Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Technology

Your Fingerprint Buys Groceries in Seattle 381

Posted by timothy from the don't-lose-your-id dept.
lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?
This discussion has been archived. No new comments can be posted.

Your Fingerprint Buys Groceries in Seattle More

Your Fingerprint Buys Groceries in Seattle

Comments Filter:

  • Convenient... (Score:3, Interesting)

    by Junta ( 36770 ) on Sunday April 28, 2002 @09:35PM (#3426866)
    but if you thought those MVP/VIC/etc... cards were bad about providing tacking info, this is a nightmare

  • Fingerprint == Money (Score:3, Insightful)

    by k_d3 ( 559373 ) <kool_dudz@@@hotmail...com> on Sunday April 28, 2002 @09:36PM (#3426874)
    Interesting concept. Since it's difficult to forge fingerprints, it may be a viable idea. Still, someone other than you could use their fingerprint tied to your money, which isn't a good idea. Whatever works, though...

    • Identity verification at registration (Score:5, Insightful)

      by shadowsong ( 132451 ) <shesajarNO@SPAMgmail.com> on Sunday April 28, 2002 @09:47PM (#3426923)
      Verifying the identity of the customer would be absolutly key here.

      (from the article)
      "It takes about one minute to enroll," Kapioski said.

      I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:

      "Employees underwent 15 or 20 minutes of training in the system this week."

      The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.

      • Part of the problem with current credit cards, and with this system as well is, as the parent said, the 18 year-old clerks. I'm speaking from experience, as a 17 year-old clerk at a clothing store that does lots of sales with credit cards. I realize that credit fraud occurs commonly, yet I don't do anything about it. I rarely check signatures and only ask for photo id if the CC says to. There's no reason for me to do otherwise. No penalities from the cards are directly passed on to the cashiers. If some accountability was placed on me, like a 50 dollar fine for each stolen CC I allowed to be used you can bet I would be checking alot more signatures.
        Another part of the problem is lack of consumer awareness. You would be amazed at the number of people that don't even bother to sign the back of their cards. We're supposed to ask for id in that case, but when you've got a line of 15 customers, waiting for someone to dig their license out isn't the greatest idea.
        To solve the problem, I think credit cards should come with a mandatory PIN number, one which isn't stored on the card (so theives can't crack the card). In addition, some responsibility is due for the cashiers. If my cash drawer is 5 dollars under (or over) what it should be, I get written up. Why not do this for cards not used by their owners?

    • Re:Fingerprint == Money (Score:3, Informative)

      by VAXman ( 96870 )
      Interesting concept. Since it's difficult to forge fingerprints, it may be a viable idea. Still, someone other than you could use their fingerprint tied to your money, which isn't a good idea.

      That should require the same amount of difficulty as getting a credit card in somebody else's name. So, in that sense (setting up the account), this fingerprint system has no advantage or disadantage over a credit/debit card.

      However, it has a huge advantage in accuracy of authenticating the owner of the account. I will submit that it is far more difficult to forge a fingerprint than it is to forge a signature (usually the only authentication system used to validate a credit card purchase).
      • "However, it has a huge advantage in accuracy of authenticating the owner of the account. I will submit that it is far more difficult to forge a fingerprint than it is to forge a signature (usually the only authentication system used to validate a credit card purchase)."

        Well, I don't know where you live, but around here the don't even bother checking the signature. Seriously, my two roomates and I have proved this several times. We have receipts where we signed for each other, used stupid names (I can show you more than one thing bought with Santa Clause's signature), etc. Never had a clerk even look twice. Same thing goes with checks, but those a a little harder to get ahold of.
  • This will only encourage the act of chopping off fingers. Victims will be out a finger and a few thousand dollars in condoms and baby oil.
  • If this is to make a significant impact in the area, more businesses need to follow suit.

    Unless you're a West Seattle resident, chances are you never shop at this Thriftway. People I know in Belltown, Capitol Hill, Fremont, and near UW all either go for the small co-op grocery stores, Whole Foods, or the commercial Safeways and QFCs.

