Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
The Almighty Buck

Fingerprints Replace Credit Cards in Seattle 376

Posted by CmdrTaco from the well-in-one-store-anyway dept.
prostoalex writes "According to CNET News.com, Thriftway introduced biometric systems in its Seattle stores as far back as 2002. The customer would have to be identified first and submit his own fingerprints, as well as register credit cards with the grocery store. But then a Pay By Touch system became quite popular among the store regulars. According to CNET, "one man even drove 400 miles to use the technology". The store also reports 0% of such transactions being fraudulent."
This discussion has been archived. No new comments can be posted.

Fingerprints Replace Credit Cards in Seattle More

Fingerprints Replace Credit Cards in Seattle

Comments Filter:

  • good (Score:2, Interesting)

    by mirko ( 198274 )
    I guess this is the future... I just hope such info won't be crosschecked for national security's sake.

    • Re:good (Score:4, Funny)

      by Leroy_Brown242 ( 683141 ) on Thursday February 03, 2005 @10:57AM (#11562023) Homepage Journal
      • Times I have already given the government my finger prints:
      • First Grade: They came in and took everyone's prints.
      • Grade 11: Once again, came and took our prints. It wasn't mandatory.
      • 2002: Took my prints when I recieved a concealed handgun permit.
      For me, I'm not worried about giving my prints. The man already has my prints. I'm just worrying about someone chopping off my finger and going to thriftway to buy groceries!
      • In a couple episodes of CSI, the perpetrator made rubber hands that had fingerprints from a live person. (Admittedly, his own, but that's a plot complication I don't feel like explaining.)

        Extend that concept to rubber-mold gloves.

  • It's the automated transactions I'm worried about (Score:5, Interesting)

    by bersl2 ( 689221 ) on Thursday February 03, 2005 @09:43AM (#11561316) Journal
    The store also reports 0% of such transactions being fraudulent."

    I don't think anybody's going to let you buy stuff with a severed finger.
    • You don't need a severed finger, you just need the electronic digital copy of the finger-print.

      Amazon: "I'm sorry sir, you *DID* buy 20 copies of the first season of STAR TREK: ENTERPRISE. We have your finger-print scan in our computer to prove it."

      If you are using a finger-print scanner to make ANY purchase, get ready to spend the rest of your life tracking down fraudulent purchases.

      Sam

      • If you are using a finger-print scanner to make ANY purchase, get ready to spend the rest of your life tracking down fraudulent purchases.

        Yes, because will all know how much more secure a little plastic card is.

        Seriously, did you just make that up hoping no one would notice that you don't know what you are talking about?

        • I think the point of the parent was not that a little plastic card is more secure, but rather that a card is not permanent.

          If a credit card gets stolen... you get a new card (with new numbers). If your fingerprint gets stolen... do you get new fingerprints???
        • Yes, because will all know how much more secure a little plastic card is.

          If someone gets your credit card number, you call VISA and get a new card.

          If someone gets an electronic imprint of your finger-print you can't change your fingers. Hence, "get ready to spend the rest of your life tracking down fraudulent purchases".

          Sam

    • A friend of mine works on a stock exchange as IT manager. He could unlock a workstation of a trader using his own fingerprint (without any further hacks). Local security didn't believe him untill he demonstrated it.

      It is not as airtight as you may think...

      • Re:It's the automated transactions I'm worried abo (Score:4, Interesting)

        by RollingThunder ( 88952 ) on Thursday February 03, 2005 @11:32AM (#11562399)
        I recall a review of some new biometric-enabled mice that came out, and the trivial way to trick them - cup your hand over the sensor, and breathe softly on it.

        The existing oils will pick up the water vapor to form the pattern of the last finger on it, and the heat of the breath triggered the sensor to read it.

        What amused me the most was I went to tell my boss at the time how these researchers had found such a simple way to break it, and he said "Oh... I just bought one of those yesterday." Heh.

