Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Biometric Payment Arrives in a Store Near You

Journal written by anaesthetica (596507) and posted by ScuttleMonkey on Sat Jun 24, 2006 01:12 PM
from the new-string-of-finger-thefts dept.
Privacy Technology
"A chain of Florida convenience stores has begun accepting fingerprints as payment, using a biometric system called Pay By Touch. The company is a Bay-area startup backed by $130 million in VC cash and the acquisition of BioPay, a Virginia-based biometrics firm that's already done $7 billion in European transactions. From the article: 'The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number? ...The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'"
+ -
story

Related Stories

[+] IT: Biometrics Win Support From the Lazy 124 comments
judgecorp writes "We're used to discussions about privacy and security, but amongst users, the real issue is ease of use, according to a survey by Unisys. It's not a huge sample, but ten percent of the users in Asia were happy to be chipped and have done with it." From the article: "Frost & Sullivan security analyst James Turner said while speed of identity verification may be driving people's acceptance of biometrics, the key issue is that biometrics can be a security block, rather than an enabler. Turner added that what is more important in the smartcard debate is ratifying exactly where the identification data is stored. "
[+] IT: The Future of Crime - Biometric Spoofing? 134 comments
AxisPower9 writes "What we often watch in films and television - circumventing biometric security access - is turning from science-fiction to reality. Bori Toth, biometric research and advisory lead at Deloitte & Touche, warned that biometric spoofing is a growing concern. From the article: 'We are leaving our prints everywhere so the chance of someone lifting them and copying them is real. Currently it's only researchers that are doing spoofing and copying. It's not a mainstream activity--but it will be. Many people are trying to regard biometrics as secret but they aren't. Our faces and irises are visible and our voices are being recorded. Fingerprints and DNA are left everywhere we go and it's been proved that these are real threats.'"
[+] Pay By Touch Goes Online 85 comments
Max Fomitchev writes to tell us that Pay By Touch, the biometric identification service, has announced an online version of their service. While currently the only implementation of this service is in the brick-and-mortar storefront of Star Markets grocery stores, the company hopes that online vendors will start signing up soon.
[+] Ask Slashdot: DIY Iris Scanning? 54 comments
gadzook33 asks: "There have been rumors floating around about DIY iris scanning, using digital cameras for biometric security. Iris scanning presents a fantastic alternative to password-based authentication but hasn't really come to our desktops yet. I've looked around but can't find any concrete material on the subject. Is anyone doing this? Are there any efforts to develop open software for this sort of thing? Are patents holding things up? Given that passwords are an almost defunct technique for protecting data in certain situations, it would be nice to have an alternative."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Biometric Payment Arrives in a Store Near You 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Uhh... (Score:5, Insightful)

    by Poromenos1 (830658) on Saturday June 24 2006, @01:13PM (#15596993) Homepage
    how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?

    Because you leave them on everything you touch?
    • Uh.. aren't you elite enough to wear those fancy white gloves?
      • hospital grade latex gloves do not prevent fingerprint leakage, no matter what TV says

      • Forget gloves, I'm waiting for the fluke where residue from the last print mixing with my print comes up in the computer as Micheal Jackson.
        Clerk: Uhhh, Micheal, Jackson ?...
        Me: Yeeeeah, I had them take it all off & start from scratch.

    • Re:Uhh... (Score:5, Insightful)

      by MarkByers (770551) on Saturday June 24 2006, @01:20PM (#15597024) Homepage Journal
      And you can't cancel (change) your fingerprint if someone finds out what it is.
      • And you can't cancel (change) your fingerprint if someone finds out what it is.

        Quoth Helena Bonham Carter in Fight Club:

        "They're inside burning their fingerprints off with lye. The smell is terrible."

        A little more painful than cutting up a credit cArd, granted. At least to some people.

      • Re:Uhh... (Score:5, Insightful)

        by eclectro (227083) on Saturday June 24 2006, @02:20PM (#15597279)
        And you can't cancel (change) your fingerprint if someone finds out what it is.

        And you can't stop the production of gummy bears [extremetech.com]

        I could probably travel the world on a single package of gummy bears and a set of prints lifted from the sides of soda cans, tossed in the trash outside the convenience store.