    I think the technology is a great convenience for the consumer, but why should it be limited to one store in a not-so-often-visited part of town? I've lived in Seattle for nearly a year now and I didn't even know about this Thriftway. :)
    • Perhaps you just think it's coincidence that a new mayor is elected from West Seattle and all of a sudden this system goes in? Oh, no, my friend... strings have been pulled.

      That Thriftway isn't even the good one--Admiral Thriftway, further North along California, would have been a much better choice. I would gain hours of my life back as if I didn't have to wait in line behind hordes of Yuppies paying for a bottle of Perrier with their debit/credit card in the 'express checkout' lane, fumbling with their PIN, receipts, etc. I suppose that using regular ol' dollar bills like the commoners would sully them horribly, but perhaps they could be trained to use this finger scanner system.

  • The Logical Extension (Score:5, Insightful)

    by (void*) ( 113680 ) on Sunday April 28, 2002 @09:41PM (#3426895)
    If this becomes widespread, then fingerprint laundering would become widespread. Don't hold that drinking glass at the restaurant too tightly - the waiter may decide to lift the prints and sell it to the Mafia for money. So people will start wearing gloves. Buy stock in glove copmanies!

    • Re:The Logical Extension (Score:4, Insightful)

      by interiot ( 50685 ) on Sunday April 28, 2002 @09:44PM (#3426909) Homepage
      eg. You can't be reissued a fingerprint the way you can with credit cards.
      • Sure you can.

        Only 9 times though...

        Tim

        • Re:The Logical Extension (Score:4, Funny)

          by flimflam ( 21332 ) on Sunday April 28, 2002 @11:08PM (#3427198)
          The hard part is when they revoke the old ones though...

    • ...I'm sure the checkout lady won't mind you holding up a drinking glass to the Thriftway fingerprint reader.
    • Any biometric system worth its salt uses significant "liveness" checks to prove that not only is the fingerprint a match (or % likelihood thereof), but it is actually attached to a real person (and is not a fake appendage).

      These include temperature measurements, electric field (around the body) measurements, etc. This is where the real innovation around this field will take place over the next few years - accuracy (of fingerprint recognition) is already pretty good.
    • Buy stock in glove copmanies!

      Why? Because they make those white gloves for the cops who direct traffic?

  • less fees - HA !! (Score:4, Insightful)

    by DuncanMurray ( 448670 ) on Sunday April 28, 2002 @09:43PM (#3426905) Homepage
    "If we can come up with a payment method where there's no opportunity for fraud, then the fees come down," Kapioski said.

    That's what they said about ATM's.
    That's what they said about Net banking.

    Its all cheap and rosy until its mainstream and then BANG up jump the fees.
    The technology might be cool, it may be convienient, but dont be fooled into thinking that it will be cheaper.
    • "If we can come up with a payment method where there's no opportunity for fraud, then our profits are higher" would be closer to the mark.

      Why drop fees? People are paying them at the level they are now, and (at least in this country) banking is controlled by a small cartel of banks that strangely enough all raise and lower prices at around the same time.

    • Huh, my bank provides both ATMs and net banking free. Sure, I get charged if I use another bank's ATM machine, but since prior to the existence of ATMs I couldn't make a withdrawal from another bank at all, I think things have gotten better.
    • You think on-line transations get expensive after they become mainstream? That strikes me as odd. Credit card rates that should be have been criminialized were in place long before the net went mainstream. In fact, it's not unreasonable to suspect that exact issue might have been one of the big reasons e-commerce didn't fly. It was starting out the gate with a tax going to the card companies, and for what, money handling? Isn't the government supposed to provide the currency.
      According to the Constitution that's how it was supposed to go.

      Net banking fees emerged AFTER it went mainstream?
      Sorry, that's factually incorrect.

