Forgot your password?
typodupeerror
Privacy Technology

Ready or Not, Biometrics Finally in Stores 317

Posted by Cliff
from the pay-with-your-thumb...or-someone-else's dept.
cancer4xmas writes: "It's very exciting to see USA Today's Technology front page saying, "Will that be cash, fingerprint or cellphone?" They're running a story on emerging biometric devices being the most fundamental change in personal finance since 1950, when the credit card was introduced. The concept is now being tested in some stores. Check out the full story." Now couple that tidbit with this morsel from wherley: "In a letter [scroll down a bit] to Bruce Schneier's Cryptogram newsletter, Ton van der Putte tells of a recent invitation from the BBC to comment on the addition of fingerprint biometrics to the British ID card. Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"
This discussion has been archived. No new comments can be posted.

Ready or Not, Biometrics Finally in Stores

Comments Filter:
  • Free stuff! (Score:4, Insightful)

    by FattMattP (86246) on Monday November 17, 2003 @11:22PM (#7499157) Homepage
    How long before theives chop off people's fingers and buy stuff with it? It's not like you can be reissued a new fingerprint.
    • LOL (Score:5, Funny)

      by FunWithHeadlines (644929) on Monday November 17, 2003 @11:36PM (#7499254) Homepage
      " How long before theives chop off people's fingers and buy stuff with it?"

      Well, quite a long while I would think. I would imagine that the teenage checkout person at the supermarket would scream bloody murder at the sight of you using a severed finger, getting blood all over the biometric scanner. I can see it now:

      "Paper or plast-- AAAAHHHHHHHH!"

      Not exactly the most effective scam to try.

  • Ouch (Score:5, Insightful)

    by MikeXpop (614167) <mike@red c r o w b a r . com> on Monday November 17, 2003 @11:22PM (#7499159) Journal
    I remember I read awhile ago in some magazine how BMW had the technology to use biometrics in place of keys. The reason they didn't was that someone brought up this idea.

    Carjacker + knife + need for your finger = not a pretty scene.

    That's kind of kept me off of Biometrics for awhile. Now where'd my tin foil hat go...
    • Re:Ouch (Score:5, Funny)

      by Popadopolis (724438) on Monday November 17, 2003 @11:28PM (#7499205) Journal
      I think that some store owners might notice if you came in and payed with a severed thumb. If not store owners, maybe bank people? Police? Security cameras? My guess is that paying (or withdrawing money) with a severed thumb might, might be considered suspicious behavior.
      • Re:Ouch (Score:2, Insightful)

        by MikeXpop (614167)
        No one's going to come in with a severed finger. That's preposterous. However, with a finger, I could peel off the skin, then attatch it over my finger with a little bit of tape or glue. No one would be any the wiser unless they specifically looked at my hands.

        Imagine the idendity thefts of dead people. Not a pretty site.
        • There's already stopgaps against that problem. When a person is reported to the Social Security Administration as dead, the SSA retires their number, and publishes it on a list of dead numbers. Banks (which all Credit Card Companies are on the inside) keep a watch on that list, and freeze any accounts tied to SSNs that appear on it until they get further information. Look up the story of anybody who has wrongly been reported dead on that list and you'll see that they can get nothing done with everything but
          • Re:Ouch (Score:3, Informative)

            by I8TheWorm (645702)
            That sounds like a handy system. However, I have first hand experience that that does not always occur. My fiance's ex-husband, the typical try-to-get-tons-of-money-without-working-for-it type (he actually sent money in a Nigerian scam more than once) has quite a few credit cards in his dead (over 10 years now) father's name. In a fit of spite, she called the credit card companies, who said that if she could not provide a death certificate, they weren't willing to do anything about it.

            Systems only work
        • Re:Ouch (Score:5, Insightful)

          by Uma Thurman (623807) on Monday November 17, 2003 @11:44PM (#7499307) Homepage Journal
          Why go through all that trouble when it's just much easier to keep pressing your thumb on the panel, getting the rejection, until the 16 year old at the register gets sick of you holding up the line and hits the bypass key on the register?

          These things are going to be so flakey. Even something as simple as a mag-stripe reader on a credit card sometimes takes 10 swipes to read on one reader, and just 1 on another.
        • Why would anyone enter a shop with a severed finger? The car theft idea works because there's nobody in the car park at night to wonder why some guy is opening a car with a severed finger. Similarly, there's noboby at night to wonder why some guy is getting cash from an ATM with a severed finger. And even if he gets filmed, by the time anyone figures out there's a problem, he's out of there.
      • by quinkin (601839) on Tuesday November 18, 2003 @12:14AM (#7499482)
        As Matsumoto pointed out [theregister.co.uk], it is quite easy to fool biometric fingerprint scanners using a constructed gelatine print. Even when the original is a latent print (ie. from a glass).

        This is far easier than pretending a severed thumb is your own, and with the use of acetone based prints (from the gelatine master) it is virtually impossible for a layperson to determine that you have an overlayed print on your thumb.

        Just your $0.02... :)

        Q.

      • This is why thumb-snatchers would do all their dirty work at anonymous places... like at an ATM, where they can cover up the camera.

        Attack of the Thumb Snatchers, coming soon to a B-movie theater near you!
      • Re:Ouch (Score:2, Funny)

        by pvt_medic (715692)
        please you give them too much credit
    • by einer (459199)
      Good thing they didn't want a retinal scan.
    • Carjacker + knife + need for your finger = not a pretty scene

      Actually, while that is a worst case scenario, much more likely is someone dusting the car for the owner's thumbprint (after all...it seems impossible that the owner wouldn't have touched his own car) and then casting an image to fool the scanner (and then applying the cast to a current thumbprint, or just doing whatever it takes to mimic a thumbprint in the way the scanner requires.)