        Just remember though, outlaw gummy bears, and only outlaws will have gummy bears.
      • It does not matter. A person's fingerprint is not a secret. You leave them everywhere. (Unless you wear gloves all the time.) I assume the cashier watches the customer scan their fingerprint, so they know the fingerprint belongs to the customer. If someone comes in and tries to scan a finger not connected to anything, the cashier will probably suspect something.

    • Re:Uhh... (Score:3, Informative)

      by frisket (149522)
      No, because the crooks can just chop off your finger and use it.
    • Another issue is that your fingerprint must be stored somewhere else in a database. This leaves room for an attacker to use a digital copy of your fingerprint for other transactions.

      Somebody please correct me if I am wrong, but this is nowhere as safe as a private/public key. If the external party saved your public key, there is no worry. However, your fingerprint does not have two version, one being public, and one being private for signing. On the bright side, they can combine a pin number with the finger

  • thoughts (Score:3, Informative)

    by yagu (721525) * <yayagu@gmaTWAINil.com minus author> on Saturday June 24 2006, @01:14PM (#15596994) Journal

    From the article:

    The company is a bit puzzled by customer privacy fears. After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token or account number that's tapped into a computer or spoken over the phone?

    WTF? How can they say that? Don't they know how many times each day people lose their fingers? Not to mention the countless times people give each other the finger! (Done so a few times myself.)

    Also:

    It's similar to the finger-scan technology used at theme park gates. Those systems take measurements of patrons' hands and fingers and link them to a multi-day pass to prevent several people from using one person's pass.

    I experienced this at Epcot... in Orlando. I don't know if it was in its experimental phase, but it introduced lots of confusion as people entered the park. And, it was not clear how or where it was used the rest of the time we were in the park -- if it was exclusively to prevent abuse, so be it, but it was an eerie experience at the gates.

    I do wonder about the statement: (FTA)

    The company pledges not to sell or rent personal information, or access to it. The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.
    How can that be? I know my prints are on file (Top Secret clearance, cool!), but I wonder how these prints would differ. Are they storing some kind of hash with no backup of the original scan or image? Weird, but doubtful.

    I think this is great technology as people get more comfortable with it. I would (and do) worry about how soon people get good at counterfeiting fingerprints. Thought I'd read a couple of articles on that very hack and that hacking fingerprints turned out not to be too very hard. Any resources on that?

    Regardless, great point about it not being that much different (and quite a bit less likely to wander off) from keychain fobs, credit cards, etc.

    • Company pledges (Score:5, Insightful)

      by plover (150551) * on Saturday June 24 2006, @01:18PM (#15597016) Homepage Journal
      From TFA: The company pledges not to sell or rent personal information, or access to it.

      I read this line too and it made me want to scream. "Company pledges" are worth exactly shit these days. "We pledge to protect your privacy and retain the right to alter this pledge at any time." "We pledge to never sell or distribute all of this personal information that we insist on gathering, really, unless we're bought out by another company that doesn't pledge this."

      I don't want pledges. I don't want them to have this info, period. I don't want to receive marketing from them any more than I want it from third parties.

      Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for marketing purposes of any sort."

      Those are some pledges that I'd be slightly more inclined to believe.

      • Re:Company pledges (Score:5, Insightful)

        by sbaker (47485) * on Saturday June 24 2006, @01:26PM (#15597043) Homepage
        It's hard to imagine anything that's more personally sensitive than SWIFT banking transactions - and they gave those records up to the US government in no time flat!

        These days you have to assume that any item of data you give to anyone is insecure from that point on.

      • Now, if there was accountability behind these pledges, such as "We are bonded for a $10,000 per customer coverage to never leak any customer information" or "Under penalties of perjury with a minimum of five years prison time to be served by each member of the entire Board of Directors, we pledge to never sell or otherwise distribute any personal information collected by us. Furthermore, under threat of the same penalites we pledge to use this information only for verification of your account, and never for

    • Re:thoughts (Score:5, Informative)

      by DrSkwid (118965) on Saturday June 24 2006, @01:50PM (#15597146) Homepage Journal
      > "The company pledges not to sell or rent personal information, or access to it."