    • Re:less fees - HA !! (Score:3, Interesting)

      by ImaLamer ( 260199 )
      Who said there would be no fraud in 'net banking?

      ATM's were also known to not be the most secure item when they were invented, but they are only as secure as you are [duh].

      Fraud is a considerable thing to deal with for a bank - many times the person who was defrauded demands not to pay and the bank does as their customers want. Getting your ATM card stolen by someone you know can cost you a lot of money - sometimes up to ten times more than you lost if you try to push on with the investigation. A bank isn't the police, and the police can do little in these situations even when there IS a picture. In the end more is lost that what was stolen in the first place.

      Fingerprint technology could bring those fees down, but we will need to see it work.

      But where is the Fee? It's basically the same as that sticker in your car that pays the toll or the barcode on your keychain that charges gas to your credit or debit card.

      Adding fees would destroy such a flimsy top-level service and force it into the hands of Mastercard or Visa which only get paid when you use it anyway.

      Fees? It's your money - learn where to shop it around.
  • Robber: This is a stick up! Give me all the cash NOW

    Clerk: Ok sir.. But I'll need you to place your finger on the scanner so that the change drawer will open and i can get the money for you..

    Robber: Err, umm.. nevermind

    • Re:I can see it now.. (Score:2, Funny)

      by Anonymous Coward
      Robber: Put your finger on there, why the hell would my fingerprint open the cash register drawer you dumbass?
      Clerk: We don't have cash registers anymore since your fingerprint acts like a credit card.
      Robber: Er, oh yea.....

  • Not unique (Score:4, Insightful)

    by morcego ( 260031 ) on Sunday April 28, 2002 @09:44PM (#3426908)
    That is interesting once, for some time now, it's known that, contrary to popular belief, fingerprints are not unique. If I can use an analogy, the same applies for network card MAC addresses. Btw, the chances of finding similar fingerprints are greater then MAC addresses.
    Now, I wonder why people continue to use non unique data as identification methods. It really scaries me, then I think about the kind of trouble one get get into on these issues.
    • That is interesting once, for some time now, it's known that, contrary to popular belief, fingerprints are not unique. If I can use an analogy, the same applies for network card MAC addresses. Btw, the chances of finding similar fingerprints are greater then MAC addresses.

      So you'd rather trust your life savings to a minimum wage clerk's handwriting interpretation (and that's if she even bothers to compare your receipt to your credit card) than to a sophisticated computer system which has a remote chance of error?

    • Simpler attacks (Score:3, Interesting)

      by coyote-san ( 38515 )
      The uniqueness of fingerprints is important when considering criminal convictions where there's little or no other direct evidence besides latent prints, but it's not a big concern here.

      A far easier attack here is to swap out the record in the database. If it doesn't have good auditing, it would be trivial to swap in somebody else's prints, make a large purchase of easily fenced goods, then swap the original prints back in without detection.

      You could probably even just add additional prints as an additional purchaser. But that's risky since those prints could then be used by investigators.

  • The main advantage... (Score:5, Insightful)

    by zook ( 34771 ) on Sunday April 28, 2002 @09:44PM (#3426910)
    The main advantage of the new system, Kapioski said, is the security.

    No, the main advantage is easier tracking of the customer.

    • How so? (Score:4, Interesting)

      by gvonk ( 107719 ) <slashdot@@@garrettvonk...com> on Sunday April 28, 2002 @10:10PM (#3427015) Homepage


      Maybe I am unclear on this, but I use the same debit card 95% of the time at the Kroger I visit for my groceries. Do they have to agree to something saying they won't just use my unique cc number to track my purchases? And even still, is it technically against the rules to grep the data from the card for my name that is encoded on the strip and use that to track my purchases?
      Furthermore, most stores have the "happy consumer tracking" card that many of us keep on our keychain, and to complicate the "tracking" argument further, the fingerprint thing is completely optional, as all of the methods I mentioned are today--

      JUST USE CASH PEOPLE!!!!!

