Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Biometric Payment Arrives in a Store Near You

ScuttleMonkey posted more than 8 years ago | from the new-string-of-finger-thefts dept.

206

"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"

cancel ×

206 comments

Sorry! There are no comments related to the filter you selected.

fp (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15596992)

my biometric right

Uhh... (5, Insightful)

Poromenos1 (830658) | more than 8 years ago | (#15596993)

how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?

Because you leave them on everything you touch?

Re:Uhh... (2, Funny)

SubliminalVortex (942332) | more than 8 years ago | (#15597013)

Uh.. aren't you elite enough to wear those fancy white gloves?

Re:Uhh... (1)

DrSkwid (118965) | more than 8 years ago | (#15597105)

hospital grade latex gloves do not prevent fingerprint leakage, no matter what TV says

Re:Uhh... (1)

SubliminalVortex (942332) | more than 8 years ago | (#15597134)

But does that leakage clean up after itself?

Re:Uhh... (3, Funny)

Joebert (946227) | more than 8 years ago | (#15597141)

Forget gloves, I'm waiting for the fluke where residue from the last print mixing with my print comes up in the computer as Micheal Jackson.
Clerk: Uhhh, Micheal, Jackson ?...
Me: Yeeeeah, I had them take it all off & start from scratch.

Re:Uhh... (1)

SubliminalVortex (942332) | more than 8 years ago | (#15597170)

Well, the scars will probably be most prominent, until there becomes some forward movement on protecting the rights of "scarred" individuals who have finger scars.

Re:Uhh... (5, Insightful)

MarkByers (770551) | more than 8 years ago | (#15597024)

And you can't cancel (change) your fingerprint if someone finds out what it is.

Re:Uhh... (1)

proverbialcow (177020) | more than 8 years ago | (#15597193)

And you can't cancel (change) your fingerprint if someone finds out what it is.

Quoth Helena Bonham Carter in Fight Club:

"They're inside burning their fingerprints off with lye. The smell is terrible."

A little more painful than cutting up a credit cArd, granted. At least to some people.

Re:Uhh... (4, Insightful)

eclectro (227083) | more than 8 years ago | (#15597279)

And you can't cancel (change) your fingerprint if someone finds out what it is.

And you can't stop the production of gummy bears [extremetech.com]

I could probably travel the world on a single package of gummy bears and a set of prints lifted from the sides of soda cans, tossed in the trash outside the convenience store.

Just remember though, outlaw gummy bears, and only outlaws will have gummy bears.

Re:Uhh... (1)

undeaf (974710) | more than 8 years ago | (#15597201)

Why don't they at the very least use something that doesn't get left in countless places so easily, like maybe knuckleprints or handprints(preferably of the back of the hand)? There'd also be a lot more area and presumably detail to work with in the later case.

Re:Uhh... (2, Informative)

frisket (149522) | more than 8 years ago | (#15597427)

No, because the crooks can just chop off your finger and use it.

thoughts (2, Informative)

yagu (721525) | more than 8 years ago | (#15596994)

From the article:

The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token or account number that's tapped into a computer or spoken over the phone?

WTF? How can they say that? Don't they know how many times each day people lose their fingers? Not to mention the countless times people give each other the finger! (Done so a few times myself.)

Also:

It's similar to the finger-scan technology used at theme park gates. Those systems take measurements of patrons' hands and fingers and link them to a multi-day pass to prevent several people from using one person's pass.

I experienced this at Epcot... in Orlando. I don't know if it was in its experimental phase, but it introduced lots of confusion as people entered the park. And, it was not clear how or where it was used the rest of the time we were in the park -- if it was exclusively to prevent abuse, so be it, but it was an eerie experience at the gates.

I do wonder about the statement: (FTA)

The company pledges not to sell or rent personal information, or access to it. The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.
How can that be? I know my prints are on file (Top Secret clearance, cool!), but I wonder how these prints would differ. Are they storing some kind of hash with no backup of the original scan or image? Weird, but doubtful.

I think this is great technology as people get more comfortable with it. I would (and do) worry about how soon people get good at counterfeiting fingerprints. Thought I'd read a couple of articles on that very hack and that hacking fingerprints turned out not to be too very hard. Any resources on that?

Regardless, great point about it not being that much different (and quite a bit less likely to wander off) from keychain fobs, credit cards, etc.

Company pledges (4, Insightful)

plover (150551) | more than 8 years ago | (#15597016)

From TFA: The company pledges not to sell or rent personal information, or access to it.

I read this line too and it made me want to scream. "Company pledges" are worth exactly shit these days. "We pledge to protect your privacy and retain the right to alter this pledge at any time." "We pledge to never sell or distribute all of this personal information that we insist on gathering, really, unless we're bought out by another company that doesn't pledge this."

I don't want pledges. I don't want them to have this info, period. I don't want to receive marketing from them any more than I want it from third parties.

Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."

Those are some pledges that I'd be slightly more inclined to believe.