      That should read "The current management of the company pledges not to sell or rent ...."

      http://www.paybytouch.com/privacy_policy.html [paybytouch.com]

      Notification of Changes
      If we make material changes to this policy, we will notify you here, by email, or by means of a notice on the Pay By Touch homepage so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we may disclose it. We will update our privacy policy from time to time.

      Notice the OR, they can change their TOS any time and promise to change their TOS page accordingly.

      Pay By Touch may share your personal information with companies that Pay By Touch contracts to privately and securely verify your identity, process your payments, cash your checks, and prevent fraudulent use of the Pay By Touch services.

      We all know how secure third parties are.

      "In some cases Pay By Touch may provide algorithm or sensor vendor partners who have entered into confidentiality agreements with Pay By Touch with anonymous biometric scans. These companies use the anonymous test scans only to develop, test, modify and improve the performance of their hardware and software products related to the Pay By Touch services. These test scans are not linked to any personally-identifiable identity or account information."

      Er, they are fingerprints, how anonymous are fingerprints!

      http://www.paybytouch.com/member_terms.html [paybytouch.com]

      THE PAY BY TOUCH SERVICE IS PROVIDED "AS IS" WITHOUT ANY WARRANTIES OR REPRESENTATIONS WHATEVER OF ANY KIND, WHETHER EXPRESS OR IMPLIED. Pay By Touch will not be liable or responsible for any damage or injury caused by your use of the Service.

      Great, that's the feel good factor !

      • Well, on the anonymous scan part, that is pretty obvious. They're providing a box to developers like you and I. We touch it, it returns a fake record. If it works, it'll return the same fake record every time. If it has a false, it'll probably return a different fake record.

        I'm not particularly comfortable with it still.

        As someone else said, your fingerprints are everywhere.

        Say this does become wide spread. Everyone's using it. I go into a high dollar sto
          • Cashiers don't even look to see the name on a credit card matches the drivers license. What would make you think that they'd pay attention to a bit of discoloration on the index finger?

                Over the years, I've sent girlfriend's out with my credit card to buy things. Only once has one been refused. It's pretty obvious that it's a guy's name on the card, and a girl trying to use it. Even if they checked ID's, they'd see the last names weren't even similar.
    • If it is in fact a completely different scan that cannot be linked to law enforcement scans that is an awesome technology. DNA even wouldnt be that big of a deal if law enforcement didnt have that type of DNA id. If the two are different, I think it is much less of a privacy issue. We know the govt will take databases en masse to "look for things" so if this is different than their system, they cant simply use it to get around those pesky warrants. (which is a whole different situation, it isnt like a war
    • I agree with your comments, but they are technically correct about the fingerprints being different. The government stores them as images on what are called "ten print" glass plates. Most matching is still done by hand.

      There are two reasons why the fingerprints are different. The first is that they don't store the fingerprint or any image of the finger print, they run a filter to make the initial image black and white(no grays). Then they run an edge detection filter to make the lines obvious. An algor

      • Only the graph is saved, and the graphs are compared to verify identity. The fingerprint data that my company uses is less than 1k of data consisting of only minutiae type, links to other minutiae, and distances. So in other words, there is no way to get an image of the finger back, so the police can't use it(for manual matching).

        All they have to do is use your equipment to generate a matching graph of the fingerprint in question, and the police can match against your records that way. In other words,

  • Gummibears anyone? (Score:5, Informative)

    by sbaker (47485) * on Saturday June 24 2006, @01:15PM (#15597001) Homepage
    Didn't Slashdot run a story a while back about a supermarket fingerprint pay
    system that was tried a year or so ago? It could be faked out REALLY easily
    using a Gummibear.

    I can't find the slashdot story - but check this out for example:

    http://www.theregister.com/2002/05/16/gummi_bears_ defeat_fingerprint_sensors/ [theregister.com]

    Does this new gizmo do something magical to avoid this rather easy attack?

    Just google gummibear and fingerprint and you'll find a gazillion How To
    articles.

    If the biometrics guys are 'a bit puzzled by customer privacy fears" then
    they are horribly ill-informed!

    I can avoid leaving my credit card lying around for someone to steal - but
    it's very hard indeed to avoid leaving my fingerprints in all sorts of
    public places. If I could find out how to defeat their scanner so easily
    with about 10 seconds of Googling - you can be very sure that the bad guys
    will be lining up.