      • Cash? (Score:4, Insightful)

        by Bios_Hakr ( 68586 ) <xptical@g m a i l . c om> on Sunday April 28, 2002 @10:35PM (#3427101)
        Even using cash can seem unsecure if you are parinoid enough. For instance, you withdraw 50$ from an ATM in the mall. Cross reference that with the purchaces made in the next 50 minutes and then filter anything >$75. They can quickly build a list of possible purchaces which will become increacingly accurate over time. The mall has the ability to do this as they probably own the ATM or have access to the log.

        Ok, so now you are to the point where you can no longer withdraw cash form the mall ATM. You may be thinking, "I'll just use the QuickieMart ATM down the street." In time, and with better AI software, the places where you get cash annonymously will shrink. Right now, I consder the counter at my local bank the only place to get cash and not have my name cross-referenced to an ammount and then published to the world. But who knows what kind of deal your bank may have with local merchants. Even if they don't share your info, someone clever enough can find your pay scale, subtract your bills, and target you for specific advertisements based on what you will likely buy. Even knowing that it really isn't difficult for a 3rd party to find out how much free cash you have every month can scare the hell out of you.

    • Is sharing your fingerprint with their "partners" because you didn't know you had to opt out before you were born.

      The less people who have access to biometric information from which they can infer genetic information that they could then use to discriminate against me, the better.

      "I'm sorry sir, but our partner Thriftway provided us with information that indicates that you have a genetic predisposition to liver cancer; we are going to have to deny you medical insurance."

  • Trusting your biometrics to anyone ? (Score:5, Insightful)

    by Oestergaard ( 3005 ) on Sunday April 28, 2002 @09:51PM (#3426938) Homepage
    It's beyond me how anyone would trust their biometrics to random companies (or other entities). Hell, I wouldn't trust the government with mine (they can take prints from my dead cold hands).

    The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.

    The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)

    The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.

    Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.

    Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).
    • The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.

      That's right...the system is only as strong as its weakest link-- I read in the paper that someone made off with 2,300 or so blank, signed birth/death certificates taken from a health center. The repercussions from this have the potential be VERY significant.
  • ...on how many naoseconds will pass between this and the time when law enforcement agencies decide to link this checkout system with thier fingerprint databases.

  • *Insert disaster scenerio here* (Score:3, Funny)

    by ari{Dal} ( 68669 ) on Sunday April 28, 2002 @10:01PM (#3426976)
    Ok.. seriously.. i've seen a few postings on identity thefts, the inherent fallacies of fingerprinting technology, the lack of three dimensional recognition... but what really scares me is...

    THESE BASTARDS ARE GONNA AD-TARGET ME!

    On a serious note though, I'd be more concerned about targetted marketing and advertising from the supermarket itself than identity theft and mistaken fingerprints.

    Think about it.. they'll have your name, your address, and your shopping habits. my gramma asks me to nip down to the grocery store for her.. next thing you know, i'm getting samples of preperation H and Depends shipped right to my door.

    That time of the month? Don't worry, we've been tracking that too! This handy dandy sample of Playtex tampons will show up JUST IN TIME! (oh wait.. that one could actually be useful).

    Gah. No thanks.. think i'll skip the fingerprinting and keep paying with cash. At least til they come out with a wrist chip implant...
    • Why are you scared of ad targeting? If you now how to manage your money it can be a very useful tool. Would you rather see ads for useless stuff or ads that are about your interests. If you are at a super market would you rather see ads for sales on tampons right when you need them or for low-rider magazine? I hate stupid repetative mindless ads on TV, but if it was for a new 180 gig hard drive or a demo of a new version of 3D animation software I would pay attention as much as I wold to a normal show.
    • THESE BASTARDS ARE GONNA AD-TARGET ME!

      OH NO! Quick arrest somebody!!!! When will people understand? If it's at all possible, you will be given ads. If there was a way to bombard you with ads 24/7/365 you would be. But the fact of the matter is, you will get advertising - so wouldn't you rather get ads for something you're actually interested in?