Re:Company pledges (4, Insightful)

sbaker (47485) | more than 8 years ago | (#15597043)

It's hard to imagine anything that's more personally sensitive than SWIFT banking transactions - and they gave those records up to the US government in no time flat!

These days you have to assume that any item of data you give to anyone is insecure from that point on.

Re:Company pledges (1)

Jah-Wren Ryel (80510) | more than 8 years ago | (#15597202)

Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."

A-fucking-MEN!

But we will never see it, as long as the sheeple are so easily herded along by hollow promises, there is no incentive to do anything substantive.

Re:Company pledges (0)

Anonymous Coward | more than 8 years ago | (#15597245)

Okay, so any law enforcement agency can just issue a subpoena and then their pledge, as you said, means shit.

Re:thoughts (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15597022)

he.
intresting blog and intresting info.
I'm liked. And pleace dont go to this site http://free-porn.land.ru/ [free-porn.land.ru]
free porn it's dont correct!
Thanks!

Re:thoughts (4, Informative)

DrSkwid (118965) | more than 8 years ago | (#15597146)

> "The company pledges not to sell or rent personal information, or access to it."

That should read "The current management of the company pledges not to sell or rent ...."

http://www.paybytouch.com/privacy_policy.html [paybytouch.com]

Notification of Changes
If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.

Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.

Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.

We all know how secure third parties are.

"In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."

Er, they are fingerprints, how anonymous are fingerprints!

http://www.paybytouch.com/member_terms.html [paybytouch.com]

THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.

Great, that's the feel good factor !

Re:thoughts (2, Insightful)

JWSmythe (446288) | more than 8 years ago | (#15597314)

Well, on the anonymous scan part, that is pretty obvious. They're providing a box to developers like you and I. We touch it, it returns a fake record. If it works, it'll return the same fake record every time. If it has a false, it'll probably return a different fake record.

    I'm not particularly comfortable with it still.

    As someone else said, your fingerprints are everywhere.

    Say this does become wide spread. Everyone's using it. I go into a high dollar store, and follow someone who looks like they have money. He picks up a smooth surface box, I carefully follow him and buy the box he just inspected.

    Now I make myself a nice happy fake fingerprint (wax, latex, whatever), now I go shopping.

    It won't take very long for this to become a problem. While zapping up a nice copy of fake prints is stuff for television, it's not impossible to do. As it becomes more profitable, more copies will be made.

    What happens when this becomes a problem? Our victim in question will have to close his account with paybytouch.

    What happens when someone hacks the paybytouch database, and now has a copy of all the fingerprints, or at least the points they are identifying? For the purpose of this exercise, I can be anyone in their database.

   

Re:thoughts (1)

Tweekster (949766) | more than 8 years ago | (#15597149)

If it is in fact a completely different scan that cannot be linked to law enforcement scans that is an awesome technology. DNA even wouldnt be that big of a deal if law enforcement didnt have that type of DNA id. If the two are different, I think it is much less of a privacy issue. We know the govt will take databases en masse to "look for things" so if this is different than their system, they cant simply use it to get around those pesky warrants. (which is a whole different situation, it isnt like a warrant is hard to get anyways so it is obviously a baseless desire if they cant take the 2 mins (literally) to get one in an emergancy or are afraid the judge will simply laugh because they have no need for a warrant because they dont have evidence at all.

rant off.

Re:thoughts - or not (1)

Monkeyboy4 (789832) | more than 8 years ago | (#15597498)

Have you been reading the issues people have brought up here? Identity theft is too easy when your 'credit card' is something you leave on EVERYTHING YOU TOUCH. It's not about privacy and the government - its about privacy and companies, financial security and thieves. What happens once your id is stolen here? You need to get new fingerprints?

It amazes me how people think that because it doesn't currently overlap with government databases, we should have no worries about its abuse and misapplication.

Re:thoughts (2, Informative)

demigod186 (934599) | more than 8 years ago | (#15597213)

I agree with your comments, but they are technically correct about the fingerprints being different. The government stores them as images on what are called "ten print" glass plates. Most matching is still done by hand.

There are two reasons why the fingerprints are different. The first is that they don't store the fingerprint or any image of the finger print, they run a filter to make the initial image black and white(no grays). Then they run an edge detection filter to make the lines obvious. An algorithm is then run that locates minutiae points. There are about 5 different types of minutiae(when a line becomes two, when two lines converge, an arch, a loop, a whorl). The distances between the points(about 12) is computed, and the whole thing is turned into a weighted undirected graph. They use graphs so that even an upside down fingerprint will match with the original.

Only the graph is saved, and the graphs are compared to verify identity. The fingerprint data that my company uses is less than 1k of data consisting of only minutiae type, links to other minutiae, and distances. So in other words, there is no way to get an image of the finger back, so the police can't use it(for manual matching).

The second reason is the that there is a union for the police workers that do fingerprint matching, and they have put up a fit to make sure that the police departments only use picture prints or ten prints(Job protection).

