Slashdot Mirror
MasterCard Joining Push For Fingerprint ID Standard
schwit1 writes with this selection from a story at USA Today: "MasterCard is joining the FIDO Alliance, signaling that the payment network is getting interested in using fingerprints and other biometric data to identify people for online payments. MasterCard will be the first major payment network to join FIDO. The Alliance is developing an open industry standard for biometric data such as fingerprints to be used for identification online. The goal is to replace clunky passwords and take friction out of logging on and purchasing using mobile devices. FIDO is trying to standardize lots of different ways of identifying people online, not just through biometric methods."
I'll just leave this here.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
If Bastardcard think I'm giving them my fingerprints, or even a hash of my fingerprints, they are going to be sorely disappointed. Even if their own systems are secure credit card related data is the number one target for thieves and crackers. Plus, they are Mastercard are bastards, hence my childish name-calling.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Plus, fingerprints are easy to be replicated. And they still identify you (with some degree of uncertainty), which is what they want.
I'm sure they'll buy me credit monitoring for a year after they lose my finger print.
Fingerprint identification is great as long as (1) you trust the organization that uses it with that very, VERY personal data, and (2) you trust that they're not so lame as to lose your fingerprint data.
(1) I wouldn't trust credit card companies with anything more serious than an easily replaceable 4-digit PIN number
(2) Sheesh, even government routinely misplace confidential tax data of their citizens. Need I say more?
In short, I'll keep using good ole anonymous cash to spend at local retailers for my purchases thank you very much.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
No, thank you. Please just charge me more to cover the fraud. My rights are not worth the price you're offering.
This is a bad idea, as one can change a compromised password as many times and necessary or desired.
Assuming a print from a single digit is enough, you're limited to ten total passwords without starting to leave the realm of social acceptability. On top of that, this uses only a public, nonsecret method. It's not combining something that you have with something that you know, preferably something known only to you, and since it's from a read-only source, once it is compromised you're screwed.
If some biometric system is used in concert with a strong user-selected bit of information, like a password, passphrase, or numeric string, then maybe it'll be okay, especially if the system does not indicate to the user where the failure in authentication happens (ie, confirm that one has the right fingerprint before rejecting the password). If the fingerprint is used as an analog for the user id, and the password is still one's personal secret, that may work.
If the issue is PINs being commonly four digits long, people have demonstrated an ability to remember ten-digit numbers as many markets now have ten-digit dialing for local calls with several area codes. I don't think that it would be an undue burden to use PINs longer than four digits in this age on account of that. What would be best is for there to be a minimum length that's greater than four or five, but a max possible length that would be well larger than most users would need, so those who do want longer credentials can use them, and with all of the number of places in between also being supported.
Do not look into laser with remaining eye.
Fuck off. You're not getting my fingerprints.
Yours Sincerely,
an ex-customer.
The biggest problem with successfully implementing biometrics right now is the perception that the public has that you can take a number generated by a finger print reader and make a usable finger print. Having said that there is also the issue of false positives and false negatives. I doubt it will really circumvent much fraud, because much of it is online where fingerprint reading never comes into it. (Source is a 2009 LexisNexis study behind a paywall). It will stop the casual thief and maybe some cards that get stolen by a pickpocket and quickly used to rack up some bills.
Mean what you say...say what you mean.
1. perfect the payment card identification solutions you currently have.
2. deprecate the solutions that are blatantly flawed. junk marketing flair such as RFID was a terrible idea.
3. take a more proactive approach in identity theft, dont just triage it with a new card. target and eliminate payment card processors with a consistent history of exploit or breech. refuse to reinstate service until an independent third party audit is conducted.
4. use when ready a new standard with a proven track record and a history of functional security. Stop inventing nonsense piecework systems that hackers swarm like flies on sugar.
Good people go to bed earlier.
from here on out privacy is just not going to be a thing anymore. sort of like how some time 5000 years ago or so people started accepting the idea of private property and "owning land" and now most people would consider it preposterous to go back to a time before private property, eventually imagining going back to a time when we had privacy will seem equally preposterous. sure, it sucks but eventually we'll all die and the new people won't know any different so no loss, right? hell, the same way we today believe that private property and economic competition is "human nature" future people will probably just believe that having every second of you life being public record is "natural".