  • Nice guy (Score:3, Insightful)

    by dfenstrate ( 202098 ) <.dfenstrate. .at. .gmail.com.> on Sunday April 28, 2002 @10:07PM (#3427003)
    "They love it because it takes the cash out of the hands of 18-year-old clerks," Nickerson said.

    Okay, I'm all for new conviences, but I think this is quite a bit unfair. I ran a cash register for Marshall's starting when I was 16, and ending when I was 19. My highest drawer variance was 13 cents, and the most expensive thing i took home was a pen from a register.

    During my time there, 13 people where fired for dishonesty, and there was no trend in the age- people of all generations got canned for theft, including a 63 year old lady.

    Really, I'm 23 now, but is there that much a problem with the youth being dishonest nowadays, moreso then anyone else? Please, do tell me.

    • I worked at a retail store for a summer job and once I had a signifigant variance (something between $20-$80, I don't recall exactly). Fortunatly, the owner knew I didn't steel (and I didn't), so he let me off the hook. I guess some random customer did very well on their change back that day!

      So, a lesson. If the till is off a lot, it could just be human error (as it was in my case) instead of theft. Mistakes happen. On a side note, I did once catch a fake $100 bill by sight checking, so I guess it evened out!

    • Re:Nice guy (Score:3, Interesting)

      by Captain_Frisk ( 248297 )
      "They love it because it takes the cash out of the hands of 18-year-old clerks," Nickerson said.

      You are right, dishonesty doesn't have a correlation to age. When you have a situation where the employee can steal an hour or two's wages easily, and unprovably, then its going to happen. I worked the register at a pharmacy back in the day. Everyone there was dishonest. Inventory, cash out of the register, accepting cash payments and never ringing the items up all occurred.

      You definetly don't want your money handled by people who make minimum wage, but you can't afford to pay for trustworthy employees.

      Privacy issues asside, cutting down on the amount of money that is handled cuts down on theft, which "theoretically" cuts down on store prices.

      Note the theoretical, as the costs of pressing CDs has falled to almost nothing, but you don't see the costs of CDs falling with it.

      Captain_Frisk out.

      • Re:Nice guy (Score:3, Interesting)

        by Kaiwen ( 123401 )
        You are right, dishonesty doesn't have a correlation to age.

        You're both wrong. While this is not to say dishonesty doesn't exist at all age levels, as any decent sociologist will tell you youth (particularly in the 15-24 year old age bracket) are more prone to criminal behavior. Crime rates drop off dramatically after that.

        cutting down on the amount of money that is handled cuts down on theft

        Admittedly, this comes from someone who has never worked in a grocery store, but don't most stores keep a pretty close eye on cash register draw balances? Seems to me it would be much easier to make off with store merchandise than cash out of your drawer. Which, if true, means this won't have a major impact on employee theft.

        • You're both wrong. While this is not to say dishonesty doesn't exist at all age levels, as any decent sociologist will tell you youth (particularly in the 15-24 year old age bracket) are more prone to criminal behavior. Crime rates drop off dramatically after that.

          At the same time, most of the 15-24 year olds are more likely to have these minimum wage jobs. I think I phrased my reply poorly. I'd agree that younger people are more likely to steal, but its defintly not all about the younguns.

          Admittedly, this comes from someone who has never worked in a grocery store, but don't most stores keep a pretty close eye on cash register draw balances? Seems to me it would be much easier to make off with store merchandise than cash out of your drawer. Which, if true, means this won't have a major impact on employee theft.

          At least at the place where I worked, while the register was checked every day. However, once in a while (particularly if you were covering for someone else during their shift) an employee could lift a 20, and at the end of the day, the boss just shrugs his shoulders. A co-worker of mine did this on a semi-regular basis.