    • Re:Gummibears anyone? (Score:4, Funny)

      by SubliminalVortex (942332) * on Saturday June 24 2006, @01:32PM (#15597072)
      Touching a "gummy bear" in a way in which it wasn't intended is just plain wrong. Gummy bears are meant to be eaten not fondled.

      Also, do you know how old that gummy bear is? You might be touching an under-aged gummy bear.

      One might have a gummy bear fetish. (hrmpphph they are tasty.....)

      • That might work - but it's a pretty flimsy solution for a serious security problem. If gummibears didn't work, just how long do you think it would take for the bad guys to figure out how to take a latex mold or something.

        It's not enough to make it a bit harder - you have to make it virtually impossible.

        Worse still - once someone has cloned your fingerprint, what do you do about it? If someone clones your credit card you can phone the card company and they put a stop on that card and issue a new one. Thi

      • Re:Gummibears anyone? (Score:4, Informative)

        by plover (150551) * on Saturday June 24 2006, @05:02PM (#15597886) Homepage Journal
        Superglue, cameras, blank circuit boards, and etchant are required to make the mold. All crap I have had laying around my house for the past 20 years. And gelatin is require to make the fingerprints. That's in my pantry, and not so old. The last two ingredients are knowledge (see the link) and the lack of ethics that keep normal people from committing crimes (in sadly short supply.)

        "Gummibear fingerprints" are not certainly not FUD (although they're not made from real gummibears.) They're a real attack that's easy to make, and fun to eat!

        The reasons they'd work so well for fraud are numerous. First, while it's pretty easy to keep track of your fingers, it's virtually impossible to "guard" your fingerprints. You leave them everywhere -- your phone, doorknobs, keyboards, dishes, plastic bags, everywhere. It just takes a little bit of "Hardy Boys Detective Handbook" work to photograph them. Making a circuit board from a photograph is something I did a lot in 7th grade, but nowdays digital cameras and laser printers are more common than photographic enlargers. And even I can mix up gelatin without burning down the kitchen.

        The neat thing is that gelatin itself is the ideal material for forging fingerprints. It is simply animal protein (it's pretty much ground up cow hooves and collagen, if you want the real details.) It's biotic matter, so it has roughly the same electrical capacitive properties as human skin. It's thin and transparent, so a "pulse detector" that senses the infrared pulses given off by circulating blood can see right through it. And if you wet it, it's kind of sticky and can easily be applied to the fingertips before heading to the cash register. Once applied, they're virtually impossible to see. Gelatin is almost indistinguishable in every way from human skin.

        Everything that a fingerprint scanner can be built to look for (at a cheap enough price to sell to grocery stores) is right there on your fingertip. Even if the alarm bells sounded and the guards came running, you'd still have time to pop your finger into your mouth and eat the evidence.

  • The cost of shopping.... (Score:5, Funny)

    by SubliminalVortex (942332) * on Saturday June 24 2006, @01:16PM (#15597004)
    Fingers today only, next month, we charge an arm and a leg!

  • In Other News (Score:5, Funny)

    by Who235 (959706) <`secretagentx9' `at' `cia.com'> on Saturday June 24 2006, @01:17PM (#15597010)
    Officials from the Tampa police department respond to a rash of armed index finger amputations. Meat cleaver sales rise, while guitar sales plummet.

    Film at 11:00.

  • Fingerprints are less reliable ... (Score:4, Interesting)

    by Manip (656104) on Saturday June 24 2006, @01:19PM (#15597018)
    Some people's fingerprints can't be scanned by these machines... Last year I went to Florida and they have fingerprint machines at all the big theme parts and at the airport. None of these machines could pick up my prints... And every second time I used them I got rejected ... So this flawless technology is anything but... I do nothing special with my hands, so it must be one of those "from birth" things... But if you're unlucky like I am then don't expect to be paying with your fingers any time soon. I am not looking forward to going back though American customs as I know the fingerprint machine will reject my prints and I'll get sent home or something crazy.
    • The Pay-By-Touch sales representative that I met with a couple years ago told me that about 1-2% of the population has fingerprints that can't be read by their machine. Particularly affected were 'pineapple pickers.' He said the combination of the enzymes and acids in the pineapple juices plus the rough texture of the plants caused their fingerprints to be completely obliterated.