Fingerprints should be treated as user names, not as a substitute for passwords.
Fingerprints are a great way to ID someone, but not for passwords.
I can only please one person a day. Today is not your day, and tomorrow does not look good either.
The system of telling someone a secret to identify your self and thus authorize something is inherently stupid. I con't care if its a credit card number, security code, or finger print.
We have public key cryptography, there is no reason to tell every vender you make a purchase from enough information to allow them to make arbitrary purchases. They should provide you with a request, which you can sign/authorize with your private key. This signed transation request goes to the payment processor (mastercard in this case). Then they can, if you dispute the validity of it. provide the signed request as proof that someone with your private key (which they don't have, and you never give out) authorized it. Thus they are more resistant to false fraud claims, you are more resistant to identity theft/fraudulent purchases.
Its clearly a Win/Win, but requires you to have a "smart card" of some kind thats capable of displaying some minimal information, lets you select to authorize or not. The transfer of data to and from the card, and the powering of it would be easy to do over NFC, and it just needs enough of a display to show the amount. It should be possible to make such a device for ~5$ in large quantities, but you could also just use a smart phone.
You obviously would want a system where you could contact the payment processor and update your public key incase your card is stolen (generally, changing your key frequently isn't a bad idea, assuming you have some nice way to authenticate to change it, like using a key you don't carry around with you).
Also, its trivial to allow such a system to transfer money in either direction, and extend it to multiple payment processors and currencies (open the standards for the interface, so you can make a single card that works with mastercard, bitcoin, visa, etc).
Do to the reduced rates of fraud, liability and thus fees can be reduced, and even the potential for privacy is added (unique keys for each transaction + third party payment processors which work as proxies and protect the content of your purchase from the actual payment processor+credit card company, and protect your identity from the store). Even things like bitcoins and cham tokens could be used if you really wanted to go privacy crazy.
So, why arn't stores using such a lower risk, lower fee, more secure and more user friend system? Because the payment processors have a monopoly and like it this way. Don't buy into their stupid schemes like finger print id; they just want to keep their monopoly, and access to all that valuable data you provide, and all those fees the venders provide. Better security (and privacy) is trivial, and this is not how to get it. Privacy is impossible with the finger print system, and the security isn't good either.
The first step (and the most difficult) to getting this implemented will be getting people used to scanning their fingerprints and storing it on a computer. Thank Apple and iOS7 for taking care of this. In a few years there will be a whole generation of Apple fanboys totally comfortable with scanning their fingerprints just to unlock their iphone. How hard will it be to get them to do the same thing for online payments?
What is wrong with MasterCard's already implemented SecureCode? Why do I need to send my fingerprints to MasterCard just to make an online transaction? I've only ever seen a few airline websites and Ticketmaster actually require me to use the SecureCode authentication. The vast majority of websites have zero security other than just requiring you to enter the correct billing information. If MasterCard would just start requiring websites to actually use SecureCode, it would cut down on a vast majority of stolen credit card use and wouldn't require giving your biometric info to Mastercard.
I'm not giving my fingerprints to the Internet to be stored in some database and handed over to the NSA/FBI/CIA so I can be wrongly implicated in crimes just because I happened to be some place at some time in the past.
I mean, I am sure they already have them. I had to submit fingerprints to get my GA driver's license back in the 1990s and to get my Florida and South Carolina CWPs, but still... in principle. FUCK YOU.
It sounds like a great idea until someone grabs your fingerprint template off an online database (just like they do with password hashes), reverses it (fingerprint templates, unlike hashes, are indeed reversible), and uses that to gain access to your other online accounts... all because you couldn't be bothered with "clunky passwords".
The key is to not use the fingerprint as a key for online authentication, we have a technique for that it is called cryptographic keys (either symmetric or asymmetric). Now people are generally bad at remembering these strong keys (and even worse at using them) so instead they use a trusted device (used to be a desktop computer but that day is past, now its a phone) to both store and use those keys. The user can then authenticate locally to their device using a less strong mechanism (traditionally passwords). Apple has this right, the device is the only thing that needs to use the fingerprint to authenticate the user (local authentication is by its nature two factor since you need the device). There is no advantage & clear disadvantages to using fingerprints directly for online authentication (passwords too as we have seen time and time again).
