Mastercard is Building Fingerprint Scanners Directly Into Its Cards

Mastercard said on Thursday it's beginning trials of its "next-generation biometric card" in South Africa. In addition to the standard chip and pin, the new cards have a built-in fingerprint reader that the user can use to authenticate every purchase. From a report: Impressively, the new card is no thicker or larger than your current credit and debit cards.

not foolproof

[MickyTheIdiot]

There are other things you can comment on like above, but I there are other ways this can go wrong as well.

I have been diagnosed with bad eczema on my hands recently, and it mostly affects the tips of my fingers. The sensor on my Nexus will now periodically stop accepting my fingerprint scans until I log in with another authentication method and rescan them.

If you don't have any backup ways to provide authentication there are cases where people will get locked out for medical reasons. That won't be extremely common I guess, but fingerprint biometric will, like all systems, not solve all problems.

Re: This can't POSSIBLY go wrong!

[ArmoredDragon]

I think the point is that they're making it much harder for a typical wallet thief to go to town on your credit card before you can report it stolen. By the time they create a false print, it may be too late.

Still waiting

[sir-gold]

I'm still waiting for the version of the mastercard that includes a holographic AI assistant, that we were promised in the early 90s

Re:About time

[drdread66]

A hash is not enough. Fingerprint matching is a notoriously fuzzy process because fingers deform under pressure, they get damaged (cuts, burns), etc. The matching process works by doing a "good enough" comparison between the newly-acquired image and a pre-digested "template" computed from the enrolled image.

One day they'll discover the folly....

[Bugler412]

One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

Re:One day they'll discover the folly....

[swillden]

One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

Sigh, indeed. You fundamentally misunderstand biometric authentication if you think it is anything like a password, or if you think it matters at all that it can't change. Biometrics do have their share of cons, but not being able to rotate them is definitely not among them.

The security model for password authentication derives its strength (or lack thereof) from the secrecy of the password. Biometrics do not. Your fingerprints are not secrets; you leave them everywhere you go (which is what makes them so useful forensically). From a security perspective the only reasonable way to treat fingerprints or other biometric data is as public information. Assume that the whole world knows your fingerprints, because anyone who really wants to, does.

Because password security is based on secrecy, and because over time those secrets may leak, or be discoverable through time-consuming brute force, password rotation is important. It closes the window of vulnerability if they've leaked, and if you rotate them soon enough that no realistic attacker could have had time to discover them via brute force search (given whatever brute force mitigations are in place), then you maintain the secrecy. Because biometric security is not based on secrecy, rotation helps nothing and is irrelevant.

But if biometric authentication security is not based on secrecy of the biometric, what is it based on? The integrity of the measurement and matching process. Your fingerprint is public information, indeed it's almost certainly conveniently available from the surface of your credit card. So the security of the authentication is precisely equal to the difficulty that an attacker has in presenting your known-fingerprint to the card in a way that it will accept it. If the attacker can splice into the data link between the scanner and matching engine and replay a digital copy, he can authenticate as you. Various techniques, strong ones, can mitigate against that attack.If the attacker can subvert the matching process and get it to report success regardless of input, he can authenticate as you. This is fairly easy to defend against, unless the attacker is very well-equipped. If the attacker can create a fake finger that the scanner will believe is real, and which contains your print image, he can authenticate as you. Various techniques can be used to mitigate against that... but the ones that are deployable in mass-produced consumer devices to be used in essentially unattended operation are pretty weak.

Weak is honestly just fine for this application, though. The fingerprint is just one mitigation on top of many others. It's definitely better than the signature "authentication" currently used in the US. In many ways it's better than PIN authentication, because PINs can be shoulder-surfed. In other ways it's not as good, but overall it's definitely on par.

Re:Your machete, don't leave home without it.

[avandesande]

If you arm just got chopped off and you are worried about changing the authentication scheme for your credit card you have bigger problems.

Re:About time

[drdread66]

A friend of mine works for one of the companies involved in the Mastercard pilot. As I understand it, their card is powered by the chip reader, which already supplies power to the EMV chip.

Fingers

[nnet]

In unrelated news, Lloyd's Of London sees spike in finger insurance.