          Once, the register was $10 over at lunchtime (the morning cashier was not very gifted), my co-worker lifted a 20, and at the end of the day it was 10 under. Just for kicks, I was talking with the manager when she counted the drawers, just to see what would happen, and she said... "Well, it was $10 over at lunch, and $10 under now... see, it all balances out!"

          Also, another scam was on items that had a very defined cash value (newspapers, cigarrettes) where people would just come in, give you cash, and leave. They didn't want a receipt. So they hand you 2.25 for a pack of cigs, and walk out. Since inventory isn't checked often as registers, theres no way to correlate inventory theft to an individual employee, but the employee gets to take the cash home. A non-cash based system destroys this.

          Captain_Frisk out

  • ... what could be done to make a system like this actually acceptable to a typical slashdot reader? How about seniors?

    More than one finger? Extra key items required? End user definable spending limits?

    I would feel comfortable using this system if it was also combined with an alpha numeric password.

  • It still can be open for fraud... (Score:4, Interesting)

    by Pig Hogger ( 10379 ) <`moc.liamg' `ta' `reggoh.gip'> on Sunday April 28, 2002 @10:29PM (#3427079) Journal
    40 years ago, my father worked for a big British company. One day, the company decided to reward his oldest pensioneer. They went through the records, and found somewhere in India a 105 year old guy who was employed at the turn of the century as a janitor or/and doorman.

    Amazed that a man would live so long, the London head-office naturally sent for the old man.

    But they found nobody: turns out that the guy died some 30 years before. As he was illiterate, he endorsed his pension cheques with his thumbprint. When he died, the family "forgot" to notify the company, and they still cashed the cheques with his thumb, which was neatly mummified right after they cut it off...

  • If I ever find-out that someone is getting free groceries from them and is registered under the finger print system, I will kill that person (or not), cut off their hand, and bring that hand with me everytime i go grocery shopping.

    Anybody got ideas on how I can conceal the fact I got a decaying hand with me?
    • Depending on the sophistication of the system in use it won't do you any good. An interview with the head designer of such a system from 3 years ago indicated their system could differentiate between a live, attached finger and an amputated finger.

  • when they take them from my cold, dead hands.

    Wait a minute -- this makes credit fraud potentially lethal, instead of just extremely inconvenient! :/

  • The main advantage of the new system, Kapioski said, is the security. People no longer have to worry that their cards will be lost or stolen and then used to run up hefty charges.

    What bugs me about this is that people shouldn't have to worry now--credit card fraud (which is not identity fraud) is covered by the credit card issuers. Even that $50 thing which is talked about is usually waived.

    The only way this helps with fraud is that it reduces the amount of times the credit card is pulled out--obviously when your card is pulled out someone could quickly read the number and expiration date. (Hopefully all the merchants you go to no longer print the entirety of the credit card number and expiration date on the card. I just spoke in front of the Ohio General Assembly about passing a law to prevent that here.)

    The vast majority of credit card fraud is online credit card fraud--which is an issue, by all means. However most companies have address verification now, and if the fraudster gets your address, then you got another problem altogether.

    Fraud with a card in a store is too expensive and personal, and is generally avoided. It does happen (a fake credit card printed with your credit card number and expiration date, a fraudster's credit card remagnetized with a new credit card number, and in unusual situations, a stolen card with a new signature strip.) The least likely is someone just using a stolen credit card as is.

    I think what's funny is that, as I said, credit card fraud is not identity fraud. However, by tying the credit card to your fingerprint, suddenly subverting the system becomes identity fraud. That's progress for ya.

  • Otherwise...
    Keep in mind any time you let the store handle the financing, and don't use cash, you are paying more than the price of the item.. you are paying with your privacy.

  • What is to prevent someone from making a wax/plastic copy and then applying this overtop of their actual fingerprints??

    This method solves the texture problem (if done correctly), the color is easy to duplicate, and the pulse...well the imposter also has a pulse so getting around that is piece of cake!!

    Iris scans are also vulnerable by using a similar approach...one takes the iris image of the victim and imprints it onto a contact lenses and then wears them...how would an iris scanner be able to tell the person is a imposter...it probably wouldn't...so much for biometrics.