But to insist on using "biometric" data for "online" purchases - how are they expecting to receive the biometric data? Through a scanner on the *users* computer? Even if it was done by some sort of credit-card hardware - you are now relying on not *biometric* data - but just *data* - as the users' computer has to send the data - and therefore who's to say if it's really "biometric" or not. (i.e. Some sort of reply attack - or something like it). My point is - there is no way to assure that it's really the user's fingerprint - just data matching the user's fingerprint. So how is this different than a conventional password?
At least a the grocery store - if you stick a "fake" finger on the scanner - you're going to at least create some suspicion - at minimum.
People with missing fingers, and no property left in their name.
It's far faster to just remove the finger, than fucking around finding prints.
How many people are going to be willing give up their finger prints, knowing perfectly well that the KGB, errr NSA will acquire all of their biometric information? Also, that you will not know who has a copy of it, where it is being used. Who wants to wait until their framed for something that they didn't do by using this information?
That person may be forced to use his finger, and there is the opposite case, using a card on the internet for shopping should not require anyone being anywhere specific.
Yet despite all the discussion... MasterCard remains about as relevant as Diners Club.
The other day I bought something at a "The Source" store. They asked me my name and my email address, I refused to tell them. I told them it was bad practice and that I find it very insulting as a customer, to feel the need to answer interrogations.
I felt like if my rights and my freedom were violated.
For companies who struggle to this day with converting people to Chip and Pin technology, I can't take this seriously at all it would be a massive undertaking.
I have one basic requirement before I'll use a logon credential system: I must be able to change the credential in the event it's compromised. If I can't recover from a compromise by changing the credential so it's no longer available to whoever compromised it, I won't use it. I never ever want to be in a position where my login has been compromised, I have to continue using it and I can't make it so the bad guy can't use it anymore.
The people pushing biometrics are handwaving away the difference between identification and authentication. Authentication usually requires identification as a first step, but it then requires a second step: proving that you truly are the person you've been identified as. Think of it like a safe-deposit box: the bank checks your driver's license to see who you are and from that which deposit box is yours. That's identification. But they won't open the box for you. You have to authenticate by making use of the key you were issued to open the box, which someone who was merely impersonating you wouldn't have. Western Union would be an example of a system of authentication without identification. When money's sent the sender can provide a question and answer instead of requiring identification. Anyone who can provide the correct answer to the question is authorized to pick up the money, identification not (normally) needed. That's a lifesaver for people who've eg. been robbed and whose ID was taken along with the wallet.
I just thought of this, but an attacker could just cut off your finger...
it's obvious...but not really discussed in this context...
I see fingerprints being used in mostly specific high-value cases...briefcase, door entry, pricey gagets...
It just seems that having a small device that just needs your finger to crack encourages finger-chopping or more likely personal physical cooercion
Thank you Dave Raggett
A lot of years ago I spent some time with a Canadian guy who more or less invented the idea of no-name white box cash machines up here. I think we talked about his "high-end" Quake gaming rig....
In any event, one topic of discussion was the technology behind bank cards and debit cards. I can still recall him telling me that the bank card was about the most insecure thing ever invented, and that using four-digit PIN was pretty much laughable.
In his words, "You do not want to trust these things."
So now we have Chip and PIN; and stupidly annoying multiple factor authentication; and bio-metrics; and whatever some security company can cook up next week.
I still don't trust them, and really don't ever assume that any of this stuff is really secure.
Three Squirrels
Hi,
In Europe there is ubiquitous chip+pin. It has cut down on fraud, but everyone knows there are dodgy terminals etc...
I remember reading somewhere, that the reason they are NOT used in the USA is because of perceived user/customer risk. If your card is stolen and usable without the user there is no risk as the criminal doesn't need you. Anecdotally, in London this leads to "cashpoint muggings" - I do not know how prevalent this is.
It would appear this biometric falls in the same category, that it is something that you can be compelled through violence (or fraud) to be bypassed.
Hence, I suspect this will get no traction in the USA...
The Alliance is developing an open industry standard for biometric data such as fingerprints to be used for identification online.