    • Identity theft would require a two phase approach (Score:5, Interesting)

      by crovira ( 10242 ) on Thursday February 03, 2005 @11:31AM (#11562382) Homepage
      The only finnicky part is getting your fingerprint pattern key (the raw info is not sent, it gets crunched down by the scanner,) into the database on somebody ELSE's account. HE will be the one stuck with the bill.

      You can then run the scam the same way.

      Actually it takes less balls to do it because either it works and your laughing or it doesn't and your mutter something about a new scar on your fingerprint to a clerk.

      You don't have to worry about getting caught because you're going to have created a false positive (doubling the key) rather than replacing a real record.

      Your fingerprint is essentially worthless for security when you've got access to a scanner and to the system.

      The trust-worthyness of the original scanner and scannee is the key. The more paranoid you need to be, the more data points you pick, and the more tightly you control the access to the system.

  • In other words ... (Score:4, Interesting)

    by tomhudson ( 43916 ) <barbara,hudson&barbara-hudson,com> on Thursday February 03, 2005 @09:44AM (#11561322) Journal
    The store also reports 0% of such transactions being fraudulent."
    In other words... they haven't caught me yet !!!

    What it could also mean is that most people don't reconcile their statements at the end of the month, and that the people who use this system are even more likely not to bother, because they trust it more.

    Or not.

    But give it time, someone will figure out how to scam it.

    • Somebody mod this guy up.

      "The store also reports 0% of such transactions being fraudulent" so far...

    • Re:In other words ... (Score:5, Insightful)

      by MukiMuki ( 692124 ) on Thursday February 03, 2005 @10:18AM (#11561598)
      People don't realize just how *dangerous* the fraud would be if this became widespread.

      Take into account that we touch a LOT of things. Daily. You know those seedy, scammy ATM's? Wouldn't be very difficult to make one with a thumb reader to conceal an instant CCD-based scanner or something of the sort. All the machines check for is the pattern, and it would NOT be hard to fake this.

      Rubber thumb overlay, anyone? The HEIGHT WOULD NOT MATTER, the machine would detect the right print no matter how long the grooves were. Sure, it won't work at a store, but it WILL work at an ATM.

      But here's the worst part.

      Once your print has been *breached*, you simply *can't get another one*. You're screwed.

      Yes, safeguards can be put to minimize the use of overlays, but once again, only in official locations. Independently owned ATM's either won't ever be able to use this technology or will ruin it the very moment those prints are made public.

      It would NOT be hard to rapidly prototype a piece of rubber (or some other, better, squishing polymer) based on a figureprint picture, let alone streamline the process to make dozens or even thousands more.

      Of course, if it was purely for stores (and stay wary of those self-checkouts), maybe.... maybe.

      I dunno, maybe I'm off my rocker here, I just came up with this counterargument instantly. The thought of someone with lots of stealing in mind coming up with a way to fake prints to use in unmanned scanner locations (let alone someone forcing someone else's thumb onto the scanner in a much scarrier mugging incident) is kind of scary.

      Wait a second now...

      Perhaps a bioelectric scanner that doesn't work (has to be tested with a variety of conductive materials, constantly, along with calluses...) unless a real live thumb is touching it still leaves you in danger of mugging (and setting it up so that the customer can't purchase unless they're calm would only lead to MUCH scarrier mugging incidents) but would stop fraud for the most part.

      Yeah, still a long way to go before widespread use.
      • Holy crap! There's *always* an imaginable way to circumvent the most secure of situations. Let's scream hysterically because of that.

        Sarcasm aside, that's the gist of the message. You "one offed" a technically tenuous breach. So? That's what movies are made of. Most of which are not truly possible in the real world, by the way.

        Perhaps you should compare the possibilities of breaching this system against those of breaching a debit card system. Then choose the least breachable system as the bes
      • Your mugging suggestion raises another issue : how do I leave my thumbs at home ?