    And that's the problem...many people assume that biometrics are fullproof, but in reality they are far from it...

    Now one may say..."nothing is 100%, but biometrics is very secure"...that may be, but in those instances where a system is compremised, there is then NO WAY TO REVOKE AND REISSUE A NEW KEY since biometrics by their very nature are difficult to change unless one wants to undergo very expensive surgery.

    Bottom line is that biometrics, like any security method is not fullproof and needs to be used wisely; or in some applications should not be used at all.
  • Between stores' "frequent shopper" or loyalty cards and biometrics?

    Right now, they track all sorts of stuff (I used to work at a grocery store that implemented a loyalty card program) ... with biometrics it's even easier.

    On the plus side, since biometrics are perceived to be "more secure" than a loyalty card, let's add the possibility to store your payment information in a Windows IIS Server that is located at the central database.

    Now you can even pay as well as sending your buying habits ...

    I've worked with biometrics ... once you get past the bullsh^H^H^H^H^H^H white papers ... its actually one more piece to go wrong with the system.

    • Between stores' "frequent shopper" or loyalty cards and biometrics?


      "Frequent shopper" cards are easy and fun to trade with your friends! Try it!


      Fingers are not so easy or fun to trade.

    • While I do occasionally trade frequent shopper cards with friends, whenever I apply for one, I'm John Doe, address General Delivery, my town, my zip code. I don't mind them collecting demographics that say that people living on one side of my town are more likely to buy tortillas and both sides to buy rice, or to decide that when they're promoting chicken whether to also promote charcoal and barbecue sauce or white wine and shallots. They don't need my name, street address, SSN, height/weight/eyecolor, iris prints, or finger prints to do that - and they're perfectly happy to give me frequent shopper cards.

      If they insist on my fingerprints, I'm outta there.

  • Why wouldn't a thief just grab some scotch tape or whatever device is similar to what forensics labs use to lift prints?

    Just notice what finger the purchaser in front of you uses, when you buy your groceries you lift the print, then go home and transfer that to some vinyl/rubber/whatever mold/model, and apply to the apropo thumb.

    Then you just shop at times when the store personnel aren't likely to know the person you've stolen the print from, or even another store completely. If it doesn't work (I'm sure that even for the real person this might happen occasionally) just pay with cash and be on your way.

    Like others have noted, Schneier wrote about the downsides of biometrics in "Secrets and Lies". I was ok with them as an id device until that book.

    Of course, I've just tagged myself as a subversive element in the Echelon database. Let's just hope they don't have a Tempest surveillance system on me as well. :-)
  • Anyone remember the original Batman movie (the Adam West one) where Penguin has his fingers encased in plastic to get into the Bad Cave? I know it was more complicated than that, but it was funny.

    "I don't know who you are, so I'll take you to my super-secret hideaway to discover your identity. What, you're a super-villan? I never would've guessed. Your disguise was transparent but strangely effective."

    Triv

  • How did they get it accurate enough? (Score:3, Informative)

    by TheLink ( 130905 ) on Monday April 29, 2002 @01:16AM (#3427547) Journal
    As far as I know the crossover accuracy ratio for finger print biometric techniques is low.

    The few systems I've encountered, fingerprints are not used to uniquely identify people, just as a verification - people still need to swipe a card or enter a pin, then the fingerprint is used for verification.

    Do they have a new technique? There's nothing on the Indivos or Bioscrypt websites stating the crossover rates etc.

  • Interesting socio-political notice (Score:3, Insightful)

    by Com2Kid ( 142006 ) <com2kidSPAMLESS@gmail.com> on Monday April 29, 2002 @01:42AM (#3427600) Homepage Journal
    Being a seattle resident. . . .

    Thriftway, despite there name, is an establishment that caters to the middle and upper class portions of society. Their customers tend to be retired citizens or soccer moms.