    • Re:Ouch (Score:3, Interesting)

      by sllim (95682)
      I am afraid the real problem is the intellegence of the average thief.

      I am guessing that the scanner looks for a temperature of 98 degrees or so, and if it doesn't get it then doesn't process.

      Like I said, the problem is the intelligence of the average theif.
      Think they will think of this before they cut off my thumb???
      Noooooooooo.

      In fact, I dare say the theifs may have to have a pocket full of thumbs before they realize that They are doing something wrong.
      • Re:Ouch (Score:3, Insightful)

        by bedessen (411686)
        I don't see how checking temperature could possibly help. The tip of your finger is about the most extreme in terms of extremities and blood flow, and it will never be anywhere close to core body temperature. How many times have you shaken someone's hard and reeled back at their cold fingers? Or how many times have you messed with someone by putting your cold hand on the back of their neck? Are we to make everyone in line keep their hands in their pockets at all times, so that no one has cold hands? Wi
  • by mooface (674033) on Monday November 17, 2003 @11:23PM (#7499165)

    As someone working in biometrics and algorithm development, I would personally like to BEG the press to stop with the awful articles.

    Almost every article says the same thing, makes awful assumptions, comments on the privacy issue, and generally screws the pooch.

    Misconceptions and overhype can kill technologies for years....
    • by Anonymous Coward
      Where's your damn rebuttal. If you're gonna try to dismiss criticism, at least back it up.
    • by Nailer (69468)
      As someone working in biometrics and algorithm development

      Could you please tell me how I change my secret when its compromised? Yes, seriously.
    • by Zebbers (134389) on Monday November 17, 2003 @11:47PM (#7499327)
      those were awesome counterarguments from an unbiased industry insider
    • by Anonymous Coward
      As someone who worked in the biometrics field for a number of years I can say that fingerprint biometrics are stupid.

      Too easily compromised (kinda hard to change your fingerprint) and very unreliable.

      Fingerprints just are not unique enought and only work in small sample sets. For example, when a criminal investigation is being done the search is limited. When trying to do something like credit cards, you're talking about millions of people. It just won't work. Not solely using fingerprints. Not ever.
    • Please, don't stop! (Score:5, Informative)

      by plover (150551) on Tuesday November 18, 2003 @01:04AM (#7499775) Homepage Journal
      Why?

      Why stop with the steady stream of articles that point out the real shortcomings of biometrics? So you can keep your job? Sorry, but that's a pretty selfish reason that only works for you, your boss, and a handful of investors.

      As Bruce Schneier pointed out years ago, biometrics are a double edged sword. Biometrics are hard to forge (I am deliberately ignoring the $0.50 gelatin trick that fools fingerprint readers since I assume someone will repair that particular shortcoming,) and look to the implementations of the systems for the weaknesses instead. Yes, they are hard to forge. But once the data is turned into bits, it's pathetically easy to copy. And you can't put the genie back in the bottle it once it's gone!

      It comes down to "who do you trust?" Do you really trust the department store or the bank to not keep a copy of your biometric identification? What's to keep an unscrupulous merchant from intercepting a copy of your raw biometric data, and saving a copy?

      I see signature capture pads all over the place these days. I categorically refuse to use them because I have no confidence that my signature won't be captured and replayed by the wrong person. You can't tell me that a "secure" system will prevent this, because I can't tell a secure system by looking at one. The promise of Open Source is no guarantee, either. Even if it had a picture of a penguin on the outside, a spiffy GNU-y logo, and OSF and SourceForge brand stickers on it, how do I know it's really "IdentifyMe_2.0" and not some hacked-up demo being run by Vinnie the Chiseler? People believe that when they walk into a Home Despot that Home Despot doesn't keep a permanent record of their signature. Of course they keep it; it's actually required by law to retain the audit copy for 36 months (42 in Illinois.)

      There are also plenty of known cases [google.com] of fraudulent ATM machines that read your card, accept your PIN, spit out "TEMPORARILY UNABLE TO DISPENSE CASH", and report both your card and PIN to the machine's owner. How is a user supposed to be able to authenticate the biometric device is genuine; that it's not a sham, running a copy for a thief?

      How will this change with fingerprinting, hand geometry, retinal scans, or whatever the biometric system of the week may be? It won't; it can't. And since the systems can never be trusted to not "steal" or retain copies of identification for future playback, the systems should never be used in the first place. Using them even one time will put your irreplaceable data in a system it may never escape from.

      Biometrics are a technology that should not ever be mainstreamed. They might work fine for a secure military facility, but once they're out in the general populous for any length of time, the protections they represent are gone.

  • I hope we all realize that it's pretty easy to create a fake credit card too... probably easier. No, wait - I hope we don't all realize that.

    M@
    • by Popadopolis (724438) on Monday November 17, 2003 @11:42PM (#7499290) Journal
      Credit cards are getting harder too, with smartchips and strategically placed strips of thin metal inside. To fake one requires much more sophisticated equipment than five years ago.
    • by Anonymous Coward on Tuesday November 18, 2003 @12:48AM (#7499664)
      You don't need to fake a credit card, just nab one and it's all yours until the owner reports it missing! Merchants don't bother checking to see whether or not the card is yours, even if your PHOTO is on it, much less your signature!

      Preface: I am posting AC and not naming any names here.

      In the mid-to-late 1990s, when the phrase "identity theft" had first entered the lexicon but before the media discovered how well they could capture audiences with its mere mention, I worked with a card issuer on a so-called "secure card" test program. The idea was twofold: merchants were getting complacent in terms of trying to verify that the person presenting the card was actually the cardholder, and credit card fraud was an increasing problem.

