Mastercard is Building Fingerprint Scanners Directly Into Its Cards

Mastercard said on Thursday it's beginning trials of its "next-generation biometric card" in South Africa. In addition to the standard chip and pin, the new cards have a built-in fingerprint reader that the user can use to authenticate every purchase. From a report: Impressively, the new card is no thicker or larger than your current credit and debit cards.

About time

[phorm]

I've been wondering for quite a while when we could have something like this. The question is how the processing works for the card, for example
a) Does it process against a chip in the card which allows the card to pass information to the pin-pad or not (good to prevent use of stolen cards)
b) Does it process against the pin-pad allowing a transaction to be verified (good to transactions from cloned cards)

The first choice is good to reduce the more immediate impact of card theft, and better from a privacy perspective. The second is more effective against somebody cloning your card - which around here is more common - but it means that your CC company presumably needs your biometric info. It also allows the use of fingerprints as a password replacement (pin-pad)

Re:About time

[drdread66]

A hash is not enough. Fingerprint matching is a notoriously fuzzy process because fingers deform under pressure, they get damaged (cuts, burns), etc. The matching process works by doing a "good enough" comparison between the newly-acquired image and a pre-digested "template" computed from the enrolled image.

Re:About time

[drdread66]

A friend of mine works for one of the companies involved in the Mastercard pilot. As I understand it, their card is powered by the chip reader, which already supplies power to the EMV chip.

Your machete, don't leave home without it.

[dasgoober]

In an area where cutting off arms doesn't give some people pause - what could go wrong??

Re:Your machete, don't leave home without it.

[avandesande]

If you arm just got chopped off and you are worried about changing the authentication scheme for your credit card you have bigger problems.

not foolproof

[MickyTheIdiot]

There are other things you can comment on like above, but I there are other ways this can go wrong as well.

I have been diagnosed with bad eczema on my hands recently, and it mostly affects the tips of my fingers. The sensor on my Nexus will now periodically stop accepting my fingerprint scans until I log in with another authentication method and rescan them.

If you don't have any backup ways to provide authentication there are cases where people will get locked out for medical reasons. That won't be extremely common I guess, but fingerprint biometric will, like all systems, not solve all problems.

Re:not foolproof

[AxeTheMax]

And I have essentially lost my fingerprints (after a bout of dengue fever a few years ago, this causes skin shedding). Though now I can see just about see them on careful examination they hardly come out on fingerprint scanners. It caused some problems when visiting a country where they fingerprint you on arrival.

Re: This can't POSSIBLY go wrong!

[ArmoredDragon]

I think the point is that they're making it much harder for a typical wallet thief to go to town on your credit card before you can report it stolen. By the time they create a false print, it may be too late.

Still waiting

[sir-gold]

I'm still waiting for the version of the mastercard that includes a holographic AI assistant, that we were promised in the early 90s

One day they'll discover the folly....

[Bugler412]

One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

Re:One day they'll discover the folly....

[swillden]

One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

Sigh, indeed. You fundamentally misunderstand biometric authentication if you think it is anything like a password, or if you think it matters at all that it can't change. Biometrics do have their share of cons, but not being able to rotate them is definitely not among them.

The security model for password authentication derives its strength (or lack thereof) from the secrecy of the password. Biometrics do not. Your fingerprints are not secrets; you leave them everywhere you go (which is what makes them so useful forensically). From a security perspective the only reasonable way to treat fingerprints or other biometric data is as public information. Assume that the whole world knows your fingerprints, because anyone who really wants to, does.

Because password security is based on secrecy, and because over time those secrets may leak, or be discoverable through time-consuming brute force, password rotation is important. It closes the window of vulnerability if they've leaked, and if you rotate them soon enough that no realistic attacker could have had time to discover them via brute force search (given whatever brute force mitigations are in place), then you maintain the secrecy. Because biometric security is not based on secrecy, rotation helps nothing and is irrelevant.

But if biometric authentication security is not based on secrecy of the biometric, what is it based on? The integrity of the measurement and matching process. Your fingerprint is public information, indeed it's almost certainly conveniently available from the surface of your credit card. So the security of the authentication is precisely equal to the difficulty that an attacker has in presenting your known-fingerprint to the card in a way that it will accept it. If the attacker can splice into the data link between the scanner and matching engine and replay a digital copy, he can authenticate as you. Various techniques, strong ones, can mitigate against that attack.If the attacker can subvert the matching process and get it to report success regardless of input, he can authenticate as you. This is fairly easy to defend against, unless the attacker is very well-equipped. If the attacker can create a fake finger that the scanner will believe is real, and which contains your print image, he can authenticate as you. Various techniques can be used to mitigate against that... but the ones that are deployable in mass-produced consumer devices to be used in essentially unattended operation are pretty weak.

Weak is honestly just fine for this application, though. The fingerprint is just one mitigation on top of many others. It's definitely better than the signature "authentication" currently used in the US. In many ways it's better than PIN authentication, because PINs can be shoulder-surfed. In other ways it's not as good, but overall it's definitely on par.

Re:One day they'll discover the folly....

[Bugler412]

If it is used as a password (IE: no other authenticating properties), it's a password. The logical construction of the token or whatever is rather irrelevant, as is the physical properties. If I can obtain the hash, file, image, whatever the system uses and present it to the authentication service, then how the electronic representation is produced is irrelevant, and you also can't change the source physical properties that generate the digital representation. In short, if someone obtains that representation and is able to utilize it, the user is toast, with little or no opportunity for the user or admin to do anything about it.

Fingers

[nnet]

In unrelated news, Lloyd's Of London sees spike in finger insurance.

Data Collection, not security

[evolutionary]

Okay, it's amazing how many "mickey's" the public has been swallowing in the name of "security" be it national or individual. This is basically a way of fingerprinting everyone in a private database. We all know of ways this can be bypassed (you can lift finger prints from anything someone has touched (doorknob, glass, whatever), so the only one who benefits are private corporations who want to sell that data, and governments who want to obtain it by buying it. We are treating the public as criminals by default or worse...cattle with a brand that is pre-applied. That will be one card I will not use. guess cash is king again for those of us who believe we should formally convicted of something before we have biometric data collection by agencies.

Re:This can't POSSIBLY go wrong!

[Marxist+Hacker+42]

Next up, the mugger takes your wallet AND your fingers.

Re: This can't POSSIBLY go wrong!

[ArmoredDragon]

Because increased 'card present' security is important, especially outside the US where there's no such thing as zero fraud liability.

Card not present security will inevitably need another form of protection, whether that's from one time keys or some kind of two factor system, but that's not what this is for.

Re:Touch-activated sphincter rod sensor

[omnichad]

TASeRS?

Re: This can't POSSIBLY go wrong!

[petermgreen]

Depends where you live, the American banks chose to go for chip and signature while the European banks (and afaict most other countries) went for chip and pin.