Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pay By Touch Goes Online

Posted by ryuzaki0 on from the sort-of dept.

Max Fomitchev writes to tell us that Pay By Touch, the biometric identification service, has announced an online version of their service. While currently the only implementation of this service is in the brick-and-mortar storefront of Star Markets grocery stores, the company hopes that online vendors will start signing up soon.

16 of 85 comments (clear)

  1. Finally! by Corbets · · Score: 4, Funny

    Finally, the world of "Back to the Future" is coming to us! Now if I can just get that hoverboard I've always wanted....

    1. Re:Finally! by sugapablo · · Score: 5, Funny

      Back to the Future? What kind of /. nerd are you? First thing that came to my mind is Quark handing me a data pad for my thumbprint.

      Now if I can just get into one of his holosuites and take a spin at "Vulcan Love Slave 2: The Revenge"!

      --
      Sugapablo
    2. Re:Finally! by JanneM · · Score: 4, Interesting

      Not sure how hard that really is, but I'm sure it can't be too out of the question, specially if some con artists wants to pull it off that badly.

      Fingerprints are not hard at all; it's been done, and done well already. You can google for detailed instructions.

      Basically, you scan the fingerprint by any means you have (it depends on how and where you could lift it). Print it on transparent OH film, then use it to etch a negative print on circuit board - this just requires standard stuff you can get in any electronics store of course. Use that negative as the mold for a latex positive; in the simplest case, just dab a solid layer of latex on your fingertip and press on the mold until the latex hardens.

      The beauty, if that's what you want to call it, is that once you have one scanned print, you can trivially duplicate and send it as a black and white image to anybody, anywhere who wants to use your print.

      Fingerprints very seriously suck for identification nowadays.

      --
      Trust the Computer. The Computer is your friend.
    3. Re:Finally! by b0s0z0ku · · Score: 2, Insightful
      Basically, you scan the fingerprint by any means you have (it depends on how and where you could lift it). Print it on transparent OH film, then use it to etch a negative print on circuit board

      Why bother? Just steal the hash data that is generated by the scanner and use a hacked driver to inject it into a browser or whatever. Passwords can be changed. Fingerprints can't be (painlessly). Let's hope that this system is using both fingerprints and passwords/keys. And let's hope it won't become ubiquitous - I like my anonymity, TYVM.

      -b.

  2. Grocery Stores? by JonathanR · · Score: 4, Funny

    What about strip clubs?

    1. Re:Grocery Stores? by tomhudson · · Score: 2, Funny

      "What about strip clubs?"

      Sorry, but its only in Soviet Strip Clubs that you're allowed to pay for touching yourself!

      I can see someone might want to substitute "pay-by-touch" in such situations, though:

      An anglo from Toronto, a Quebecer, and a newfie from Newfoundland go to a strip club in Montreal (yes, this is a Kanuckistani joke)
      The Quebecer gets a lap dance, and slips $10.00 in the strippers' panties.
      The Torontonian gets a lap dance, and, not to be outdone, slips $20.00 in the strippers' panties.
      The Newfie gets a lap dance, asks the girl to bend over, pulls down her panties, and slides his ATM bank card through her ass-crack.

      Then again, perhaps not.

  3. dinger? by adam · · Score: 4, Insightful

    FTFA: "allows making online purchases with a slide of a dinger across the scanner" (emphasis mine)

    really.. a dinger..? you don't say...

    The whole fingerprint-for-payment-at-the-store thing has been debated here plenty before, so i'll steer clear of it.. but TFA (well, TFblogpost) is centered around Pay By Touch launching a service that lets you scan your fingerprint at home and autopay at various online websites with a simple swipe of your finger. I don't know who steered them down this path, but they should be fired.. promptly.

    I can recall several dotbombs that had this same business model (an e-wallet that had all your info in it already so all you needed to do was purchase from participating vendors and a username/password/whatever was all you'd need to make each purchase), and they all failed miserably. Anyone remember flooz? Maybe i'm just a cynic and these guys will have a fresh new approach that will catch on like wildfire.. but it seems a nonstarter to me, since none of the failed dotcoms so much as required you to have a biometric scanner in your home.

    --
    I am Jack's complete lack of surprise.
  4. Privacy Concerns ? by Davemania · · Score: 5, Insightful

    Inevitably, this issue will come up. Traditionally, if your credit card or bank card is compromised, you can simply cancel it and acquire a new one but what about biomatric data used for identification ?

  5. Dumbasses. by wfberg · · Score: 4, Interesting

    They say: "Your finger is unique to you, which means only you can access your financial accounts. The Pay By Touch service helps protect you from physical or identity theft. Because there's nothing to carry, there's nothing to be lost or stolen."

    Really?

    What about the fingerprint information you're evidently (there's nothing to carry) sending over the wire? No way to intercept that huh? How about the fingerprints you leave on just about everything you touch? No way to lift those off of that surface and to use them on a scanner, in the case of on-line purchases, a scanner that's right there beside you without anyone looking over your shoulder to see you're actually using your own finger and not some copy made out of gummy bears.