      The proposed solution to both dilemmas was to issue cards with the cardholder's PHOTOGRAPH on the FRONT of the card. We'd indemnify cardholders against any fraudulent purchases (as opposed to beyond the first $50.. it was a novel idea back then) for any bogus transaction made with one of these photocards. Cashiers weren't bothering to check the back for a signature, but surely they'd see if the photo on the front matched the person making the purchase, right? LOL.

      Existing cardholders were allowed to volunteer for the test program by responding to an insert in their bill. Along with the application, they had to send in a photocopy of their drivers' license, and a small color photograph of themselves which was easily identifiable as the same person in the drivers license photo. About 10,000 such cards were eventually issued, with surveys included and sent as a follow-up to see what the cardholders encountered. During the test period, here are a few interesting things we found.

      1... Merchants weren't checking the photo, even though it was right there as a 1.5" x 1.5" image on the front left side of the card.

      Many cardholders reported no problem giving their spouse the card to use, where the photo wasn't even the same sex as the person making the purchase.

      There were a lot of folks surprised that cashiers didn't even notice the photograph.

      There were a lot MORE folks surprised that cashiers noticed the photograph but paid it no attention. For example, female customer would use card issued to JOHN DOE with a picture of a man on the card, no questions asked by merchant.

      2... Merchants who did check the photo were overly attentive.

      People who had changed hairstyles, dyed their hair, grown or shaved facial hair since the photo had been taken, or even gained or lost weight were having their cards refused because the photo wasn't a "perfect" match.

      If a card was not outright refused due to appearance changes, a store manager was often called by the cashier, or some other delay was introduced into the purchase, inconveniencing both the cardholder and the merchant.

      3... Some of the merchant services reps around the country were issued temporary expense cards with someone else's name and photograph on them (intentionally, as part of the test).

      These cards were set to return a "Call" response on transaction attempts, which tells the merchant they need to call the card issuer to get special instructions before accepting the card.

      Many merchants ignored the response and ran the transaction through as a "Force" process without bothering to see if there was a problem with the card. In live circumstances this would have resulted in a chargeback to the merchant with no recourse.

      Merchants who did call were instructed to check the ID of the customer against the name and photo on the card. In nearly half of these cases, the merchants wound up doing a Force anyway (another chargeback). The reps were told to try and explain it away - "Oh that's my boyfriend's card" etc - and it worked pretty well.

      4... Though this obviously is not the party line... Credit cards are as good as cash but provide next to zero security. Ask yourself when was the last time you tried making a purchase on plastic a
  • by Fux the Penguin (724045) on Monday November 17, 2003 @11:24PM (#7499172) Journal
    The system in this article is voluntary, and that's great. So long as it's only volutary, I'm all for this.

    One potential problem becomes what's "voluntary" soon becomes mandatory. We might as well learn from history. Two specific examples from US history:

    (1) The Social Security Number was ~never~ supposed to be used as any kind of central identification number. Now, no one knows who I am without it. I would gladly dump my social security "promises of benefits" to not have a social security number.

    (2) To get a driver's license in the state I moved to, I had to give a thumbprint. I've never had fingerprints taken before in my life.

    Are we safer as a result? All I know is that now my identity can be more easily tracked by central governmental organizations and those with sufficent access privileges, despite my wishes.

    Technology is a tool, not a solution. Just like a hammer, it can be used for much good, but it's easy for those in power to convert it into something pretty sinister. If it's all the same, I'll keep my ATM card. It's a lot easier to change my bank account number than my fingerprint or eyeball.
    • Well now the government has your fingerprint the Feds can watch you easier. "Fux just bought a Coke at the Seven Eleven"!
    • wow... you are paranoid.

    • I had to give a thumbprint.

      Where I live, bank branches are asking for thumbprints from non-account holders wanting to cash checks.

      This, despite:

      1. The check was written on that bank.
      2. The person can produce a driver's license to verify that they are the payee.

      Yes, it's true that it cuts down costs of fraudulent checks that banks must bear. But it also increases risks to check cashers that their special identifier may be misused. What guarantee does the bank provide that the thumbprint won't be used for

  • Ofcourse people will be able to make fake prints or find ways to circumvent the biometric system. But, what system is fully flawless? The best thing to do would be to start using biometrics without 100% reliance on them till we are confident enough and experienced enough to stay ahead of the criminals in preventing misuse. Transition will be a pain for some time, but once the system has established itself, it will make our lives much easier.
    • by RayBender (525745) on Tuesday November 18, 2003 @08:35AM (#7501069) Homepage
      Ofcourse people will be able to make fake prints or find ways to circumvent the biometric system. But, what system is fully flawless? The best thing to do would be to start using biometrics without 100% reliance on them till we are confident enough and experienced enough to stay ahead of the criminals in preventing misuse. Transition will be a pain for some time, but once the system has established itself, it will make our lives much easier.


      Not a good argument. Listen, people can't fly, but let's jump off the nearest 10-story building, and we'll learn how to fly on the way down. I mean, the advantages of being able to fly must outweigh any conceivable drawbacks, no?


      The flaw with your argument is that biometric identifiers, once compromised, cannot be changed. What happens if you get your fingerprints lifted? A finger transplant? No, at that point your only choice is to have some sort of fraud alert put on your fingerprint, and then you can no longer use it. So it's useless for you, forever. If you'd read the article you'd see that the authors complained that they discovered critical flaws in fingerprint readers ten years ago, including that they could be fooled using fake gelatin fingers, and they still haven't fixed that. You think Microsoft is bad, leaving IIS unpatched for three months? Try ten years... The only conclusion is that the readers can't be fixed.


