Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Almighty Buck IT

Vietnamese Bank Issues Fingerprint-Enabled Debit Cards 36

Posted by timothy from the can't-come-soon-enough dept.
sweetpea86 writes "Mekong Development has become the first bank in Vietnam to launch fingerprint authentication enabled debit cards. Fingerprints are captured by Mekong Development at the point of opening an account, and then can be used, instead of a pin, to access funds. Not only has Mekong's account base tripled through the use of fingerprint technology since its launch in June, but the deposit balance per debit card account is two times higher than a regular account."
This discussion has been archived. No new comments can be posted.

Vietnamese Bank Issues Fingerprint-Enabled Debit Cards More

Vietnamese Bank Issues Fingerprint-Enabled Debit Cards

Comments Filter:

  • Great (Score:5, Funny)

    by Antipater ( 2053064 ) on Tuesday August 07, 2012 @12:17PM (#40906371)
    Now I can't even eat cheetos anymore without giving away my bank pin!

  • Great (Score:5, Insightful)

    by NettiWelho ( 1147351 ) on Tuesday August 07, 2012 @12:20PM (#40906401)
    So now, instead of just having to worry about your card getting lifted they will also want to chop off your fingers?

    • Re:Great (Score:5, Interesting)

      by ColdWetDog ( 752185 ) on Tuesday August 07, 2012 @12:23PM (#40906441) Homepage

      So now, instead of just having to worry about your card getting lifted they will also want to chop off your fingers?

      No need for the violence. You don't even need [blogspot.com] to have the victim in the room.

      (Do not attempt. Professional Driver on a Closed Course. Do Not Try This at Home. Your Mileage May Vary. Do Not Taunt Happy Fun Ball.)

      • Re: (Score:3)

        by TheCarp ( 96830 )

        A few assumptions there, not the least of which is intelligent criminals.

        That said, I think both this and the original post miss the point. I doubg jacking people's fingers for card robberies is going to happen. It requires the criminal to not only be willing to steal a card and info, but, to actually harm someone who is complying with them.... less people will be willing, especially isnce it will be a more heinous crime if they are caught.

        What this really does, and I think will do well, is put a stop to wh

        • Re: (Score:2)

          by mcgrew ( 92797 ) *

          A few assumptions there, not the least of which is intelligent criminals.

          Since nine out of ten crimes go unsolved, I'd say 90% of the criminals are smarter than the cops.

          What this really does, and I think will do well, is put a stop to wholesale theft.

          Unless the technology has improved greatly in the last few years, it can be defeated with a gummy bear. IMO the best tech, from a consumer point of view (not from a bank, obviously) is the old fashioned paper and carbon with a signature. They have the added ad

          • Re: (Score:2)

            by TheCarp ( 96830 )

            I think the other poster who pointed out that finger print readers wouldn't be hard to add, if they are already doing hidden cameras and card readers, really hit the nail on the head.

            Gummy bears are fine, but realise, the "gummy bear" trick is still a lot more effort than watching a video and seeing what numbers someone hit. I would bet you could review 10s of videos in the time it would take to produce 1 good fingerprint from any of these methods.

            I don't mean it will never happen. Everything will happen. S

    • Re: (Score:2)

      by mrmeval ( 662166 )

      Yes as I've said before and I'll say again the hard part about biometrics is keeping the body parts alive.

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      Don't worry, the card will be covered in your prints anyway. They are not hard to lift and clone.

      Years ago I had a work laptop where they insisted I used the fingerprint reader. Then I cut my finger and was forced to go back to a password. It would suck if I couldn't access my money.

  • Biometrics are not secrets (Score:5, Informative)

    by dido ( 9125 ) <dido&imperium,ph> on Tuesday August 07, 2012 @12:22PM (#40906417)

    I do hope that they back it up with a PIN, making it full three-factor authentication. While biometrics are useful in being unique identifiers, they are not secrets [schneier.com]. An attacker could use the gummi bear fingerprint technique [schneier.com] using latent fingerprints extracted from a stolen card...

    • Your're missing the point. The bank has more customers and is holding more of their customers money. Regardless of how more or less secure it is, the bank's decision is working. If it required a PIN and a fingerprint, the bank may have lost customers, but I could be wrong, don't know, market research may have already figured it out.

      • So long as liability follows responsibility... Taking calculated risks, like offering unsecured or partially/illiquidly secured loans, or going with lousy-but-convenient UX choices, is one of the things that banks do because they turn out to be profitable if you do them right. As long as they accept the downsides of that, like the occasional default or account breach, that isn't a problem and might well be a virtue.

        If, however, they manage to insulate themselves from those consequences, whether by wholesale

        • Re: (Score:2)

          by TheLink ( 130905 )
          The banks are just shifting more and more risks and responsibilities for losses to their customers.

          They prefer to call stuff ID Theft rather than some sort of fraud. Since with ID Theft it's their customer's problem, whereas with fraud it might be their problem.

          They also prefer debit cards. With credit cards, when "stuff happens", it's not my money that's gone, it's someone else's. They may try to get the money from me, but meanwhile I have my money. Whereas with debit cards, when "stuff happens" it's my mo

    • Re:Biometrics are not secrets (Score:5, Interesting)

      by fahrbot-bot ( 874524 ) on Tuesday August 07, 2012 @12:33PM (#40906597)

      I do hope that they back it up with a PIN, making it full three-factor authentication. While biometrics are useful in being unique identifiers, they are not secrets [schneier.com]. An attacker could use the gummi bear fingerprint technique [schneier.com] using latent fingerprints extracted from a stolen card...