        When I'm going into a territory I consider risky I minimize my risk by leaving my wallet full of cash & cards in the safe and only take with me what I think I'll need. Same goes for a drunken night out.

        Just wait for the first ATM drug rape victim !! - hope I'm the perpetrator and not the drowsy victim =)

        • Re:In other words ... (Score:4, Interesting)

          by LurkerXXX ( 667952 ) on Thursday February 03, 2005 @10:58AM (#11562030)
          Don't worry about the violence. It's not necessary.

          Worry about the problem of leaving the thumbs at home though. That's a real concern. Going about your daily activities everyday, you don't leave tons of impressions of your credit card numbers. You do leave lots of impressions of your fingerprints. That's why cops can dust for them on all sorts of materiels that might be touched everyday by someone. Doorknobs, walls, a drinking glass, etc.

          Who's going to risk attacking you in an alley for your fingerprints? You might fight back. You might know martial arts, heck, you might have a gun. Why take that risk? All they have to do is snag your glass from the table at the restaurant you just finished eating at. No confrontation, no risk, and your biometric security is now screwed forever since you can't just go get a new set of thumbprints.

      • I think a lot of these problems could be negated if you add a PIN number...
    • They mean they have not caught anyone yet...
      http://cryptome.org/gummy.htm

  • Ah... (Score:5, Funny)

    by madaxe42 ( 690151 ) on Thursday February 03, 2005 @09:44AM (#11561323) Homepage
    Here in we've been using a similar system for unique biometric identification of customers for years. It works a bit like this:

    1) Walk into stor
    2) Say 'Hello Ifan' to Ifan, the shopkeeper
    3) Ifan says 'Hello ' back if he knows you
    4) Say '2 grenade launchers, one baboon, and a pint of guinness please, my good man'
    5) Ifan produces the above, charges your account, takes payment later. Nice and easy. And if you don't pay....

    6) Chop!

    • Re:Ah... (Score:3, Interesting)

      by kjamez ( 10960 )
      you joke, but that's the main reason i moved 'home' to Tennessee from Oregon. in greeneville, voted 2000 Best Small Town in America (or something), i can walk into the bar, have a few drinks, and leave. 'Running tabs' as it were. (the TN A.B.C says this is illegal and comes ready with a $1500 fine, per offense ... ) This method of purchase / interaction with store owners includes (but not limited to) the local hardware store, grocery store, computer shack, etc, etc. I enjoy the fact if i forget my walle

  • How is this good? (Score:2, Interesting)

    by Anonymous Coward
    How is this a really good thing?

    How well does it work on someone that does a lot of physical activity (woodworking/metalworking) who might not have very good ridge detail?
    • How well does it work on someone that does a lot of physical activity (woodworking/metalworking) who might not have very good ridge detail?

      He's probably still got enough texture on his fingers to open his wallet and remove a normal credit/debit card, a check, or (gasp!) actual cash. Come on... retna scanners don't work very well on people with acute corneal disease either... but if we ruled out every technology because of some cases in which it wouldn't work, well, you sure wouldn't be eating up your day

  • Yeah but.... (Score:2, Informative)

    by fusionpit ( 777534 )
    Is this susceptible to Gummy Bears?
  • Picture of a fingerprint, how could you "print" it out, complete with ridges? Laytex, or maybe silicone would be nice, something I could glue to my fingertips, temporarily. Also, what are the oldest fingerprints available, that would show up in a search? I'd like to be a 170 yr old, 90 yrs dead suspect, or, supposing celebrity fingerprints are available, George W. Bush himself!

    And then for when I get caught, fingerprints with an embedded "Fuck You Pigs" logo that would show up on the fingerprint card....
    • There was an article on Slashdot which I don't propose to spend hours digging through the search pages to find that described how someone used a gummi bear to defeat a fingerprint scanner.


      Basically he lifted a print off a glass, etched the pattern onto a piece of blank circuit board, and used that as a neg stamper to press a fingerprint pattern into a gummi bear...