      Blind adoption of some shiny new technology without at least some foresight is too common, and really, really stupid. Electronic voting is another great example of this...

  • by EmbeddedJanitor (597831) on Monday November 17, 2003 @11:26PM (#7499187)
    Since that bloke showed how to use gelatine to fool a fingerprint machine, how long before jello becomes a controlled substance?
    • Gelatine would make you print harder to read, a real problem if you are trying to pay for something. Not unlike wearing a glove, now if you are trying to avoid fingerprinting like at a police station or a DMV, it might be useful.
    • that will never happen, Big Pig business would be in an uproar.

      (gelatin is made from boiled pig and other farm animals hooves.)
      • The gelatinous protein guk (technical term) that makes up what is known as gelatin/gelatine can be derived from a variety of animal product sources, not just from pigs and not just from hooves. IIRC, most of what is sold commercially comes from cow by-products like hides.

        If you're a cook, you probably already know that. But as I doubt you are, here's a small insight ...

        When making chicken stock (chicken stock is THE fundamental ingredient to almost all food preparation), one selects parts like the neck,
  • by tearmeapart (674637) on Monday November 17, 2003 @11:26PM (#7499188) Homepage Journal

    I've thought about this for awhile, and I am thinking:
    Why don't people just cut off their fingers and trade them as a commodity? Each finger is access to a different system...

    For instance, if I work for a bank, but I want to get a vacation cheap, I just trade a finger with my buddy who works for some airline. He does what he wants with my bank, and I get the plane tickets I need to get away from this country.

    The only problem is, if I want 10 things at once, how do I access the system without any fingers?
    Maybe they should sell voice-recognition software with it.
  • Oh geesh (Score:5, Funny)

    by downix (84795) on Monday November 17, 2003 @11:26PM (#7499189) Homepage
    Talk about giving someone the finger, geesh.
  • by nanowyatt (196190) on Monday November 17, 2003 @11:27PM (#7499198)
    Using a credit card typically requires a signature to match against the one on the card's back. Using an ATM/debit card requires a numerical code to match with the bank's records. Are biometrics really a good replacement for the card, or would they be a better replacement for the signature or ATM code? As there will be a secondary piece of ID anyway, why tie up the fingerprint with all the bank info, when the print could be just tied to the ID?
    • They do a good job at it too. I sign my name xpurple when I use my CC.

      Then again, it does say Reverend xpurple :)

      You can see a scan of it, here [macphreak.org]

    • The signature on the back of your credit card has been entirely superfluous for some time now. Many gas pumps, pay phones and other vending devices require only a swipe or insertion for access to your line of credit. Also, less than half of clerks that are unfamiliar with me even bother to turn the card over where, instead of a signature, it has PLEASE CHECK ID in bold letters. Some of the clerks that do check the back simply give me a strange look and hand it back.
      Perhaps ~75% of those who bother to look a
  • by BWJones (18351) on Monday November 17, 2003 @11:27PM (#7499200) Homepage Journal
    Using a digital camera and UV lamp he was able to make dummy fingerprints that fooled the readers - and in less time and less cost than similar experiments 10 years ago. He says: '...now the average do-it-yourselfer is able to achieve perfect results and requires only limited means and skills.'"

    This is the whole problem with market driven products as opposed to product driven products. Companies rush to produce a product and get it to market to capture some degree of market share even though their product may suck. We have endured years of this under the Microsoft paradigm in that Microsoft advertises years in advance what products they are going to produce, sets a time-line, and then by-god the products will ship by that date. Never mind the quality. I much prefer Apple's way of doing things in that they do not talk about what they are doing, and they then ship a product when it is done. Meanwhile the rest of the computer industry is busy copying Microsofts strategy and the quality of software for the most part is slipping down the tubes.

    Products such as biometrics especially needs to be completely wrung out to determine if it can be faked. They did not, it can be, but what do you bet they take it to market anyway?

    • I think you are confusing the symptoms with the real issue. A paradigm of 'ready,shoot,aim' is not bad provided you shoot more than once and correct your aim in between each iteration by getting detailed customer feedback from very tight (monthly or less) incremental releases. This does not happen in the large software companies.

      It does happen in agile teams and in the open source/free software tossed salad.

      It is the future. Traditional 'oldschool' development is on the way out - except for a few syste
  • by Racine (42787)
    The top rated comment in this thread will be "Score:5, Funny." How predictable...
  • Reading through the responses to this technology, it seems that several issues are being addressed/readdressed:

    1) Mandatory tagging of criminals - There seems to be a fundamental difference between tagging someone as part of their sentence and tagging someone after their sentence has been served (eg, after release from prison). The latter seems a dangerous trend since it indicates that the punishment for certain crimes may change in an arbitrary fashion, even *after* a criminal has served their time and be

  • If you shop in a store that uses biometric check-out equipment, refuse to use it and SAY SO. Tell the checker. They probably don't care, but if they hear it often enough, the meme will spread. Tell the person in line behind you. If you are not too lazy, tell the store manager that you refuse to use the equipment and that you will either stop shopping at this store or, at least, prefer to shop at stores that don't use this equipment.

    Now is the time to speak up against Big Brother. It's easier to prevent thi
  • For most systems, customers must sign up, which takes about five minutes. They usually must provide their name, phone number and checking account or credit card information, and a fingerprint. [...] Even though customers are usually asked to provide a second form of ID, the thumbprint reader can be a minute faster than writing a check, biometric companies say. And by making it easier to deduct money from a bank account, it can reduce credit card transactions, for which stores usually pay a fee.