      In addition, The Mythbusters also fooled fingerprint scanners using the same techniques as the Schneier link (above), and also with a photocopy of a fingerprint [discovery.com]:

      • A 3-D thumbprint imprinted on a latex strip to be worn over someone else's thumb.
      • A 3-D thumbprint imprinted on ballistics gel, which has the same viscosity and density as human tissue.
      • A photocopy of a scanned image of Grant's thumbprint.
      • The fingerprint reader at my local video store failed miserably and they had to give me a regular PIN. I do rock climb a lot in the summer and my fingerprints sort of wear off. What about people like me? Can't you bank there?

  • It's like writing the PIN on the card (Score:1)

    by Anonymous Coward

    Considering most people don't handle their debit cards with gloves, that means your fingerprints are all over it. It's like you wrote your PIN on the card, front and back.

  • Why "instead of"? (Score:5, Insightful)

    by Picass0 ( 147474 ) on Tuesday August 07, 2012 @12:23PM (#40906437) Homepage Journal

    The use of a fingerprint and a pin together would raise the security further still. Many institutions are switching to two forms of authentication, which is why you're seeing more security questions. A fingerprint is a second authentication that an account holder doesn't need to remember.

  • Not only has Mekong’s account base tripled through the use of fingerprint technology since its launch in June,

    Without any actual numbers (say, for example, the number of accounts they had before introducing this), this is fairly meaningless. If you have 3 customers it's easy to triple them; if you have 3 million, not so easy.

    but the deposit balance per debit card account is two times higher than a regular account.

    This seems completely irrelevant; in the very best case it sounds like selection bias. The people using this technology will be more like to be tech enthusiasts. While I don't know the demographics of Vietnam, I know that in the States that kind of audience will typically have higher inco

    • This seems completely irrelevant; in the very best case it sounds like selection bias. The people using this technology will be more like to be tech enthusiasts. While I don't know the demographics of Vietnam, I know that in the States that kind of audience will typically have higher income levels.

      But even that's a tenuous guess - my point was that the phrasing of the statement strongly implies that deposit balances are directly connected to card type (fingerprint vs pin); but there's nothing in TFA that supports that.

      That is exactly what the point of the statement was. Banks want to have people with large accounts, implementing the print scanners on the cards increased the number of large accounts they have, therefore increasing the bank's profitability. It's probably taken directly out of a press release full of self-praise for what a great decision it was, which explains why the intent of the statement got so muddled.

      • That is exactly what the point of the statement was. Banks want to have people with large accounts, implementing the print scanners on the cards increased the number of large accounts they have, therefore increasing the bank's profitability. It's probably taken directly out of a press release full of self-praise for what a great decision it was, which explains why the intent of the statement got so muddled.

        Exactly the point was to say that the decision was good for the bank. I've used fingerprint scanners in the past, and I have to wonder if the higher balances are from people not being able to take their money out versus actually having wealthier customers given how finkiky these scanners can be.

  • Finger prints and a pin should be enough to locate your account number. Not having a card to lose wold be an awesome side effect.

    • Yeah, get rid of the card, use the fingerprint(s) to identify the account, change the keypad to read the fingerprints as you type, use a pin, and record the exact way that the pin is entered. As always you wouldn't have perfect security, but you could probably get a % accuracy that could be adjusted on a per user basis. Also you could weed out systems trying to game the system by honey potting them and checking for patterns that indicate automatic entry.

      • Re: (Score:1)

        by Anonymous Coward

        This wouldn't work for the same reason magstripe cards are bad: replay attacks. Someone just needs to design a fingerprint skimmer keypad that would save your fingerprints and your pin and you would be screwed. Additionally, changing your fingerprints is not nearly as practical as getting a new bank card.

        • Mostly agree, except that you can actually watch the hand, replays could be detected as replays. More advanced systems could of course be created to mimic the angles, pression, velocity, torque, etc in a human way that mimics the original without exactly repeating itself, but then they still have to know the pin, change the pin, and all other factors change. Still I agree that is is vulnerable to someone with enough resources and the same access to the the person/machine that they require now to get acces

    • Re: (Score:2)

      by Idbar ( 1034346 )
      What about putting for of your fingers in certain order, creating a fingerprint pin. :-)

  • Point / Counterpoint. (Score:3)

    by localman57 ( 1340533 ) on Tuesday August 07, 2012 @12:45PM (#40906737)
    On the one hand, they may well have implemented 3 factor security. That's pretty cool. But on the other hand, you have to put your money in a fucking Vietnamese bank to get it. From Reuters in May of this year:

    Last November, State Bank of Vietnam Governor Nguyen Van Binh said eight small banks were "unhealthy" while in January he said 10 percent of the country's nearly 50 banks were "ailing."

    Apparently they have a deposit insurance program, but it's limited to about $3,000.

  • Cool that they've added additional security; but doubling the balance of the 'average' account? Sounds completely unlikely.

    I've had privilege to see large amounts of transaction data from where the law of large numbers reigns supreme. The 99%ers, keep a very low to no balance, generally breaking even each month. Its insanity to look at the actual trends.

    So when a bank opens a product that magically doubles the deposits, clearly they're either marketing either to a different segment, or the additional

Slashdot Top Deals

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"

Close