Re:thoughts (2, Insightful)

fyngyrz (762201) | more than 8 years ago | (#15597323)

Only the graph is saved, and the graphs are compared to verify identity. The fingerprint data that my company uses is less than 1k of data consisting of only minutiae type, links to other minutiae, and distances. So in other words, there is no way to get an image of the finger back, so the police can't use it(for manual matching).

All they have to do is use your equipment to generate a matching graph of the fingerprint in question, and the police can match against your records that way. In other words, your company *is* storing information useful to the police. The fact that there is one extra (and very easy) step involved for them to use it is entirely irrelevant.

The fact is, if you store data unique to a person, it can be used against them if it can be retrieved by any other person. That's the nature of the act.

Now, if you had built in a security system that melts the data set(s) into a pool of crud if anyone tries to get at the records in any way other than one at a time against an input sensor, including opening the case for the memory units, I'd say you maybe had something that would at least inconvenience those who would invade our privacy. But you didn't do any of that, did you? Because that would annoy the feds no end, and your company knows better than to do that.

think of the children! (0)

Anonymous Coward | more than 8 years ago | (#15597390)

How long until theme parks and such will start cooperating with authorities to prevent convicted sex offenders from entering thus protecting the kids?

Re:thoughts (1)

hador_nyc (903322) | more than 8 years ago | (#15597401)

How can that be? I know my prints are on file (Top Secret clearance, cool!), but I wonder how these prints would differ. Are they storing some kind of hash with no backup of the original scan or image? Weird, but doubtful. I think this is great technology as people get more comfortable with it. I would (and do) worry about how soon people get good at counterfeiting fingerprints. Thought I'd read a couple of articles on that very hack and that hacking fingerprints turned out not to be too very hard. Any resources on that?
The fingerprint that the police/government uses are the patterns of ridges on your skin. It's entirely possible that the fingerprint scanner used by this company is not looking for that. They could easily be using an infrared scanner that takes a look at the pattern of the blood vesscles in your finger. That, you don't leave everywhere, and would offer a level of safety against that. Basically, to steal it, someone would have to scan that pattern. As much as I don't know what they did, this is a reasonable solution to me.

Gummibears anyone? (4, Informative)

sbaker (47485) | more than 8 years ago | (#15597001)

Didn't Slashdot run a story a while back about a supermarket fingerprint pay
system that was tried a year or so ago? It could be faked out REALLY easily
using a Gummibear.

I can't find the slashdot story - but check this out for example:

http://www.theregister.com/2002/05/16/gummi_bears_ defeat_fingerprint_sensors/ [theregister.com]

Does this new gizmo do something magical to avoid this rather easy attack?

Just google gummibear and fingerprint and you'll find a gazillion How To
articles.

If the biometrics guys are 'a bit puzzled by customer privacy fears" then
they are horribly ill-informed!

I can avoid leaving my credit card lying around for someone to steal - but
it's very hard indeed to avoid leaving my fingerprints in all sorts of
public places. If I could find out how to defeat their scanner so easily
with about 10 seconds of Googling - you can be very sure that the bad guys
will be lining up.

Re:Gummibears anyone? (0)

Anonymous Coward | more than 8 years ago | (#15597065)

Magic isn't needed, but a different process is. One way to make it harder to cheat a fingerprint machine is to make the user slide the finger along a strip rather than hold it still. This way, any print left would be smeared, and if you have a mold of a fake print, it would have to be strong enough to slide too.

Re:Gummibears anyone? (1)

sbaker (47485) | more than 8 years ago | (#15597232)

That might work - but it's a pretty flimsy solution for a serious security problem. If gummibears didn't work, just how long do you think it would take for the bad guys to figure out how to take a latex mold or something.

It's not enough to make it a bit harder - you have to make it virtually impossible.

Worse still - once someone has cloned your fingerprint, what do you do about it? If someone clones your credit card you can phone the card company and they put a stop on that card and issue a new one. This happened to me last week - it was inconvenient - but no worse.

If someone has your fingerprint then....what? They put a stop on your print - but now you can't buy anything anymore. Presumably there would still be a way to use a card or a pin number or something - but this would be something that would affect you for the rest of your life!

Biometrics are a useful way to ADD security to an existing token-based system - my credit card has my photo on it - that helps. But biometrics can't be the ONLY part of the system.

Re:Gummibears anyone? (4, Funny)

SubliminalVortex (942332) | more than 8 years ago | (#15597072)

Touching a "gummy bear" in a way in which it wasn't intended is just plain wrong. Gummy bears are meant to be eaten not fondled.

Also, do you know how old that gummy bear is? You might be touching an under-aged gummy bear.

One might have a gummy bear fetish. (hrmpphph they are tasty.....)

Re:Gummibears anyone? (1)

fyngyrz (762201) | more than 8 years ago | (#15597335)

Anything I do with a consenting gummibear in the privacy of my own home is none of your business, you rights-constricting lowlife!

Re:Gummibears anyone? (0)

Anonymous Coward | more than 8 years ago | (#15597454)

Please! Won't somebody think of the gummy-children!