    • Re:Supposing you had a decent resolution... (Score:4, Informative)

      by Jack Porter ( 310054 ) on Thursday February 03, 2005 @10:02AM (#11561455)
      You etch it using PCB fabrication techniques, and then cast it with gummy bears. Details here [counterpane.com].

      • 5 second rule? (Score:4, Funny)

        by emilng ( 641557 ) on Thursday February 03, 2005 @10:34AM (#11561755)
        Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.

        The five second rule doesn't apply here.

        You must be pretty brave to eat something that just touched something that everybody else has touched and probably has some amount of everything else they had touched on it.
        I would be wary even putting my finger on there nevermind eating off of it.

  • Why not? (Score:5, Insightful)

    by otisaardvark ( 587437 ) on Thursday February 03, 2005 @09:48AM (#11561350)
    Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.

    This way, if someone steals your card info and puts their own fingerprint info on it (or onto the back-end database, or whatever), there is an immediate method to start tracking them.

    Of course, there are ways to defeat fingerprint scanners, see Schneier [schneier.com] for a starting point.

    I therefore think that the danger here isn't in the fingerprinting itself, which is just another way of tracking usage. It is that cost/risk of fraud will be passed on from the banks to the consumer (or possibly stores).
    • Agreed with parent. Stores such as this one factor theft into their pricing.

      They may make more by having a higher turnover of customers and less staff hours than any loss on stolen goods.

      They have honour systems at the moment where you barcode scan the products yourself with a hand scanner. They take it as given that you bought 3 carrots and not 4.

      Not applicable for all industries as 24 carats is quite different to 9.

    • Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.

      I would add "as long as the data is private to the company". I can easily see them cooperating with law enforcement to do fingerprint searches in their database (which contains a large number of people that are not in the criminal database). That is a significant decrease in your privacy. If all the laws on our books were just, and the police never abused power, then you w

  • Let me be the first (Score:3, Funny)

    by eclectro ( 227083 ) on Thursday February 03, 2005 @09:48AM (#11561352)
    to say thumbs up to privacy invasion!

  • Kind of scary actually (Score:5, Interesting)

    by DarKry ( 847943 ) <darkryNO@SPAMdarkry.net> on Thursday February 03, 2005 @09:51AM (#11561365) Homepage Journal
    Someone may have more experience with this than I do, but this is a bit scary. Has anyone else read the book "Stealing the Network". It goes into some detail on the subject of synthetic fingerprints and just how easy they are to make at home. The book is at home and I am at work or I would post the links that they have as refereneces. I can see the usefulness of the fingerprint perhaps replacing the signature or pin number, but the whole credit card!!! I don't know about you guys but when I realize that I left my credit card sitting around in a public place I freak out. I guess I am going to have to wear gloves from now on, or carry around a bottle of cleaning solution everywhere I go.

    Someone with more experience please comment, especially if you have the links from that book, I am curious to read up.

    Thanks

  • Paying over the internet (Score:3, Insightful)

    by Anonymous Coward on Thursday February 03, 2005 @09:51AM (#11561373)
    Do they actually REPLACE credit cards?

    "Pay over the internet with your fingerprint now!"
    Damn hackers, intercepted my finger print. Could I block my account and get a new fingerprint, please?

  • In a year... (Score:4, Funny)

    by Vo0k ( 760020 ) on Thursday February 03, 2005 @09:53AM (#11561381) Journal
    News story about the poor bankrupt grocery...
    "The store also used to report 0% of such transactions being fraudulent before the story was posted to Slashdot. Then the number of frauds by using "stolen fingerprints" skyrocketed."

    • But I think your sentiment is spot on. Well, for the most part. I think this has the capability of being more secure, but it has the flaw of its users expecting it to be perfectly secure, which would actually make it less secure (see also Why Things Bite Back [stanford.edu], by Edward Tenner).