  • Don't they watch murder shows? (Score:5, Interesting)

    by NeuroManson (214835) on Saturday June 24 2006, @01:20PM (#15597025) Homepage
    "After all, they say, how can using a unique fingerprint for identification be riskier to theft than a plastic card, key chain token, or account number?"

    Just look at murder victims whose hands have been lopped off to hide their identities. It doesn't take much of a (morbid) leap of logic that someone could hold onto a thumb, and surrepticiously use it to withdraw someone's entire finances.
  • After all the bullshit being done the Government lately, I don't goddamned well think I'll sign up for any voluntary fingerprinting.

  • Let's face it... biometric authentication/payment is really cool. As long as I can be sure the cryptographic basis of it is secure (i.e., that my fingerprint can't be recreated from it), I would be comfortable using it. But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it. I understand that people are afraid about invasion of privacy and identity theft, but the issue should be "Are we sure that company $X's implemen

    • How about "Biometrics are horrible security methods"? YOu can cancel CC numbers, revoke certificates, and change passwords. How the fuck do you change your fingerprint? You can't. Its comprimised once (and these machines are easy to fool) and you have no security.

      • Yeah. That's a good excuse, I agree. But my point was that the majority of the population will reject it because it is "creepy" to them, without considering how it actually works or the real risks and rewards.

        What someone needs to do is create a smart card with a built-in fingerprint reader and PIN pad, so you can use your own, totally secure device. It will authenticate you using the PIN and fingerprint, and then allow you to cryptographically authenticate to another device (e.g. the payment system at

    • But you know, most of the world is stupid and doesn't understand this kind of stuff, or has stupid opinions about it, and will be afraid of it.

      Don't mind me, I'm just buying some powder, a makeup brush and tape. Don't mind my friend in line ahead of you, he's just testing out his new windex on the fingerprint reader to make sure the bottle isn't defective.

      I'm not "stupid" but I do have opinions of this. Based on their demo [paybytouch.com] (flash) they use a simple pad-based scanner where you press your finger, rather tha
  • 'The fingerprint image recorded is not the same as those collected by the federal government or law enforcement.'

    But just watch...it could be USED by law enforcement in about ten seconds!

    California has required you to give a scanned fingerprint for years just to get or renew your driver's license. I've always wondered how many divisions of law enforcement now have MY fingerprint in their dtatbase. When I asked the guy at the DMV, he said he didn't know, but was SURE that law enforcement could access the

  • Mugger steals credit card: bad (Score:3, Funny)

    by CrazyJim1 (809850) on Saturday June 24 2006, @01:27PM (#15597048) Journal
    Mugger steals your finger, worse.
    • Many fingerprint readers can detect whether the finger is alive or dead, which should help partially solve this problem (but only if all fingerprint readers use this technology, otherwise they will just exploit the one that doesn't).

      The other two issues that I think are more important (and mentioned already above) are:

      * Your fingerprint is basically public information - you leave a copy of it on everything you touch
      * Unlike a bank card or a password, it cannot be changed once it is compromised.

      Together thes
    • There are some people willing to steal a wallet. There are not very many that will steal a finger.

      Credit card fraud cases don't get much attention since they are a dime a dozen. Violent assault cases get much more attention, and thus have a much greater chance of getting caught. I think most criminals willing to attack a human and take their finger would find the risk outweighs any potential gains.

      • There are some people willing to steal a wallet. There are not very many that will steal a finger.

        The argument is that stealing a wallet has, historically speaking, been a profit-making enterprise. Stealing a finger, however, has not. The use of a fingerprint for authentication changes the status quo; now stealing a finger offers the same motivation: Profit. The argument is that this will create the pool of folks who will steal fingers in a natural manner.

        Before you attempt to bring to the argument

  • Iris scanners are not that expensive anymore, and I don't understand why thumb scanners are used anywhere outside of having a little usb toy attached to your computer. This confusion doubles when you consider it in situations where security is very important, like cash transactions.

  • Okay so we have (Score:3, Funny)

    by zephc (225327) on Saturday June 24 2006, @01:34PM (#15597080)
    finger-print scanners as payment. Check.
    fuel from anything in 9 years. Check.

    Now all we need hoverboards and Pepsi Perfect.