Re:Gummibears anyone? (1)

fyngyrz (762201) | more than 8 years ago | (#15597490)

Any gummy-child old enough to get in a bag is old enough to decide what to do with itself is OK, as long as it is properly educated as to the risks. Consent is the issue here, that and the nebulous, improperly drawn as a line in the manufacturing sand of the nature of what "informed" means.

Re:Gummibears anyone? (0)

Anonymous Coward | more than 8 years ago | (#15597264)

I would hope that the cashier/clerk would notice if someone was using a gummibear rather than their finger to pay for their groceries.

Re:Gummibears anyone? (1)

Agripa (139780) | more than 8 years ago | (#15597366)

I do not mean to denigrate cashiers as most are fine people in a tough job situation when I say that any system that relies on them to do any security related task other then obey the transaction computer or count cash (and maybe not even that) is bound to fail simply because the cost of a security related failure is so low compared to the cost of human driven security.

Re:Gummibears anyone? (1)

batura (651273) | more than 8 years ago | (#15597457)

Wow, did you actually read the article that you linked against? That basically had nothing to do with gummibears-- the example of them was only as FUD against biometrics. The real techniques required circuts, cameras and chemistery.

The cost of shopping.... (5, Funny)

SubliminalVortex (942332) | more than 8 years ago | (#15597004)

Fingers today only, next month, we charge an arm and a leg!

Re:The cost of shopping.... (1)

CommunistHamster (949406) | more than 8 years ago | (#15597200)

But I need my fingers for gaming...and other stuff

In Other News (5, Funny)

Who235 (959706) | more than 8 years ago | (#15597010)

Officials from the Tampa police department respond to a rash of armed index finger amputations. Meat cleaver sales rise, while guitar sales plummet.

Film at 11:00.

Re:In Other News (1)

SubliminalVortex (942332) | more than 8 years ago | (#15597031)

ass-scratchers still at large, too many fingers on the loose. Phone companies seek to loosen that restriction through higher taxes.

Re:In Other News (1)

Goaway (82658) | more than 8 years ago | (#15597204)

Yes, because obviously criminals are going to chop off people's fingers and carry them into stores completely undetected, to buy grocieries.

Fingerprints are less reliable ... (3, Interesting)

Manip (656104) | more than 8 years ago | (#15597018)

Some people's fingerprints can't be scanned by these machines... Last year I went to Florida and they have fingerprint machines at all the big theme parts and at the airport. None of these machines could pick up my prints... And every second time I used them I got rejected ... So this flawless technology is anything but... I do nothing special with my hands, so it must be one of those "from birth" things... But if you're unlucky like I am then don't expect to be paying with your fingers any time soon. I am not looking forward to going back though American customs as I know the fingerprint machine will reject my prints and I'll get sent home or something crazy.

Re:Fingerprints are less reliable ... (1)

plover (150551) | more than 8 years ago | (#15597039)

The Pay-By-Touch sales representative that I met with a couple years ago told me that about 1-2% of the population has fingerprints that can't be read by their machine. Particularly affected were 'pineapple pickers.' He said the combination of the enzymes and acids in the pineapple juices plus the rough texture of the plants caused their fingerprints to be completely obliterated.

Re:Fingerprints are less reliable ... (0)

Anonymous Coward | more than 8 years ago | (#15597176)

that sounds like a better way to lose your fingerprints than whan that crazy motherfucker from se7en did

Re:Fingerprints are less reliable ... (3, Insightful)

demigod186 (934599) | more than 8 years ago | (#15597246)

This is true about the 1-2% of the pop. Those people don't produce enough oil on their skin.

Don't they watch murder shows? (4, Interesting)

NeuroManson (214835) | more than 8 years ago | (#15597025)

"After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?"

Just look at murder victims whose hands have been lopped off to hide their identities. It doesn't take much of a (morbid) leap of logic that someone could hold onto a thumb, and surrepticiously use it to withdraw someone's entire finances.

Re:Don't they watch murder shows? (0)

Anonymous Coward | more than 8 years ago | (#15597068)

It doesn't take much of a (morbid) leap of logic that someone could hold onto a thumb, and surrepticiously use it to withdraw someone's entire finances.

That post is living proof of the harms of too much CSI.

Nothing new (1, Informative)

Anonymous Coward | more than 8 years ago | (#15597027)

How is this news? The Pay-By-Touch service has been in like every Cub Foods (grocery store chain) in the Minneapolis area since I moved here.

Uh, no. (1)

keyne9 (567528) | more than 8 years ago | (#15597034)

After all the bullshit being done the Government lately, I don't goddamned well think I'll sign up for any voluntary fingerprinting.

Re:Uh, no. (0)

Anonymous Coward | more than 8 years ago | (#15597051)

ill 2nd that.... the hell w/ that technology.

Right now im in love w/ this cool technology called Cash.

Very hard to trace , portable, convienent, accepted at all major locations.

Re:Uh, no. (1)

fyngyrz (762201) | more than 8 years ago | (#15597384)

Right now im in love w/ this cool technology called Cash. Very hard to trace, portable, convienent, accepted at all major locations.