      Just like at least one reason Linux is more secure is that it is less used, fingerprint scanners will be unlikely to be a target for the next few years. If they become the primary means of verification, whether they become more sec

      • Actually, forging a fingerprint will eventually be easier than forging a credit card.
        Pick it using traditional "police" methods.
        Scan, edit, removing noise, dust etc.
        (not sure if you don't need to make negative. But it's trivial.)
        Print on transparency.
        Using photopaint like in making PCBs, etch in copper.
        Using the copper as stencil, pour a little silicone glue.
        When the result is nearly dry, push with your finger to paste it on top of your own.
        Go shopping.

        Faster, cheaper, easier...
        And once you see your credit

        • But my assumption is that once forging fingerprints begins to cost companies some money, improvements will be made to make it harder to forge. I'm familiar with that experiment where every fingerprint scanner at a specific expo was fooled (or at least every one that would allow itself to be tested), but I don't think that means that the scanners can't be improved - just that the designers underestimate the ability of the scanners to be fooled, or the ability of crooks to fool them. Eventually, I expect (bas

  • 2 Questions (Score:5, Interesting)

    by bwcarty ( 660606 ) on Thursday February 03, 2005 @09:53AM (#11561385)
    1) Have sales of gummy bears [theregister.co.uk] experienced a dramatic surge in the area?

    and...

    2) Can I choose which finger to give them for my biometrics?

  • kinda on the same lines... (Score:5, Informative)

    by ozzmosis ( 99513 ) * <ahze@ahze.net> on Thursday February 03, 2005 @09:56AM (#11561407) Homepage Journal
    But this is not surprising concidering the cost of a home finger print scanner [samsclub.com] of only 39$.

  • Police (Score:5, Insightful)

    by jeffkjo1 ( 663413 ) on Thursday February 03, 2005 @09:57AM (#11561426) Homepage
    This technology would be a field day for law enforcement. Any and all crimes that happen in that area where they find a fingerprint but it's not in their database... the first thing they'll do is call up Safeway.

  • Potential for Good or Evil (Score:5, Insightful)

    by Gallenod ( 84385 ) on Thursday February 03, 2005 @09:58AM (#11561428)
    Fingerprint systems like this seem to work as well or better than most forms of ID. Most security on credit card purchases I've made has been limited to comparing my signature on the receipt to the one on my card, which can be forged pretty easily. They don't ask for picture ID any more on credit cards. A lot of them don't even keep my card long enough to check the signature, and automatic chargers like gas pumps will take your credit card without any cross-check. In that sense, using an account activated by your fingerprint is probably an improvement.

    Yes, there are concerns about the government tracking you through your fingerprints, but they could do that through your credit cards now anyway, so I'm curious what the difference would be. Besides, we're more at risk from all the commercial entities who have access to our electronic transactions. Unlike the government, they routinely do all sorts of things with the information they collect on our purchasing habits.

    Here's my main concern: What if someone manages to impersonate you and establishes an electronic account that ties your financial information to their fingerprint. Someone could wreak havoc in a fairly short time if biometric systems are trusted blindly.

    Then again, if the scammer impersonates a person with huge debts, maybe they'd get stuck with them. :)

    Biometrics may be a miracle cure or snake oil. As with any potentially useful technology, which it becomes will depend on the implementation.
    • Yes, there are concerns about the government tracking you through your fingerprints, but they could do that through your credit cards now anyway, so I'm curious what the difference would be.

      The difference is that you leave fingerprints any time you touch most surfaces without gloves. You don't randomly leave your credit card receipts on the floor in the train station or on the sidewalk.

      You touch a handrail near where someone gets knifed, coppers look at the print database of the nearby supermarket, expec
  • Bear with my bad SF for a moment. Western civilization seems to be converging to the point where citizens will have no choice, but will depend upon a handful of mega-corporations for their sustenance, while at the same time having to give not only their time and energy, but also their identity in return. By this time, privacy will have been successfully abolished and its last traces outlawed. Every adoption of RFIDs, DRM technology - as well as every merger between huge corporate actors is pushing the world
    • Then wear latex gloves and pay with cash when you go to buy your snickers.....seriously WTF does this have to do with DRM???
      If you don't like it, don't use it. I thought that was how this whole "freedom" thing works, or is it that everyone is supposed to stay in a cave so you can feel free?
      Grow up.