  • I'm not *that* anonymous (Score:5, Interesting)

    by anaesthetica (596507) on Saturday June 24 2006, @01:37PM (#15597092) Homepage Journal

    Scuttlemonkey wrote "An anonymous reader writes..." despite the fact that this is my journal [slashdot.org] entry, and says qo quite clearly at the top of the story: "Journal written by anaesthetica (596507) and posted by ScuttleMonkey on 14:12 Saturday 24 June 2006"

    I mean, I may not stand out in a crowd, but this is just an unnecessary blow to my ego.

  • Cub Foods also uses it. You need to enter a 7 digit number along with your finger print. It really didn't seem easier than swiping a card and entering a four digit number, so I didn't go with it. They suggest using your phone number for the seven digit number. I imagine the number is needed to make the database lookup practical. I wonder what would happen if LOTS of people started using the same seven digit number "1234567"...

    • Re:Others use it, too (Score:4, Insightful)

      by mark-t (151149) <markt&lynx,bc,ca> on Saturday June 24 2006, @02:51PM (#15597420) Journal
      The 7 digit number is probably there to conform to the normal standard of requiring two pieces of ID for confirmation of who you are. The 7 digit number is one, and your fingerprint is the other. This not only confirms your identity but also confirms that their records are accurate with respect to any identification that you have previously provided them with. If something doesn't match up with their records, they can ask you for details and confirm your identity another way before processing your payment.
  • here is a similar article about the same thing:
    http://www.businessweek.com/technology/content/mar 2006/tc20060328_901806.htm [businessweek.com]

    For all you phobic people out there who don't want them to "have a copy of your fingerprint" from what I found out from the employees it doesn't work that way. It doesn't store your fingerprint, just certain points on it. So really there is not a way to one way hash back to your actual fingerprint. Now, maybe the employee didn't know what they were talking about but for them to have
    • Actually this is how all law enforcement data bases work. They find places where print ridges have certain kinds of discontinuities, bifurcations etc... then store the potions of these points relative to each other. Very few database matches rely on a complete match, nor are they actually comparing actual pictures of prints, but rather how many points in common line up. Since lifting prints often distorts the print or misses some areas, exact matches are really ever found, but the quality of the match go
  • Fingerprint payment is already in trial in the UK by the Co-op.

    More info:
    http://www.computing.co.uk/computing/analysis/2158 818/op-users-back-pay-touch [computing.co.uk]

  • Modern Biometrics (Score:5, Informative)

    by cdrguru (88047) on Saturday June 24 2006, @03:39PM (#15597589) Homepage
    It is important to know that these sensors are not optical in any way. They are using sensors similar to those from Authentec which use an RF scan to penetrate the first layer of skin. This eliminates problems with "too wet" and "too dry" fingers and also prevents spoofing by just about everything except cutting the finger off.

    There are some systems that can be fooled much easier, but they are not being used by PayByTouch. Nor is anyone serious about using a fingerprint scanner anymore.

    Microsoft sells an optically-based fingerprint scanner that can be fooled by latex molds, gummi bears and lots of other stuff.

  • Not a print image (Score:3, Interesting)

    by Baavgai (598847) on Saturday June 24 2006, @07:06PM (#15598299) Homepage
    We use finger print readers where I work. This, of course, only applies to the system I'm familiar with, but I doubt the store one is that divergent. They don't store anything resembling an image, but rather a numerical encoding of a given number of key points. I get the impression the actual process involves some kind of hash number validation.

    The reason that "the fingerprint image recorded is not the same as those collected by the federal government or law enforcement" may be chillingly pragmatic. We were told when implementing our system that if we stored fingerprint data up to government specs we would be required to provide that information to the government. As a result our company, and most others, store data below the threshold that will get them noticed by the feds.

    The fingerprint validation itself is somewhat fluid. Most people don't press the reader the exact same way twice in a row, the finger distorts under different levels of pressure, reacts to environmental changes, and even the current health of the individual. This kind validation requires a level tolerance to be set.

    Some individuals never seem to get a good read, the tolerance for such people needs to be loosened to get any kind of positive feedback. As a result, some of our employees could hoist a big toe on the reader and probably get a pass. I simply wouldn't trust these things not to mistake me for the granny with the bad fingerprints.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.