    Besides the very fact that I get damn nearly nauseous just going in there (no seriously, I think that they sprayed the damn place with "odor of extravagant spending" or something ), candy bars alone have a 200% price market from the local safeway. Ouch.

    They rarely have any sales (or at least any that reduce prices to something halfway decent) and have 'guided tours' of their stores (what the hell ever. . . .), those the local store for a while was hosting some sort of cheese festival, it was a paid admittance thing. Ugh.

    Annyways, as I way saying. . . . ok actually no point to this message other then to say that the middle and upper classes suck. -_-

    --- teh classissist

  • Hmmm... (Score:3, Funny)

    by MWoody ( 222806 ) on Monday April 29, 2002 @02:01AM (#3427640)
    Hunh... An interesting idea, but what if someone had their fingerprints burned off? I guess we could go to retinal scanners, but I've never liked sticking my eye up to some random machine. DNA scanners would need blood, voice recognition differs too much with attitude and health, and facial recognition is in its infancy.

    Maybe, if someone could develop a system with, say, a two by three inch plastic card with someone's name on it, we could circumvent the whole deal. Yeah, it would be great! No more worrying about whether the machine would work, or your fingers were dirty, or someone had your prints - just slide the card and go through. We could even put a strip with bumps or - no, I've got it - a _magnetic strip_ with information identifying that person! As long as you didn't lose it - a far easier eventuality to avoid than, say, accidentally leaving your fingerprints on something - security would be perfect.

    You think it'll catch on?

  • Oh no! (Score:2, Funny)

    by ppetru ( 24677 )
    Dude, where's my finger?!??

  • "handy" indeed, there's always someone who pays (Score:5, Insightful)

    by jukal ( 523582 ) on Monday April 29, 2002 @03:51AM (#3427888) Journal
    Pardon me, but as, for example this document [sans.org], and multiple others state. Fingerprint ID has a false positive identification rate just under one percent. And gross biometric accuracy of 1:500.

    Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.

    Sincerely, fingerprints were not made for shopping. :))

  • A couple of points (Score:2, Interesting)

    by Mawbid ( 3993 )
    In my effort to continue to spread this meme [slashdot.org], I'd like to inject a couple of points.

    The two big problems with this are the likelihood of misidentification and the fact that you can't just get a new fingerprint if somebody gains the ability to buy stuff with yours. (I feel the tracking problem is less severe because people are already tracking us with credit/debit card numbers and the world hasn't ended)

    The identification problem is a very hard. As our pal Schneier likes to point out, a system that answers the question "is this person who they say they are" with impressive accuracy isn't necessarily any good at answering the question "who is this person". The accuracy drops fast as the number of people in the system increases. But don't throw out this system just yet. Is the base accuracy high enough, or can we keep the population low enough for the error rate to be acceptable? When Phil in L.A. is scanned at the supermarket, do we really need to consider Joe in N.Y. as a possible match(*)? Can we weed out more people with other checks before the fingerprint match is performed? I don't know the error rate of the best fingerprint matchers, but I need to know that, and the population size, and do the math if I'm going to reject a fingerprint id system on grounds of the misidentification risk.

    The other big problem is devastating to your ability to use a biometric id system, but not to anything else. A stored reading can be marked as compromised in the system so an attacker can't use it any more. You won't be able to use it either, but you haven't lost anything you had before the system was put in place (unless some pea-brain decides that this shall be the only way to pay). You haven't even lost everything you gained when the system was implemented. You now have a choice to dictate that only a debit card + a finger print is enough to make a puchase with your account, which is safer than the credit card alone, although no more convenient.

    Please, truly consider the benefits and liabilities of any new system and the system it replaces. At the very least, it'll make for more stimulating discussion than an endless stream of "this is bound to fail catastrophically" posts.

    * And when Joe travels to L.A., we know where he is because we tracked his ticket purchase ;->

Slashdot Top Deals

The solution of this problem is trivial and is left as an exercise for the reader.

Close