At the very least this company, with whom I do business with, could have informed me by now with this news. I will not give my fingerprints up for free. They are not publicly accessable either. Also, I should not be hearing this for the first time on /..
no / never / over my dead body
So, the NSA has found a way to collect all of our fingerprints after all...
The Chaos Computer Club put it nicely: "It is plain stupid to use something that you cant change and that you leave everywhere every day as a security token."
...Fingerprint changes you???
So, having worked in this industry:
1) There are many much more insecure areas (card cloning comes to mind) which already have solutions ( http://www.magtek.com/V2/products/secure-card-reader-authenticators/bullet.asp ), and nearly 0 adoption. Why is everyone suddenly jumping on the fingerprint bandwagon?
2) There is no point in more physical security: The card issuers guarantee the safety of cardholders funds and merchants tend to be very touchy about missing funds (the traditional 30 day lag of AMEX *seriously* affects their market penetration, and there's a massive effort to do statistical fraud analysis at a high level, so truthfully a very basic security at the register is effective, because card fraud stays at a relatively fixed level (it could be even better but that would lead to more false positives and worsen the customer experience)), the cost of the round of hardware upgrades for the whole network far exceeds the cost of fraud.
3) What makes *sense* is to let consumers swipe their own cards so they can have card-present transactions from their own home, in conjunction to card profiling tech like the link above (it builds a 'fingerprint' of the iron filings suspended in your magswipe to preventing cloning).
4) This sounds like an attempt to me to reduce the number of card present transactions (which are much less expensive for the merchant) and make more money by claiming a larger percentage of the transaction and to fuel a round of upgrades at the register, much like when checks switched from magnetic ink to frontal scans (check21), which also had little to do with fraud and was mostly a internal cost reduction as well as eliminating some friction for depositors, but required widespread merchant upgrades(with those upgrades not helping the merchant at all).
5) I'm not sure how PIN security factors in here, since debit pins use an injectable encryption scheme that is performed *on* the pinpad which is injected onto it in a *tightly* controlled process. It is a completely different protocol (at least in the US).
6) There have been a number of transaction network breakins, and I for one (knowing some of the players in this space), would *never* want any kind of data on their servers that could not be reissued.
"The goal is to replace clunky passwords and take friction out of logging on and purchasing using mobile devices." Also slows down my impulsive purchases - I don't see the problem.
1. Hack and get the files.
2. Someone writes a 3D printer conversion utility.
3. Print fake fingers.
4. Illegally profit!
I left out the ??? step because it wasn't needed.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I have heard of people losing a fingers because thieves wanted to carjack their Mercedes which uses fingerprint ID
This is just stupid.
Fingerprints are left all over the place and can be used in ways that are opposed to freedom and privacy. You should never allow your prints to be registered, if you can avoid it.
If they want to use a safe biometric, it would have to be a vein pattern or retinal scan. Something that can't be obtained without permission/participation and can't be easily replicated.
How about just NO!
I'll give them the finger, but without prints
Some banks issue a key fob for which generates a 6 digit number when the button is pressed. To logon to the bank's website you need your username, your password and a six digit number. This provides two factor identification - that which you know (username and password) and that which you have (keyfob to generate the one time password).
This system works very well. You can't logon to the bank's internet banking website without both whatyouknow and whatyouhave and once you are logged in you can not use major functions without generating a key using the fob which prevents someone taking over the session. This security provides solid protection from most types of automated and associated attacks including some MITM. I was very impressed with this system and heartily endorse it.
Other banks have two factor authentication using SMS or other side channels. Another bank I have an account with uses SMS as a side channel to confirm that the user at the computer is the user who owns the phone registered with the bank. This is similar to the key fob in that you need to be able to receive the SMS to make changes to the account using the bank's internet banking website or major functions like large money transfers or adding a new account to transfer money to. Again, this works quite well.
In both cases this is not about perfect security it is about increasing the cost and effort involved for an attacker to compromise the system.
I will never willingly give my fingerprints or any other biometric data. Yes, I know, someone could go all CSI on me and take my prints off of my glass when I put it down at the pub.
This idea of biometric identification needs to be shot down and buried. Perhaps in a future time we will have the infrastructure to support this and it may well be feasible but for now we have two factors systems which are in the field and work well.
You have a sick, twisted mind. Please subscribe me to your newsletter.