    So let's

  • Two years ago the bank right next to my campus had an ATM with a fingerprint scanner. Instead of needing your ATM card on you at all times you could just use your thumprint to log in.

    Its kind of scary that a fingerprint is so easy to forge. It would be so simple to wipe out someone's life savings.

    I would have expected banks to adopt this technology only after it has been widely proven to be secure. Instead they are the guinea pigs risking your money. Something's wrong with this picture.

    I'm glad I

  • by charnov (183495) on Monday November 17, 2003 @11:39PM (#7499270) Homepage Journal
    I was with a group that evaluated biometric authentication as a primary systems. The primary flaw that was pointed out that no one seems to really talk about is, what if someone compromises the key server? In a traditional authentication system, you simply change your keys. Since in a biometric system the keys are based off of the human body, not only has this compromised system been comletely destroyed, but potentially ALL biometric systems used by the same individuals is now compromised until the day they die.

    That was a pretty big problem.

    We decided on using biometrics as a 3rd or 4th level of authentication (to verify that someone using all of the other levels of authentication are who they say they are to a reasonable level of accuracy).
    • Either way you would need to re-authenicate all of your users. Comprimise of the key server would be mostly a problem if you don't control the access points for the entry. Say, a home user with their own fingerprint scanner trying to buy something online. A system like that could be faked. However, if you know that a particular scanner is "real" then you could be sure that the scan wasn't faked. Then the question would be how to tell that the scanner hasn't been replaced... a client cert would make it
  • I want to link up a biometric fingerprint scanner to a script which DDoSes all the links provided in the email I am currently reading.

    Spammers? Give `em the finger!
  • by dido (9125) <dido@im[ ]ium.ph ['per' in gap]> on Monday November 17, 2003 @11:50PM (#7499346)

    I don't know why all of these so-called "security experts" keep on advocating biometrics with little or no understanding of their real properties, much less how they should be properly used. Biometrics can be used as unique identifiers, but biometrics are not secrets. They can provide a unique identifier in an already trusted environment, but alone they cannot be used for authentication, which is what so many of these "experts" are ready to do. If I steal your fingerprint using any of the simple yet effective techniques (none of which require me to cut off your finger) described by Ton van der Putte, it can't be un-stolen, and nobody will be able to give you a "replacement" fingerprint.

    A quote that iluustrates this naivete from the USA Today article: "Biometrics is one way to really identify the customer you're dealing with," he [Steve Vallance] says. What a foolish, naive statement. Alone, biometrics cannot really identify anybody.

    I really can't do any better than point people out to an article in yet another issue of Crypto-Gram, which first came out five years ago: Biometrics: Truths and Fictions [schneier.com].

    • by LostCluster (625375) on Tuesday November 18, 2003 @12:14AM (#7499479)
      The age old test of "Something you know, something you have, something you are" security reenforces an extra point... challenging three times is always more secure than challenging once!

      ATMs are secured this way. You've gotta have your card, know your pin, and look somewhat like you for the camera. (Looking wrong doesn't yet deny the transaction... but is a great tool when it comes to figuring out the "Whodunit?" that comes up when ATM fraud is discovered.)

      In-store credit cards are slightly less secure. The card has to be present, and the person using the card has to perform the task of creating the proper signature that's on the card. (Again, a wrong signature might not always deny the transaction, but it creates a paper trail for later.) Some stores are advanced enough to also associate the security camera timecode to the transaction to create the visual trail as well, but that's not used as much as it could be as of yet.

      Internet or phone card transactions are weaker because there's no demand that either a card or person been seen. That's why those transactions are also more expensive to get processed... they're more likely to result in a write-off from a scam transaction. They are less secure, and that's an admission of it. Still, smart e-merchants can protect themselves by performing some secondary security like only shipping to addresses related to the card.

      Biometrics if used alone just the "somethng you are" test, but as we've seen it's going to be confused some of the time. Merging the fingerprint with a PIN number would at least get us to a two-test level of security... but the marketers of biometrics are insisting that their test alone is good enough. That's where they're seriously wrong, no test alone will ever be that good... that's why it's always best to double-check.
    • Biometrics may not be secrets, but if you can keep a biometric secret, then it is much harder to forge. This property is what confuses people and leads to inappropriate applications. Unfortunately, it is very hard to keep a biometric a secret. The obvious example is that someone breaks into the system and downloads everyone's biometrics. However, a digital repository is not required: fingerprints can be lifted from a glass you were holding, your face can be surreptitiously photographed etc... (Eve
    • by mesocyclone (80188) on Tuesday November 18, 2003 @01:54AM (#7500048) Homepage Journal
      I wish all the critics of security systems would quit demanding that they be perfect.

      Every security system known can be broken (including one time pads - if you human engineer a way into getting one of pads - which has been done in the past by secretly capturing one user of a pad, and forcing him to carry on the conversation while relaying the information to his captors).

      But the harder a system is to break, the more it deters the use of false or stolen identities.

      For example, to replace pictures with biometrics would be stupid. To add biometrics increases the difficulty of the forget. Etc.

      A useful authentication system would be one where it takes a lot of work to forge a single identity, and that work would have to be repeated to forge another one. Biometrics in common with other systems have the promise of making such systems.

      When I last worked with biometrics (a long time ago), the problem was that you could not get an acceptable false positive rate at the same time that you got an acceptable false negative rate. But when biometrics are combined with other systems, you can allow higher false positives (and hence fewer false negatves = rejections), because the other systems add security. And the whole thing becomes harder to break, making it less worthwhile to break unless you try to protect something way too valuable with it.