Well, you can expect them to close that loophole before too much longer. It's a pretty obvious next step. Banks already report you to the feds if you simply use too much of it.

Me First! (2, Funny)

Chilluhm (953659) | more than 8 years ago | (#15597041)

I for one, welcome our new Biometric Paying Overlords!

clever! (1)

dfedfe (980539) | more than 8 years ago | (#15597273)

Man, I wish I could come up with jokes like that... Are you a writer for SNL?

People will reject it (1)

ThinkingInBinary (899485) | more than 8 years ago | (#15597044)

Let's face it... biometric authentication/payment is really cool. As long as I can be sure the cryptographic basis of it is secure (i.e., that my fingerprint can't be recreated from it), I would be comfortable using it. But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it. I understand that people are afraid about invasion of privacy and identity theft, but the issue should be "Are we sure that company $X's implementation will preserve our privacy?", not "Aaaaaaaah, fingerprint scanning will get your identity stolen!" or, worse, "Religion $Y says that biometrics are evil!" even though biometrics didn't exist back then, and nobody could have envisioned them.

Re:People will reject it (1)

AuMatar (183847) | more than 8 years ago | (#15597190)

How about "Biometrics are horrible security methods"? YOu can cancel CC numbers, revoke certificates, and change passwords. How the fuck do you change your fingerprint? You can't. Its comprimised once (and these machines are easy to fool) and you have no security.

Re:People will reject it (1)

ThinkingInBinary (899485) | more than 8 years ago | (#15597244)

Yeah. That's a good excuse, I agree. But my point was that the majority of the population will reject it because it is "creepy" to them, without considering how it actually works or the real risks and rewards.

What someone needs to do is create a smart card with a built-in fingerprint reader and PIN pad, so you can use your own, totally secure device. It will authenticate you using the PIN and fingerprint, and then allow you to cryptographically authenticate to another device (e.g. the payment system at a store). That way, you're in control of it. Sorta like the TPM subsystem on a laptop with a fingerprint reader, but just for authentication/encryption stuff. Better yet, make it PC card (or ExpressCard) -sized and you can use it as a crypto processor and accelerator for your laptop too!

Re:People will reject it (1)

XMyth (266414) | more than 8 years ago | (#15597331)

The problem with that is, it's more steps. You can't get VC funding for something that's more tedious than the way it's done now...it won't sell.

Re:People will reject it (1)

Qzukk (229616) | more than 8 years ago | (#15597220)

But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it.

Don't mind me, I'm just buying some powder, a makeup brush and tape. Don't mind my friend in line ahead of you, he's just testing out his new windex on the fingerprint reader to make sure the bottle isn't defective.

I'm not "stupid" but I do have opinions of this. Based on their demo [paybytouch.com] (flash) they use a simple pad-based scanner where you press your finger, rather than a strip-based scanner which you would drag your finger across (smearing prints in the process). All thats needed is to look over your shoulder as you tap in your "search number" as the demo calls your PIN, and I'm you (for the purpose of buying food, at least).

I won't use it, but I'll feel sorry for the people that do, and when they try to contest odd charges they're told that it was bought with their fingerprint so they had to have been the ones to do it. Reminds me of the giant ATM scandal [theregister.co.uk] in the UK, and it's harder to steal a fingerprint than a PIN, right?

Re:People will reject it (1)

ThinkingInBinary (899485) | more than 8 years ago | (#15597251)

Oh. That's stupid, the swipe-based ones are more secure, take less space, are cheaper to build (I would suspect a row of LED's and optical sensors is cheaper than an entire grid of them or a small camera), and look niftier.

But it could be.used by them! (2, Interesting)

Newer Guy (520108) | more than 8 years ago | (#15597045)

'The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'

But just watch...it could be USED by law enforcement in about ten seconds!

California has required you to give a scanned fingerprint for years just to get or renew your driver's license. I've always wondered how many divisions of law enforcement now have MY fingerprint in their dtatbase. When I asked the guy at the DMV, he said he didn't know, but was SURE that law enforcement could access their fingerprint database without ant warrants.

1984 was 22 years ago. We're WAY past that privacy wise!

Mugger steals credit card: bad (2, Funny)

CrazyJim1 (809850) | more than 8 years ago | (#15597048)

Mugger steals your finger, worse.

Re:Mugger steals credit card: bad (1)

MarkByers (770551) | more than 8 years ago | (#15597133)

Many fingerprint readers can detect whether the finger is alive or dead, which should help partially solve this problem (but only if all fingerprint readers use this technology, otherwise they will just exploit the one that doesn't).

The other two issues that I think are more important (and mentioned already above) are:

* Your fingerprint is basically public information - you leave a copy of it on everything you touch
* Unlike a bank card or a password, it cannot be changed once it is compromised.

Together these three issues make me not want to use fingerprint readers for anything important.

Re:Mugger steals credit card: bad (1)

aprilsound (412645) | more than 8 years ago | (#15597153)

There are some people willing to steal a wallet. There are not very many that will steal a finger.