Chip and Pin, in use in Europe and Canada, is 1000x better than fingerprints for multiple reasons, not the least of which is personal privacy. There is NO way that I would trust any corporation with my fingerprints. It's bad enough that the credit card companies have my social security number.
I dealt with fingerprint scan failure at SeaWorld San Diego last year. I get cracked skin in our dry winters, mainly on my fingers. Based on my experience with dermatologists, it's not that uncommon around here. They ended up accepting that my fingers wouldn't scan - thank goodness for a human in the loop. Getting locked out of banking because of dry skin would be a pretty epic fail here.
I once saw demo given by a security expert fooling a fingerprint scanner with a print lifted with a gummy bear.
Undetectable Steganography? Yep, there's an app fo
Most of the comments here seem to be focusing on FIDO being all about identification via fingerprint, when in fact, the standards it is seeking to develop also include 2FA authentication. There's nothing saying that Mastercard might not in the end opt for 2FA.
Deal with reality - the world as it is - rather than ideality - the world as you would like it to be.
Even though proponents would argue that biometrics take orders of magnitude more effort to crack or defeat (a dubious claim, but giving them the benefit of the doubt), it's impossible to escape the fact that if or when a biometric security system *IS* cracked, then it's game over for the person who was hacked, since changing his biometrics is not an option, whereas if your PIN is hacked, you can at least change to a new one to keep the damage from recurring in the future.
File under 'M' for 'Manic ranting'
Financial industry: taking friction out of things since times immemorial.
(Captcha was "mining". Really scary, this)
I already have a perfect score and I'm under 30. Sure, if the debt ceiling is raised it might negatively affect my credit but overall I'm not really worried about loans. I don't really need credit cards, and almost nobody in the Philippines uses credit cards so it's always cash payments. It's quite nice having moved from the US to a third world country, you could say it's like moving up in this world. I'm as American as it can get but libertarians won't ever get their way, and there goes the basis of the United States. You can enjoy your credit cards as much as you like but I'm just gonna sip on this low-grade ice tea and enjoy the fresh air of Manila.
"Might" and "might not" do not buy us anything. If they're saying they're doing stupid things it's perfectly fine for us to criticize them for that. It does no good to go on about how they might be doing something else too, or instead, or whatever. So if that's all you got, please sod off, you stupid pathetic floundering wannabe apologist, you.
What a horrible idea, but at least it's better than Visa, who seem to think you don't need any authentication at all now, with their retarded "PayWave" system they're pushing onto all their customers.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
If your fingerprint is hashed with a well protected device unique ID, that eliminates anyone from easily hijacking your finger print identity and you get a new code when you register a new device. Good authentication is generally based on 3 things - something you are, something you have and something you know. Chip and PIN is have and know. Mag strip cards are have and know (how to write your signature but seldom checked); eCommerce is just know and shipping location. Apple is the first of I'm sure many to include all 3, you have your phone, you're identified by fingerprint and you know your PIN. As a second layer of biometric protection, the phone camera could take your picture and perform facial recognition when you scan your finger. This has the added advantage of snapping a pic of a would be thief and allows merchants to prove the identity of the purchaser. Security and loss prevention reduces cost for everyone. As always, if you want privacy, use cash.
Greed is the root of all evil.
The problem with fingerprints as username goes back to the problem with all biometric data -- humans are made of squishy flesh. If I cut the finger used as a password or username, I loose access until that finger has healed.
A better idea already exists and could be improved upon - the chip-and-pin system. Granted, any hardware token can be cloned. Most people use the same PIN for everything. However the equipment is in place (except the US). Add a secondary "something you know" item to authentication. Do NOT make that second item a password. Instead, add a series of questions and allow the user to pick the correct answer from the POS device's keypad. Encourage users to select questions with obscure data: "Who is your favorite Third Base Coach?" "What movie were you watching the first time you held hands with a girl?"
Like all forms of combat, I expect new challenges as criminals develop countermeasures, but we shouldn't relay on biometrics.
Only the dead have seen the end of War. - Plato
To meet our password policy, you'll need to change your finger print every 30 days.
When they've caught up with the rest of the world and you can get a chip & PIN card in America, then they can think about fingerprints.
Sorry to inform your, our servers have been compromised. We recommend that you change your fingerprints immediately.