      Unfortunately, security in computers has often been viewed as identical with cryptography. The result is that serious and smart cryptographers, like Bruce Schnier become "the experts" on security. But mathematics tends to bias people towards openness, provability and precision. Thus many security techniques which do in fact work with real human beings (such as keeping secrets, if you are smart about it) are often decried by them. In other words, Schnier and others make public pronouncements that are out of their true field of expertise.

      If you want to find people who truly understand security, check with the military or banks. They have been dealing with security for millenia. They take a different attitude from cryptographers.

      They understand that in most systems, security is a cost/risk tradeoff, not an absolute. Hence they use one or more techniques for a particular security need. A simple ID card might get you into a military base, while to get into some facilities requires the ID card, a special ID, the knowledge of safe door combinations, and perhaps personal recognition by another trusted individual. None of these techniques is perfect by itself, but the combination is remarkably formidable.

      Thus biometrics represent a a technique that can be used to enhance security. Can it be defeated? Yes, by itself. How easy is it to defeat? It depends on a number of factors, but especially what other security measures are used along with the biometrics, and how their parameters are set.

      • In other words, Schnier and others make public pronouncements that are out of their true field of expertise.

        Not that he needs me to defend him, but Schneier's field of expertise has changed hugely over the last few years. He started out as a cryptographer but gradually discovered all of the limitations of mathematics with respect to security. If you read his most recent stuff, you'll see that he fully understands the notions of defense in depth, holistic security, security as a cost/risk analysis, mult

      • by dido (9125) <dido@im[ ]ium.ph ['per' in gap]> on Tuesday November 18, 2003 @03:52AM (#7500470)

        Well, you're absolutely correct, but you've veered a bit from the mark. It seems that the advocates of biometric identification are not interested in using biometrics to augment existing security procedures, but to replace these procedures, and they seem to be gushing that biometric "authentication" is a silver bullet, or something very close to it. Few banks, and no military or intelligence agency in their right mind would be so foolish as to believe that. If you've taken the time to even read the article I linked to, you'd see that Schneier isn't advocating that we not use biometrics at all, but that we not treat them as keys. They have their uses, especially when combined with real keys and other authentication schemes, but to use them alone for authentication isn't generally a good idea.

        Granted, sole biometric identification is better than some present identification methods, and could replace them in those areas, where the risk is not high enough to justify the use of more expensive and complex procedures, but does it give sufficient security for many of the domains to which it is being applied? I think not. Biometrics raise the bar a bit, but not high enough to be used on their own for many of the applications to which people want to put them to use.

        By the way, you're highly out of date about Schneier's present views on security. If you've taken the time to read his many writings over the years, you'll see how much his attitude towards security has changed since the days of Applied Cryptography, where he naively talks about "protecting ourselves with mathematics." His most famous maxim is now "Security is a process, not a product," and he keeps constantly talking about how security is all about risk management, not risk avoidance. Exactly what you're saying, isn't it? Have a look at Secrets and Lies and the Crypto-Gram archive sometime.

  • by LostCluster (625375) on Monday November 17, 2003 @11:53PM (#7499360)
    So your fingerprint becomes your SpeedPass or EZ-Pass... so what? Neither existing system is actually a financial system, they're an identifer that tracks back to an existing credit card number, that's the actual financial account.

    So, really, what's the incentive for a consumer to want to use their fingerprint rather than something hanging on their keychain or in their wallet. Yeah, the keychain or wallet can be stolen... but safety laws already exist to protect your accounts.

    In short, the current system isn't that broken... this solution has privacy concerns attached. Seems like the answer to a question nobody's asking...
  • I'm going to market a line of privacy gloves. Everyone will be wearing them to protect themselves from identity theft. On the other side, I'll market thumbprint dusting and scanning tools, for educational purposes only, of course.
  • Simple Solution (Score:3, Insightful)

    by Dr. Mu (603661) on Monday November 17, 2003 @11:55PM (#7499371)
    So shine an LED through the finger to see if there's a pulse. Those portable heart rate monitors are cheap, so the technology can't add that much to the final cost.
    • i don't have a pulse you insensitive clod!
    • Authentec fingerprint sensors use RF signals to read the fingerprint from the inside of your skin, not the surface. This makes it hard to use a non-live finger. I have seen people with rubber and jelly fingers fool optical sensors. An Authentec sensor doesn't even see this as a finger. These same people with the fake fingers admit that the best they can do with Authentec sensors is use a pencil to rub carbon all over their jelly finger and then use that to try to enroll. The resulting image doesn't eve
    • Faking a pulse & proper temperature/pressure in someone's freshly hacked off finger really wouldn't be too difficult; I should think $50 at the local hardware store should cover the materials.......
  • by rice_burners_suck (243660) on Tuesday November 18, 2003 @12:23AM (#7499522)
    I think they should tie biometrics into everything you have... your bank accounts, credit cards, the keys to your car and house... everything. And to make it consumer-ready, they should take everybody's biometrics and put them on public-access databases that anybody can access. Furthermore, anybody can go online to the database website, fill in a few blanks, push a single button, and get mailed an ID card with all the biometric information encoded on it, so that instead of putting a finger on a reader to withdraw cash from a bank account, all they have to do is insert a card that has the same information on it. There would be no safeguards to make sure that only the person named on the card can receive a copy of it. In fact, the system and all the laws around it would be deliberately designed so that anybody can get anybody's card.

    Microsoft would run this service, and advertise it as 100% secure. I feel safer every day.

    Oh yeah, and it would be an anti-felony, punishable by a $1000 reward, to use somebody else's biometrics to obtain money, goods, or services. (If that makes you feel unsafe, remember that listening to a CD that you didn't buy, such as if a friend plays a CD and you happen to be in the vicinity, will constitute piracy punishable by death. Feel better? Good.)