Credit card fraud cases don't get much attention since they are a dime a dozen. Violent assault cases get much more attention, and thus have a much greater chance of getting caught. I think most criminals willing to attack a human and take their finger would find the risk outweighs any potential gains.

Re:Mugger steals credit card: bad (1)

fyngyrz (762201) | more than 8 years ago | (#15597248)

There are some people willing to steal a wallet. There are not very many that will steal a finger.

The argument is that stealing a wallet has, historically speaking, been a profit-making enterprise. Stealing a finger, however, has not. The use of a fingerprint for authentication changes the status quo; now stealing a finger offers the same motivation: Profit. The argument is that this will create the pool of folks who will steal fingers in a natural manner.

Before you attempt to bring to the argument any ethical or moral claims that finger stealing faces a barrier of moral or ethical construction that wallet stealing does not, I would simply point out that stealing entire people for sexual and other gratification is a very popular industry world-wide.

There's nothing inherently secure about biometrics. There's nothing inherently difficult about making a severed finger or removed eye show lifesigns, from pulse to micromovements to blinking. There's nothing inherently unstealable or untransmittable about biometric information either, and so the question is, what does biometrics give you that you can't get some other way?

You can lose a finger accidentally (or to a gang member who covets it), so loss prevention isn't it. You can use someone else's biometrics, so security isn't it. You can have your ID recorded, so privacy isn't it. You can be scarred or injured or amputated or otherwise deprived of your bio-measured faculty, so reliability isn't it.

The only thing I've been able to come up with is that it is a relatively new technology, and so some people stand to profit from the implementations. Strangely enough, these seem to be the source of most of the pro-biometric stances we read about.

While I laud the search for an ID technology that is 100% reliable, cannot be falsified, stolen, or otherwise hoaxed, I think we have to face the fact that there probably is no such thing available to us at our current level of technology.

Re:Mugger steals credit card: bad (1)

aprilsound (412645) | more than 8 years ago | (#15597298)

There is still a limited window of opportunity for using the finger. You chop off my finger, relatively soon, I'm going to notify my bank soon, unless you kill me, in which case, you probably would have killed me for my wallet and credit cards anyways. Most criminals are cowards, looking for a safe, easy mark. Stealing a finger is neither safe nor easy. You can do all sorts of things to make finger stealing unprofitable. Let the user choose which finger it is (so the attacker doesn't know which one to take), check for a pulse, ask for a PIN with the fingerprint, etc. You essentially reduce theft of your identity to your murder, and the majority of criminals aren't willing to go that far. Too much risk.

Re:Mugger steals credit card: bad (1)

fyngyrz (762201) | more than 8 years ago | (#15597480)

You chop off my finger, relatively soon, I'm going to notify my bank soon

Same as a credit card. "Use the asset quickly" is not a hurdle criminals don't understand.

Stealing a finger is neither safe nor easy.

The same can be said about stealing a wallet or burgling a home. Yet, these are common.

Let the user choose which finger it is (so the attacker doesn't know which one to take),

Well, (a) they can take them all, or (b) they can simply watch you buy something so they know which one it is, or (c) they can "ask" you which one it is and inform you that your entire family is forfeit if you lie. You gonna lie?

check for a pulse

Technically speaking, a pulse is the easiest marker to falsify. Tourniquet, insert needle, drive with appropriately modulated pressure curve. Use two needles, and you can keep the temperature up as well. Or you can just keep it in a warm box. :-)

ask for a PIN with the fingerprint, etc.

Ok. Evildoer has the stones to take your finger, or fingers. Knows they'll need the pin. What do you think they'll be willing to do to get it? You very fond of your dick? Enjoy binocular vision? Think having your lips enhances eating, speaking and/or kissing? <sarcasm>Yeah, they'll never get your PIN!</sarcasm>

You essentially reduce theft of your identity to your murder, and the majority of criminals aren't willing to go that far. Too much risk.

Sure. Last year's US murder stats: 16,912 murders. Clearly, there's no risk indicated there.

Implications for prostitution ... (0)

Anonymous Coward | more than 8 years ago | (#15597058)

You can pay and receive service at the same time

Print Scanners? (2, Interesting)

Fusione (980444) | more than 8 years ago | (#15597067)

Iris scanners are not that expensive anymore, and I don't understand why thumb scanners are used anywhere outside of having a little usb toy attached to your computer. This confusion doubles when you consider it in situations where security is very important, like cash transactions.

Re:Print Scanners? (1)

fyngyrz (762201) | more than 8 years ago | (#15597263)

Iris scanners are not that expensive anymore, and I don't understand why thumb scanners are used anywhere outside of having a little usb toy attached to your computer.

Perhaps because most people are more comfortable with having a finger chopped off than having an eye (or both) ripped out of their head?

On a smaller scale, they're probably also more comfortable with laying a finger on a pad than putting their eye up to an eyecup or having a "guaranteed safe" laser probe them in the eye.

