Biometric Payment Arrives in a Store Near You

"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"

Uhh...

[Poromenos1]

how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?

Because you leave them on everything you touch?

Company pledges

[plover]

From TFA: The company pledges not to sell or rent personal information, or access to it.

I read this line too and it made me want to scream. "Company pledges" are worth exactly shit these days. "We pledge to protect your privacy and retain the right to alter this pledge at any time." "We pledge to never sell or distribute all of this personal information that we insist on gathering, really, unless we're bought out by another company that doesn't pledge this."

I don't want pledges. I don't want them to have this info, period. I don't want to receive marketing from them any more than I want it from third parties.

Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."

Those are some pledges that I'd be slightly more inclined to believe.

Re:Uhh...

[MarkByers]

And you can't cancel (change) your fingerprint if someone finds out what it is.

Re:Company pledges

[sbaker]

It's hard to imagine anything that's more personally sensitive than SWIFT banking transactions - and they gave those records up to the US government in no time flat!

These days you have to assume that any item of data you give to anyone is insecure from that point on.

Re:Fingerprints are less reliable ...

[demigod186]

This is true about the 1-2% of the pop. Those people don't produce enough oil on their skin.

Re:Uhh...

[eclectro]

And you can't cancel (change) your fingerprint if someone finds out what it is.

And you can't stop the production of gummy bears [extremetech.com]

I could probably travel the world on a single package of gummy bears and a set of prints lifted from the sides of soda cans, tossed in the trash outside the convenience store.

Just remember though, outlaw gummy bears, and only outlaws will have gummy bears.

Re:thoughts

[JWSmythe]

Well, on the anonymous scan part, that is pretty obvious. They're providing a box to developers like you and I. We touch it, it returns a fake record. If it works, it'll return the same fake record every time. If it has a false, it'll probably return a different fake record.

    I'm not particularly comfortable with it still.

    As someone else said, your fingerprints are everywhere.

    Say this does become wide spread. Everyone's using it. I go into a high dollar store, and follow someone who looks like they have money. He picks up a smooth surface box, I carefully follow him and buy the box he just inspected.

    Now I make myself a nice happy fake fingerprint (wax, latex, whatever), now I go shopping.

    It won't take very long for this to become a problem. While zapping up a nice copy of fake prints is stuff for television, it's not impossible to do. As it becomes more profitable, more copies will be made.

    What happens when this becomes a problem? Our victim in question will have to close his account with paybytouch.

    What happens when someone hacks the paybytouch database, and now has a copy of all the fingerprints, or at least the points they are identifying? For the purpose of this exercise, I can be anyone in their database.

   

Re:thoughts

[fyngyrz]

Only the graph is saved, and the graphs are compared to verify identity. The fingerprint data that my company uses is less than 1k of data consisting of only minutiae type, links to other minutiae, and distances. So in other words, there is no way to get an image of the finger back, so the police can't use it(for manual matching).

All they have to do is use your equipment to generate a matching graph of the fingerprint in question, and the police can match against your records that way. In other words, your company *is* storing information useful to the police. The fact that there is one extra (and very easy) step involved for them to use it is entirely irrelevant.

The fact is, if you store data unique to a person, it can be used against them if it can be retrieved by any other person. That's the nature of the act.

Now, if you had built in a security system that melts the data set(s) into a pool of crud if anyone tries to get at the records in any way other than one at a time against an input sensor, including opening the case for the memory units, I'd say you maybe had something that would at least inconvenience those who would invade our privacy. But you didn't do any of that, did you? Because that would annoy the feds no end, and your company knows better than to do that.

Re:Others use it, too

[mark-t]

The 7 digit number is probably there to conform to the normal standard of requiring two pieces of ID for confirmation of who you are. The 7 digit number is one, and your fingerprint is the other. This not only confirms your identity but also confirms that their records are accurate with respect to any identification that you have previously provided them with. If something doesn't match up with their records, they can ask you for details and confirm your identity another way before processing your payment.

The biggest problem

[gleffler]

is a fear of two-factor authentication. Really, the solution here is to keep the fancy fingerprint-system and to *combine* it with a PIN that can be changed readily by presenting a second form of photo ID. This way, if your fingerprints get compromised, your PIN is still unique and you can change it whenever you want. The fact that they're so insistent on "touch it and go without any work!" is the security downfall, and it's kind of sad when it would literally take an extra 10 seconds at most to input a 6-digit PIN with your other hand while your hand was being read by the reader.

Two (or three) factor authentication is really the way to go for any system that you care about. Apparently people aren't remembering this from Security 101.

Re:Ahhhh... thats also what the FBI has...

[DumbSwede]

Actually this is how all law enforcement data bases work. They find places where print ridges have certain kinds of discontinuities, bifurcations etc... then store the potions of these points relative to each other. Very few database matches rely on a complete match, nor are they actually comparing actual pictures of prints, but rather how many points in common line up. Since lifting prints often distorts the print or misses some areas, exact matches are really ever found, but the quality of the match goes up with the more points in common. I believe the standard is 5 points in common to be considered a match. A figure many feel is too low and has probably falsely identified many people -- especially when you are just trolling for matches in a database of millions, and no other evidence.

Point is, there is nothing to keep some future law enforcement under newly enacted laws from subpoena the database and converting it to troll for matches, with as mentioned before the high likelihood of false positives.

Congratulations! You are our One Millionth Customer to be accused of Homicide!

Re:Uhh...

[AnyoneEB]

It does not matter. A person's fingerprint is not a secret. You leave them everywhere. (Unless you wear gloves all the time.) I assume the cashier watches the customer scan their fingerprint, so they know the fingerprint belongs to the customer. If someone comes in and tries to scan a finger not connected to anything, the cashier will probably suspect something.