  • We evaluated many biometric products a while back (mostly fingerprint readers), and I was surprised to learn that most were nothing more than fancy ways to have the computer memorize passwords. So they really provided no additional security. This is especially true if you're using them in a distributed environment, and moreso if it's not 100% Windows. And even those that offered SDK's basically only provided ways to map fingerprints to passwords.

    Basically most of them were just convienient shortcuts wh

  • Asian Women (Score:5, Interesting)

    by Michael Crutcher (631990) on Tuesday November 18, 2003 @12:24AM (#7499532)
    I've read that that up to 20% of the population does not have a fingerprint suitable for biometric identification. Most of these people are Asian women. If biometric identification ever becomes mandatory are these people simply out of luck?

    A better system might require several biometric techniques together to reach an identification.(hand shape and finger prints would go together nicely)

    This article [idsmartech.com] mentions the Asian woman fingerprint problem about 3/4 of the way down, but doesn't mention a source for this claim.

  • The problem with any digital matching system is that the fingerprint (or eyeball, or what have you) gets reduced down to a number. Eventually, somebody will come up with the same number as the result of hashing their measurement as well. It's not a question of if, but when... you can do things to lower the likelyhood, but you'll never be able to eliminate the chance. If you have a "1 in a 100 million" chance of the failure, and roll this out to the American public, you'll get the unlucky match eventually.

    H
    • by aXis100 (690904)
      And what about a 4 digit PIN number? 1 in 1000 people will have the same code. The trick is to not use biometrics as the primary key, but instead use it as an overall means of verification.

      For instance - How much less credit card fraud would there be if you had to verify not by signiature, but by fingerprint? Much harder to reproduce *quickly* by a purse snatcher / pickpocket.
    • And you have a 1/100,000,000 chance that a van full of kevlar-wearing miltiamen with night-scope goggles and oodles of weaponry break down your door and take whatever they want without fingerprints, or make you do it for them as they hold your girlfriend with a grenade in her mouth.

      More seriously, some biometrics are more unique than others...but most are pretty good. Things like facial thermal patterns (blood veins under the skin) or retinal patterns are supposed to be twin-proof. Also, did you realize

  • by YrWrstNtmr (564987) on Tuesday November 18, 2003 @12:36AM (#7499597)
    But rather stealing the representation of my finger.

    When the credit card db gets hacked (and it's happened several times), you just have to cancel it and get issued a new card.
    When the fingerprint db gets hacked, they can't issue me a new finger.

    A fleshcolored, spit wetted, rubber sleeve over a finger, with a copy of someone elses finger would work quite well, and be undectable by the minimally interested checkout line clerk.
  • Theyre everywhere! (Score:5, Insightful)

    by cybercuzco (100904) on Tuesday November 18, 2003 @12:37AM (#7499607) Homepage Journal
    If all you need is a fingerprint, then everyone will be wearing gloves soon. We leave fingerprints everywhere! New crime of the future: Person gets your fingerprint of a glass or a door or some other public place and racks up a mint. Say what you will about credit cards, at least you dont leave yoru credit card number, expiration date and billing address on every surface you touch. Theres something to be said about slightly insecure systems. The less secure something is the less easy it is to steal, since people are more suspicious of insecure systems then they are of supposedly "secure" systems. I can see a day where your credit card number is quantum encrypted on a microchip implanted in yoru skull. And the ability to dispute charges will no longer exist of course, because the system is unbreakable! Except for the short, easily memorizable password needed to unlock the quantum encryption. We can seethis already with identity theft. Now that youre identifiable by a number (instead of in person, as in the old days) anyone with access to that number is you, and everyone believes that its you, because the system is supposed to be secure.
  • by Anonymous Coward on Tuesday November 18, 2003 @12:47AM (#7499654)
    http://www.schneier.com/crypto-gram-9808.html#biom etrics

    Biometrics are seductive: you are your key. Your voiceprint unlocks the door of your house. Your retinal scan lets you in the corporate offices. Your thumbprint logs you on to your computer. Unfortunately, the reality of biometrics isn't that simple.

    Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognise each other's faces. On the telephone, your voice identifies you as the person on the line. On a paper contract, your signature identifies you as the person who signed it. Your photograph identifies you as the person who owns a particular passport.

    What makes biometrics useful for many of these applications is that they can be stored in a database. Alice's voice only works as a biometric identification on the telephone if you already know who she is; if she is a stranger, it doesn't help. It's the same with Alice's handwriting; you can recognize it only if you already know it. To solve this problem, banks keep signature cards on file. Alice signs her name on a card, and it is stored in the bank (the bank needs to maintain its secure perimeter in order for this to work right). When Alice signs a check, the bank verifies Alice's signature against the stored signature to ensure that the check is valid.

    There are a bunch of different biometrics. I've mentioned handwriting, voiceprints, and face recognition. There are also hand geometry, fingerprints, retinal scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.), and others. The technologies behind some of them are more reliable than others, and they'll all improve.

    "Improve" means two different things. First, it means that the system will not incorrectly identify an impostor as Alice. The whole point of the biometric is to prove that Alice is Alice, so if an impostor can successfully fool the system it isn't working very well. This is called a false positive. Second, "improve" means that the system will not incorrectly identify Alice as an impostor. Again, the point of the biometric is to prove that Alice is Alice, and if Alice can't convince the system that she is her then it's not working very well, either. This is called a false negative. In general, you can tune a biometric system to err on the side of a false positive or a false negative.

    Biometrics are great because they are really hard to forge: it's hard to put a false fingerprint on your finger, or make your retina look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is him and not someone else.