Re:Print Scanners? (1)

William-Ely (875237) | more than 8 years ago | (#15597311)

I remember reading awhile back about a guy who had his finger chopped off by a thief who was trying to steal his biometric sensor equipped car. What if a thief cut off both of your thumbs? How would you call your bank and credit card companies?

VC cash? (1)

AaronHorrocks (686276) | more than 8 years ago | (#15597069)

VC cash

Okay as a WWII, Vietnam, Gulfwar and modern reenactor...
"VC cash" only means one thing to me! It's the brightly colored paper money those little guys in black PJs carry around with them...

What's VC mean, other than "Victor Charlie"? ..."Virtual Cash"? but why say "cash" twice? that's redundandt and stupid. Like saying "VIN Number".

Hmmmmmmm

Re:VC cash? (1)

dstanzi (218405) | more than 8 years ago | (#15597164)

Venture Capitalist

Okay so we have (2, Funny)

zephc (225327) | more than 8 years ago | (#15597080)

finger-print scanners as payment. Check.
fuel from anything in 9 years. Check.

Now all we need hoverboards and Pepsi Perfect.

I'm not *that* anonymous (5, Interesting)

anaesthetica (596507) | more than 8 years ago | (#15597092)

Scuttlemonkey wrote "An anonymous reader writes..." despite the fact that this is my journal [slashdot.org] entry, and says qo quite clearly at the top of the story: "Journal written by anaesthetica (596507) and posted by ScuttleMonkey on 14:12 Saturday 24 June 2006"

I mean, I may not stand out in a crowd, but this is just an unnecessary blow to my ego.

Actually... (1)

The Mad Crasher (780942) | more than 8 years ago | (#15597109)

We've had this in South Carolina for a couple of years now at the Piggly Wiggly [thepig.net] . No major stories of problems yet. (And South Carolina wasn't last to something... wow...)

Games made of old ideals.... (1)

SubliminalVortex (942332) | more than 8 years ago | (#15597112)

I'm going to start a new company called "Tag Your It", where I start by making everyone 'It' and then requiring them all to tag the tagging stone. Rules of the game states, "you must be all thumbs".

sales? (1)

Troutrooper (959315) | more than 8 years ago | (#15597114)

Five-fingered discount: 10% off if you use all five fingers to verify yourself!

Others use it, too (2, Interesting)

johnmoe (103704) | more than 8 years ago | (#15597118)

Cub Foods also uses it. You need to enter a 7 digit number along with your finger print. It really didn't seem easier than swiping a card and entering a four digit number, so I didn't go with it. They suggest using your phone number for the seven digit number. I imagine the number is needed to make the database lookup practical. I wonder what would happen if LOTS of people started using the same seven digit number "1234567"...

Re:Others use it, too (3, Insightful)

mark-t (151149) | more than 8 years ago | (#15597420)

The 7 digit number is probably there to conform to the normal standard of requiring two pieces of ID for confirmation of who you are. The 7 digit number is one, and your fingerprint is the other. This not only confirms your identity but also confirms that their records are accurate with respect to any identification that you have previously provided them with. If something doesn't match up with their records, they can ask you for details and confirm your identity another way before processing your payment.

Jewel in Illinois has had this a while (1)

Danga (307709) | more than 8 years ago | (#15597151)

here is a similar article about the same thing:
http://www.businessweek.com/technology/content/mar 2006/tc20060328_901806.htm [businessweek.com]

For all you phobic people out there who don't want them to "have a copy of your fingerprint" from what I found out from the employees it doesn't work that way. It doesn't store your fingerprint, just certain points on it. So really there is not a way to one way hash back to your actual fingerprint. Now, maybe the employee didn't know what they were talking about but for them to have any knowledge about the device at all suprised me so I believed them. The article also mentions that it doesn't store the actual fingerprint. By the way, I am a the paranoid type too so I don't use it.

Where do I begin? (1)

xant (99438) | more than 8 years ago | (#15597407)

*most fingerprint systems don't store the actual fingerprint*.

The easiest, most computationally inexpensive way to check fingerprints against a database is to hash the print that you found at the crime scene--or the point of sale--and compare it to a database of hashes stored in the same way.

If you have the hash database, you have the fingerprint. Just because it's not the *same* hash as what law enforcement uses doesn't stop the NSA from using it against you. If you had more than one hash database, you might have to compute several hashes on the same print, one for each database, and do one search against each database. But the cost of doing that is tiny.

fingers cut off (0)

Anonymous Coward | more than 8 years ago | (#15597229)

Fingerprint payment is one of the must stupid ideas ever. It just encourages some idiots to cut off your fingers to get a couple bucks. Besides, if the fingerprint gets stolen, which can be anticipated, how do you revoke it and create a new one? I can't believe someone was actually stupid enough to give those guys some venture funding.