  • copying fingerprints is easy (Score:4, Informative)

    by Torstibutz ( 150192 ) on Thursday February 03, 2005 @10:06AM (#11561489)
    just check:
    http://www.ccc.de/biometrie/fingerabdruck_kopieren ?language=en [www.ccc.de]
  • hacking of people's fingers so someone could buy nail polish remover at thriftway.

    Sadly... some idiot will actually attempt to do something like that if this technology takes off. Just watch.

    There is some bozo out there who will think that's a brilliant idea.

  • Mark Of The Beast (Score:5, Funny)

    by seven of five ( 578993 ) on Thursday February 03, 2005 @10:06AM (#11561498)
    I guess the barcode-on-the-forehead project didn't go so well.

  • Is it spoofable (Score:2, Interesting)

    by Adrilla ( 830520 )
    A person with good slight of hand talent could easily use the gummi bear trick.
    I also wonder if they allow this to very age for purchase of alcohol and tobacco.

  • All HELL is breaking loose ... (Score:5, Insightful)

    by SamSeaborn ( 724276 ) on Thursday February 03, 2005 @10:08AM (#11561509)
    (NOTE: I know what I'm talking about, 5 years experience at a security/bio-metrics company.)

    If someone gets an electronic imprint of your credit card number, you call VISA and get a new number.

    If someone gets an electronic imprint of your finger print, you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.

    Ticketmaster, 5 years later, "I'm sorry sir, but you *DID* buy 10 first-row superbowl tickets. Our computer says you did it over the internet and we have your finger-print scan on file to prove it."

    RUN, don't walk, when someone in a store asks for a scan of your finger-print.

    Sam

  • finger on the problem (Score:3, Informative)

    by Doc Ruby ( 173196 ) on Thursday February 03, 2005 @10:13AM (#11561551) Homepage Journal
    A fingerprint check might be secure and convenient. But what guarantees that the fingerprint, and the ID of its owner, will be used only in that authorized transaction? We have copyright control over our personal info. But our rights to restrict distribution are not explicit in law. The Congress must pass a law making such personal info copyrights clear and current. We need at least the same protections we give to copyrighted corporate info, like songs and music. Or corporations will own all our info, too.
  • ... when try pry them from my cold dead fingers.
  • Biometric is not EVER revokable... despite being accompanied with a PIN or other form factor authentication.

    Once your biometric is stolen, nothing can replace it.

    When is general populace going to get a clue, like us esteemed Slashdot readers do?
  • Isn't fraudulent activity, though that's a concern.

    I just don't understand why people want to hand over their credit card information in an on-going basis to these companies. Same as with those 'Speedpass' things (those I don't trust at all).

    If I use my credit card at a store, they do the transaction and they're done. Having a company keep as part of its corporate records and stuff they track about a consumer including their credit card info seems kinda scary.

    I guess there'll always be people not phase

  • Identification or Authorization? (Score:3, Insightful)

    by atcurtis ( 191512 ) on Thursday February 03, 2005 @10:26AM (#11561675) Homepage Journal

    I think that there is confusion over the distinction between "Identification" and "Authorization".

    A good secure transaction would require both.

    For example: To withdraw money from an ATM, you have the bank card (identification) and the PIN (authorization).

    So.... I think a distinct likeness like DNA or fingerprint would make a reasonable form of identification, I do not think it is reasonable as a form of authorization.

    IMO, a monetary transaction which involves a fingerprint will still require the user to enter a pin number for authorization.

