself have come from hobbyists.

      We already require too many professions to be licensed. Let's not raise barriers to entry to another one.

      -b.

    3. Re:It's not as stupid as it sounds by Pancake+Bandit · · Score: 1

      Most people/companies find it acceptable to give up some security so that software development isn't greatly stagnated. What you're proposing would essentially kill open-source, which is a tremendous source of creativity. If we'd taken this road, our world would likely be less computerized than it is now. Less programs means less reasons to have a computer.

    4. Re:It's not as stupid as it sounds by Moodie-1 · · Score: 1

      You must be a programmer. I can understand your point-of-view. Really I can. "Information must be free, the best programs are open-source, etc." And you're right. But I was speaking from the point-of-view of a developer of a secure worldwide identity/financial system. This is a much different and more limited situation than commercial software creation. In this scenario, a lot of innovation and creativity is exactly what you don't want. What you want is a system that works, is 100% error-free and fills all the needs that you currently have or are likely to have in the near future. Then the system is locked down and cannot be changed except by something like a meeting of the United Nations Security Council (or something similar). The most important aspect (by far) of a system like this is security, not innovation. The best security is provided by a system which does not change too often.

    5. Re:It's not as stupid as it sounds by Moodie-1 · · Score: 1
      Please read my reply above.

      Open-source software development and creativity aren't the issue here, security is. Any workable identity/financial system must be kept completely separate from other types of systems, all the way down to the hardware on individual computers. What good is financial software if it can be easily hacked? And "easily" is a relative term here - if the rewards are great enough then it won't be long before someone somewhere applies whatever amount of money is necessary to break it. Remember "Swordfish"? The only way to prevent this is to prevent any changes from being made to the system, by anyone. This requires that all PCs that access this network use specially sealed and tamper-proof hardware attached to the motherboard. Browser security plug-ins are not enough anymore, to be really safe security must extend all the way down into the chips themselves. Sounds like quantum computing to me.

    6. Re:It's not as stupid as it sounds by b0s0z0ku · · Score: 1
      You must be a programmer. I can understand your point-of-view. Really I can. "Information must be free, the best programs are open-source, etc." And you're right. But I was speaking from the point-of-view of a developer of a secure worldwide identity/financial system.


      Guess what? I wouldn't *want* a secure identity system on the Internet. Anonymity = good. Financial? Just take the same approach as credit cards and make good any "shrinkage" that occurs. It's not that information wants to be free - it's that giving our control of all of our computers the government is a horrible idea, especially in places (like China?) where the government might well deserve to be overthrown.


      Maybe a better idea would be to sell secure, inexpensive, firmware-based terminals similar to the old Minitels in France and have them be *only* used for the completion of online transactions...


      But licensing all programmers, developers, and consultants? No thanks: I'd probably starve.


      -b.

  23. disappointed by __aahlyu4518 · · Score: 1

    Pay By Touch

    Great name !

    the biometric identification service,

    Yeah... it sounded to kinky to be true....

  24. Non-Net Fingerprint Readers by DavidD_CA · · Score: 1

    I think I'm much more likely to trust a non-net version fingerprint reader, like the ones that are shipping with many laptops now.

    Many of those have "password managers" that will get you into your money/email/Windows/whatever by swiping your finger, and the fingerprint information never goes across the internet. Plus it has the added bonus of working with a lot more than just these guys' proprietary system.

    --
    -David
  25. Criminals by Fullhazard · · Score: 1

    So what happens when a corrupt CIA/NSA programmer decides that he needs some extra money, spends a couple seconds to write an app to feed data from the CIA fingerprint database, and proceeds to embezzle millions of dollars? It'd be laughably easy to do, as the CIA database probably contains more datapoints/fingerprint than a system a commercial endevour is going to use.

    Biometrics are a bad idea if they are the only form of confirmation, the same way the PIN numbers or signatures are laughably weak on their own. However, as an added layer of protection, it seems like a good idea, as long as it isn't mandatory.

  26. Thieves are all over this... by Lactoso · · Score: 1
    I think the criminal world has already 'hacked' a workaround for this...

    Thieves chop man's finger off to defeat biometric car

  27. Not the only one to use it by peterdaly · · Score: 1

    Green Hills, a Syracuse NY grocery store also uses Pay By Touch. It's one store only, not a chain. They like to brag about Inc. Magazine naming them the best little grocery store in America.

    Not sure how long they've had it. It's part of their "SmartShop" program that also creates custom discounts and shopping lists personalized based on your previous purchases. They seem very advanced in that type of stuff, and it has helped them create a very loyal customer base.

    -Pete

    --
    Soccer Goal Plans
  28. Not quite... by andreyw · · Score: 1

    You can pay-by-touch at Jewel grocery stores too.

    1. Re:Not quite... by dorbabil · · Score: 1

      Cub Foods in Minnesota also has pay-by-touch set up in many of their locations.

      So fie on you, summary.

  29. "Oooh baby, I love the way that feels..." by Bushido+Hacks · · Score: 1

    Just to make the machine seem more appealing, why not make it say things like "Ooooo baby, I love the way that feels.", "Oh yes! Right there, God that feels good!", "No, not there, just a little lower. A little lower."

    Contrarly, and with much humor, the opposite should also be stated: "What? You are just going to leave me like that?", "You're in love with the other machine in 12-items or less! You bastard!", "Sure you'll commit to buying that 12-pack of beer. It's just too bad you'll never commit to our relationship!" "That's right! Go back home to your blow up girlfriend! It's not like I matter to you. I'm just the checkout machine! What are you looking at? I'm not in the mood to check out groceries right now. Go ask that human clerk in lane 5 to bag your groceries."

    --
    The Rapture is NOT an exit strategy.
  30. Piggly Wiggly too by DoctorFrog · · Score: 1

    Piggly Wiggly, a fairly big regional chain here in the Southeast, has offered Pay By Touch for well over a year.

  31. NOT only in Star Markets by Anonymous Coward · · Score: 0

    ..Also in Cub Foods (for sure) and Rainbow Foods(I think) in Minnesota.