The ultimate way... (0)

Anonymous Coward | more than 8 years ago | (#15597235)

I can't wait until this becomes common as cash... That way I can pay my prostitutes while they do their services!

i can see why (1)

SekShunAte (978632) | more than 8 years ago | (#15597258)

all it takes is an aerosol can of super glue fumes and some tape and they can retrieve it off anything someone else touches...then it's just a matter of making a thin skin like mask that fits over the finger to reproduce the fingerprint...i saw Drew Barrymore and Tom Cruise do it...

Okay, it's a cheap shot, but... (2, Funny)

Kid Zero (4866) | more than 8 years ago | (#15597260)

Which finger did they want on file, again? :eg:

Fingerprints (1)

Caspian (99221) | more than 8 years ago | (#15597268)

The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.
No, but the fingerprint is. And I'm SURE some (compan(y|ies)|government[s]?) out there have a process for generating a unique hash of a fingerprint from any high-quality scan of it.

We've had it (1)

Noxal (816780) | more than 8 years ago | (#15597284)

I've seen this around in Pick'n'Save stores around Milwaukee, Wisconsin. I'd like to sign up for it, but I fear the government will steal my fingerprints and use them to clone me and harvest my organs to create an army of super Noxals that would come to my apartment, tie me down, and rape me.

Whether or not I would like this is another story entirely.

Pulse (1)

daeg (828071) | more than 8 years ago | (#15597294)

We did an interview with these guys long before the SP Times did, when they first started rolling the system out in the Bay area. Supposedly their machines require a normal body temperature and a pulse to be detected and the process can take a few seconds.

Also note that the system is closed. Merchants have no ability to troubleshoot or fix their machines, it requires a full visit by the company. It also requires a broadband connection. Yes, it goes over the Internet. Many, many small stores still use dialup connections for credit card processing.

This system is far from flawless. Realize that this system only pulls funds from other sources such as your bank account. To be secure, all systems would have to go based on fingerprint only and have no other method to withdraw funds. If a criminal can get your money out just by swiping your account number from a check, why would he bother chopping off your finger? Unless he eats it with his peas and carrots, that is.

this isnt new (1)

JoJoFine (671477) | more than 8 years ago | (#15597326)

Krogers/Jewel-Osco stores all across the midwest have been using Pay-By-Touch since at least December of last year in all of their stores. Why is this just now getting known?

Chicago area Jewel stores (1)

LadyVirharper (804893) | more than 8 years ago | (#15597330)

The Jewel stores in the Chicago area have this already. I haven't touched it. ;)

Another Risk (1)

Bastian227 (107667) | more than 8 years ago | (#15597339)

how can using a unique fingerprint for identification be riskier to theft...

I'm more concerned with the risk of spreading diseases. How often do you think a convenience store employee will wash the finger scanner?

A Step Backward... (1)

Itninja (937614) | more than 8 years ago | (#15597345)

Basic security priciple states that information is protected in one (or more) of three ways:
Something you have (like a debit card), something you know (like a PIN), or something you are (like a fingerprint).

Currently we use debit cards at the supermarket, which requires two elements of security (the card and our PIN or signature). But with biometric, it's only based on something we are; only a single element of security.
What's more, if hackers comprimise my CC database I can get a new CC number in a day or so. If hacker's comprimise the digital keys that verify my fingerprints, then what? Will I be issued new fingerprints?

Accepted in Greenwich Village (1)

sarge apone (918461) | more than 8 years ago | (#15597378)

"They took my thumbs, Charlie!"

One word answer: stigma (1)

mark-t (151149) | more than 8 years ago | (#15597388)

Fingerprinting has been commonly associated with criminals in the past and many people that would have problems with being fingerprinted are likely unable to move past that association.

I do not think it will be an issue in another one or two generations because people are getting fingerprinted more and more for other purposes anyways so the stigma will probably not last forever.

"bit puzzled by customer privacy fears" (1)

l3v1 (787564) | more than 8 years ago | (#15597389)

bit puzzled by customer privacy fears

Well, they seemingly are stupid like a dumb ducks behind, and still they will get rich. Why ? Because such moves will be backed heavily by US government, since they will be able to get a nationwide fingerprint database in a few months and they don't even have to pay for it.

I'd prefer living without money in a jungle than using my fingerprint as a payment method, that's for sure.

how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number

... my head hurts from even trying to imagine how ignorant dumb*sses these guys must be.

And this is new becasue . . . (1)

chasisaac (893152) | more than 8 years ago | (#15597468)

Up here in the frozen tundra of Minnesota. Cub Foods has been using this for close to a year. After talking with a few cashiers at Cub Foods, they have told me that every few people use the fingerprint system.

And?? (1)

Jason Lind (683680) | more than 8 years ago | (#15597471)

Jewel's in Chicago have had this for over a year now.

I work for a top 5 U.S. credit card company (0)

Anonymous Coward | more than 8 years ago | (#15597472)

And we have implemented Pay-By-Touch as part of our payment authorization system.

However, our CEO said recently that PBT has not been as successful as they had expected. As a result, we are looking at developing other forms of non-magstripe payments, such as by inserting RFIDs into our cards, as Mastercard has started doing.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>