    Biometrics are lousy because they are so easy to forge: it's easy to steal a biometric after the measurement is taken. In all of the applications discussed above, the verifier needs to verify not only that the biometric is accurate but that it has been input correctly. Imagine a remote system that uses face recognition as a biometric. "In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file." What are the attacks here?

    Easy. To masquerade as Alice, take a Polaroid picture of her when she's not looking. Then, at some later date, use it to fool the system. This attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify that the picture is of your face, only that it matches the picture of Alice's face on file, we can fool it.

    Similarly, we can fool a signature biometric using a photocopier or a fax machine. It's hard to forge the vice-president's signature on a letter giving you a promotion, but it's easy to cut his signature out of another letter, paste it on the letter giving you a promotion, and then p
  • What about... (Score:3, Insightful)

    by jeffkjo1 (663413) on Tuesday November 18, 2003 @12:55AM (#7499714) Homepage
    What about people who are missing digits? I have an professor that is missing is ring finger completely. Now, I imagine this would be more focused on thumb prints or you index finger, but I'm sure that there are more than a few people who are missing the fingers of choice for a project like this.
  • by mark-t (151149) <markt.lynx@bc@ca> on Tuesday November 18, 2003 @12:58AM (#7499727) Journal
    The weakest link in the chain being, of course, human stupidity. Specifically, I'm referring to personal identification numbers that we use at ATM's and direct payment tills. Some people choose really stupid passwords like their birthdate or some other info that is easy to discover, which is why I say that the weakest link in this system is human stupidity.

    When I pay for something by debit, I enter a private PIN number to complete the transaction. If the pin is incorrect, the whole transaction needs to be repeated. After a certain number of attempts (usually no more than 3 or 4), a retailer will simply refuse to honor the card at that time (more often than not suggesting that perhaps the card may need to be replaced by the bank). ATM's are exactly the same way... after a certain number of failed attempts, the atm will simply keep the card and I have to wait for the bank to mail out a new one.

    Now like it or not, systems which work by scanning fingerprints *CAN* be fooled consistently by a sufficiently technically minded individual. Systems which require a secretly selected (and well chosen) authentication number cannot be fooled by any means other than sheer lucky guessing (and you'll run out of tries long before your odds of guessing right even approach being something more than negligible). IMO, that's about as foolproof as we're ever going to get (unless or until it becomes technologically possible to read other people's thoughts).

    • actually, there are ways of harvesting those "secret" numbers too (the fake "out-of-order" ATM machine that harvested card numbers & PINS", employees who cracked the PIN database, etc.etc.), or bypassing the need for such passwords altogether (e.g. man-in-the-middle attacks).
      • Fake out-of-order ATM's feed on nothing more than ignorance on the part of the user.

        If the ATM is out of order, the slot that accepts the card will be closed. Always. ATMs perform a self-diagnostic between each user, and will shut down if there are any problems detected that could conceivably interfere with any single transaction that the next user might wish to have. ATM's are hand-checked almost daily by security personel to ensure that the machines are appropriately stocked with money and run the ma

        • Nice theory. In reality, I've twice had ATM's count the cash for withdrawal (heard the "bills hitting metal" sound) and then something went wrong and the machine reported an error, the door wouldn't open and then the machine returned my card. So what if a fake machine did that?

          Also, suppose instead of "out of order", we have fake "out of CASH" machine. That would get YOU. for sure.
  • Okay, so biometrics is in stores ... but can I use in-store biometrics to launch a nuclear strike?

    -kgj
  • by Order (469817) on Tuesday November 18, 2003 @03:46AM (#7500458)
    If somebody gets your credit card information, you can just cancel the card and get a new one.

    If somebody, somehow, no matter how, gets your biometric information, what do you do?

    That's right - switch to credit cards.
  • Why at all? (Score:3, Interesting)

    by ajs318 (655362) <sd_resp2@@@earthshod...co...uk> on Tuesday November 18, 2003 @09:27AM (#7501260)
    Back in the days when I was growing up in what was then a peaceful little village on the outskirts of Derby, kids could be kids, paedophiles had not been invented, all that mattered was that Forest lost and if the Rams won, well, that was a bonus. But regardless what was happening at the Baseball Ground, if anyone tried shoplifting from the local newsagent's, they were in for a surprise a few weeks down the line. Because the paper lady had eyes like a hawk, and if she spotted you doing something -- and if you did anything, she would spot it -- she would just add it on to your parents' paper bill, and when they got the bill they could deal with you as they saw fit -- which usually meant you had to write a letter of apology to the newsagent, and you'd probably have to stand up to write it. If you ever gave her a mouthful, other people in the village would express disapproval - "There goes that Alice, do you know what she said to Mrs W. the other day?" - until you felt you had no choice but to make your peace with her. She knew how old you were, whether your parents smoked and what brand -- and she would also know if a packet of fags or a can of booze was really for someone else {though I suspect the real explanation was that the parent in question would simply phone the newsagent while you were on the way and say they had sent you. Most of the people in my end of the village were on the phone}. They don't make them like her anymore.

    It's my contention that no automated system will ever be as good as our old paper lady, may she rest in peace. She may have had a vulnerability, but either nobody dared exploit it, or they were just too amazed by her apparent superhuman powers to bother. Why can't we just go back to using human beings to do jobs human beings are good at and use machines for jobs machines are good at?
  • by avi33 (116048) on Tuesday November 18, 2003 @12:20PM (#7502539) Homepage
    I think it's about time we all got this guy's [cockeyed.com] fingerprints and started making thousands of simultaneous purchases worldwide.

    He acquired his 15 seconds of internet fame [wired.com] by duplicating and sharing his frequent shopper's card via his personal web site. I can only imagine the junk mail he receives on account of that profile.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...