    --
    SCO employee? Check out the bounty
    1. Re:Dumbasses. by Rich0 · · Score: 3, Interesting

      Agreed - a biometric authentication needs to run on trusted hardware. I could use one safely to let people into my computer. However, I wouldn't tell my fileserver to serve up my files to any computer that claims I stuck my finger onto their scanner.

      The reason is simple - whoever controls the hardware can tell the scanner to report whatever it wants, mount data replay attacks, etc.

      Even if the scanner this company is using is ultra-strong and can tell fingers apart from gummy-bears, who is to say I'll even use their scanner. All I need to do is take one apart, figure out how it works, remove any embedded encryption keys, and then create my own "virtual" scanner that reports whatever finger-prints I want it to. As the parent mentioned, there is a ready supply of fingerprints - I might start with my mailman who leaves his on my front porch every day.

      And even strong biometric systems have problems (inability to change compromised credentials for one). This system isn't even remotely strong from the start.

      Here is an idea for a payment system that would work. Credit card with no mag stripe - just a smart-card interface, a small LCD display, a small PIN entry pad, and a small acoustic modem (possibly an external device that the card can be attached to easily), and a tiny USB interface. Card contains SSL key known to nobody, but the cert is signed by the bank issuing the card (with CRL available). I walk up to a check-out counter, and insert my card, and then remove it. The card displays the transaction amount on the display, and I enter my PIN on the card. I re-insert the card, and the transaction is complete. Transactions are time-stamped and cannot be replayed (unless the transaction is a subscription which would be noted on the display). PINs are entered on the card itself - so no capturing these unless you have a camera overhead. SSL key never leaves the card, so without physical card presence you can't make transactions. Acoustic modem / USB can be used for online or phone transactions - again with full security.

      This would resist just about every form of fraud that is common today. Without the card and the PIN you can't make a transaction. Sure, you could steal the card and force somebody to enter a PIN at gunpoint, but this is not a significant source of fraud (and while we're at it we could have a 2nd call-police PIN that still makes transactions appear to work). The only downside is the implementation cost - but I wonder if it wouldn't pay for itself pretty quickly...

  6. Incidently.. by Propagandhi · · Score: 3, Funny

    This isn't directly related to the topic at hand, but my collection of people's fingers also goes 'online' today.

    I needed a hobby and a little more cash, this should solve both of those problems.

  7. Not the only stores by WhiteWolf666 · · Score: 3, Informative

    Star Markets may be the only stores in the U.K., but in the U.S. the cub foods and Jewel/Osco chains both have deployed Pay By Touch. That's a fairly significant foot print, at least near Chicago.

    --
    WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
  8. Repudiation? by Indy+Media+Watch · · Score: 4, Insightful

    If there is a fraudulent transaction, and someone can argue (albeit wrongly) "the only way the transaction could have happened is with your fingerprint" - won't this make it harder to dispute a charge?

    --

    Indy Media Watch-Proctologist of the Internet

    1. Re:Repudiation? by RexRhino · · Score: 2, Insightful

      Absolutly!!! As we have learned from the Slashdot story on car anti-theft systems, and insurance companies denying claims against people with anti-theft systems ("there is no way anyone could have stolen your car, you must be trying to scam us!!!")... this kind of system makes things less secure, because no-one is going to believe you if you have money stolen.

      And not only that, if you try to dispute a charge, not only will they deny that - You will be under investigation for fraud!

      So long as I am only liable for up to $50 of fradulent transaction on my credit card, and all I have to do is phone them to let them know of fraudulent transactions, there is no way I am going to adopt a new system that actually puts me at greater risk.

  9. First! by anicca · · Score: 2, Insightful

    First it starts as a convenience somewhere, catches on with all the dumb lazy citizens, then becomes ubiquitous, then it becomes mandatory!

    --
    A people that values its privileges above its principles soon loses both. Dwight D. Eisenhower
  10. I'd rather somone steal my cash by thegnu · · Score: 2, Insightful

    One thing that worries me is at what point are you rich enough for somone to cut your finger off? What I don't like is that it's kind of like assimilating your financial standing with your physical body.

    That seems wrong on plenty of levels, the simplest of which is that when someone mugs you, conventional wisdom says that unless you're far more prepared than they are, you give them everything you have. When 'everything you have' begins to include your right index finger, then mugging is way easier in a crowded subway with a pair of garden clippers.

    Yeeeow. I'd rather be poor. I'd rather use cash. I'd rather have a placeholder for value that a)is not protected by the government thereby predicating their automatic involvement (I don't like them all that much, and the more they stay out of my business, the better. If a friend steals something from me, I'll resolve it within my community), and b)someone can steal reasonably easy without hurting me. Money's just money. And as long as this doesn't become the dominant way to purchase things, making other systems obsolete, I'd be OK with it, because I ain't f-ing using it.

    "Hey honey? Take my finger to the 7-11 and get me a pack of cigarrettes, would you?

    --
    Please stop stalking me, bro.