    Just my 2p worth.
  • There's a Pick N Save grocery store downtown, that's not quite like a normal Pick n Save in that it has lots of high priced specialty foods. Anyhow, it's had this pay by touch system for months now. I'm not willing to use it, nor is anyone else I know. But sure, it's a neat idea?

  • Cash is king (Score:2, Insightful)

    by Content-Free ( 833100 )
    It's when cash is no longer accepted that I leave the country.
  • Stores will be suspicious of anyone buying Gummi Bears [theregister.co.uk]

  • Self Fullfilling Prophesy (Score:3, Insightful)

    by n-baxley ( 103975 ) <nate@baxleysIII.org minus threevowels> on Thursday February 03, 2005 @11:07AM (#11562125) Homepage Journal
    The store also reports 0% of such transactions being fraudulent.

    OK, so a voluntary system that requires you to submit your fingerprint and no criminals have tried it out, even for malicious purposes? That's incredible! I hardly think that this counts as an endorsement of this technology. If it were to become more widespread it might be worthwhile for the "bad guys" to come up with ways to defeat it, but as it is they will just go down the road to the place that uses the good old credit cards they can get out of a stolen wallet.
  • Does anyone know how good today's technology is at identifying fingerprints? Is it really possible to identify correctly any one out of billions of prints?

    I ask because at the science museum in London, there is an area where you can experiment with several computer based activities and save the results using your finger print. I had to try several fingers before I found one which wasn't incorrectly identified as someone else's.

    I would guess that the technology used in this situation is not as accurate as

  • IDENTITY != AUTHENTICATION (Score:3, Informative)

    by malcomvetter ( 851474 ) on Thursday February 03, 2005 @12:53PM (#11563318)

    When will people learn that identity factors are not the same as authentication factors?!?!

    A Fingerprint is something you are

    It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.

    The biggest deal here (not mentioned very much in these /. posts) is that the store is keeping your CC info, and obviously stored in some format that they can recover (i.e. either plaintext or symmetrically encrypted (not hashed) ). Assuming the authentication was secure, would you even want them to keep that info for convenience purposes?

    That makes their DB such a huge target ... forget the claims that they have 0% fraudulent transactions ... all the transactions are happening on customers CC from other merchants because their DB traffic was spoofed, hijacked, usurped, or the DB was just plain owned!

    Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.

    And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!


    Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.

  • Fingerprint scanners are not reliable. (Score:4, Informative)

    by LinuxFreakus ( 613194 ) on Thursday February 03, 2005 @01:58PM (#11564149)
    I know several people who have season passes to Disney World... when you enter the parks, there is a fingerprint reader for season pass holders.

    I've borrowed 3 different season passes before and never had a problem getting past the scanner, it just isn't reliable.

    I bet a warm hotdog would work too.

  • No thanks (Score:3, Insightful)

    by nurb432 ( 527695 ) on Thursday February 03, 2005 @04:03PM (#11565616) Homepage Journal
    Thats why i pay with cash.

  • And the other problems (Score:3, Interesting)

    by rfc1394 ( 155777 ) <Paul@paul-robinson.us> on Thursday February 03, 2005 @04:22PM (#11565821) Homepage Journal
    Thieves used to steal cars because you could hot-wire the ignition. Even if the ignition locks you could break it, usually with a screwdriver.

    Then they developed the new ignitions that require a key with a transponder chip. (I think this was a demand by auto insurance companies.) So, as a result, instead of stealing cars, thieves are now carjacking people in order to get the car with the key in it, with the resulting increase in danger to the owner. Doesn't matter to the insurer as they are only liable for injuries in the case of an auto accident, not for robbery, unless you have supplemental medical coverage as part of your auto policy, which I suspect most people don't.

    If this sort of thing becomes popular, it could trigger thieves cutting people's fingers and stripping the fingerprints. I am reminded of a horrid example in the movie "Fighting Back" where a thief wanted to steal a ring from some woman, but she couldn't get it off her finger. So he used a pair of tin snips and cut her finger off. Can't very well damage the ring, can we?

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close