Fingerprint Payment System Gets Financing

prostoalex writes to tell us Yahoo! News is reporting that Pay By Touch, an electronic payments startup that connects your fingerprint to your wallet, has received an additional $130 million in financing to move forward with their biometric payment system.

Oh, great.

[Pig Hogger]

Now, thieves will cut the fingers off people they mug.

Isn't technology wonderful???

Re:Oh, great.

[CryptoLogica]

Its already a method of stealing cars that have biometric access. There was a story awhile back (I think here on Slashdot) that mentioned a man getting his finger cut off when the perps realized they needed it to start the car.

Biometrics is a technology we can do without.

Seriously...

[Anonymous Coward]

...what is wrong with my credit card?

Biometric is not secure

[Anonymous Coward]

Everything I have read about biometrics security amounts to this:

Biometric security can be sniffed with a network sniffer and reproduced by the person with the sniffer. In short, biometrics is no more secure than a four letter password.

Am I missing something?

[turg]

From the article:

Here's how it works: Customers sign up once, by registering a checking account or a credit card, and showing government identification such as a driver's license. The Pay by Touch technology records the lines and ridges of their fingerprints, and translates the data into a numerical algorithm that is stored in a secure database.

[ . . . ]

Pay By Touch is sharing the cost of each installation, and it gets a fee per transaction of between 12 and 14 cents, he said.

That is cheaper than what stores pay for alternative payment methods, he explained. A credit card transaction typically costs a store about 60 cents for an average $25 purchase of groceries. A debit card costs a store about 50 cents

But it is a credit card or debit/check card transaction. So how are the debit/credit card fees getting paid?

Unreliable

[Cave_Monster]

We use fingerprint technology at work. Without scanning our fingerprint (in addition to entering a personal code of digits) we cannot get through the door. On occasions this scanner fails to recognise your fingerprint and after a few tries, you either try a different door or get someone else to scan their fingerprint. I cringe at this to be used for payments for this reason, not to mention somebody using standover tactics and forcing you to pay for their purchase or even like the parent mentions, getting your finger cut off.

Copy-proof?

[Anonymous Coward]

One wonders how secure this is after seeing how relatively simple [cryptome.org] it is to create a fingerprint mold from nothing more than a residual fingerprint.

The information in credit card magnetic strips can be copied, but the person copying the credit card must at least have physical access (even if only temporarily) to the card in order to make a copy. Using fingerprints, however, is like writing down your PIN on everything you've touched...

No way

[evil agent]

This can't possibly catch on, can it? I mean why would you entrust your confidentiality to something as insecure as a fingerprint? You leave it everywhere you go! Imagine that everytime you leave a room, you leave behind a piece of paper with your credit card number written on it.

MOD PARENT UP!

[Spy der Mann]

Seriously - have you guys thought how many FSCKING FINGERPRINTS are there in the streets? Any glass, seat, trash can, paper, door handle, glass, clothes, suitcases...

sheesh! With credit cards at least someone had to steal it first! But now it only takes some scotch tape to do the job. What are those morons thinking?

Re:MOD PARENT UP!

[game kid]

Add me to the Mod Parent Up® petition. Thoughtful of both of you (parent and GP).

More and more it feels like a shortcut for corporations to find targets for what I call PPA1.

1 Professional Personal Annoyance, or "targeted advertising"

Re:Am I missing something?

[Kohath]

Once you're identified, the store writes an electronic check from your bank account. The credit card companies aren't involved and don't take their cut.

The system is much cheaper for stores than credit cards. 60 cents Visa gets is more than ~15 cents Pay by Touch + check costs

I see these every time I go to the grocery store. I always wonder: what's the benefit to me? What do I care if the store saves 45 cents?

Retinal Scanner

[Dan East]

Considering the patent is about to expire on retinal scanning, they ought to wait a few more months and utilize that type of biometric. It is much harder to forge, more accurate, and does not require physical contact (which spreads germs).

Dan East

Just one more token...

[necro81]

I am not a crypto or security expert, but I gather most experts agree that the more pieces of information you need to provide to be authenticated, the better. For instance, the combination of a personal password with some certificate/token on a USB key is (theoretically) better than either acting alone. Many of the comments in this thread make the point that fingreprints are pretty easily lifted and forged. So, perhaps it is not of much use, from a security standpoint, as a stand-alone authenticator. If, however, it was combined with another token, like the credit/debit card itself, then it could serve in place of the customer's written signature or PIN. That would require a perpetrator to have, at least for a little while, physical access to the card, as well as a print, before going out and defrauding the customer. Using a fingerprint would probably be a little better than using a written signature, which no one ever checks anyway, can also be forged, and could easily be lifted from a number of public documents (or, for that matter, the card itself).

Anyone think this idea, of combining fingerprints with a physical token, have any merit? Naturally this system could still be forged or broken, but would it be more or less hard to break than the current system of cards and signature/PINs? I think we all have to recognize that, if a perpetrator specifically targets you, it won't be too difficult for them to nail you, but what about more casual and random defrauders?

Trusted Metrics

[QuaintRealist]

There is a more profound problem with using body parts for trusted metrics, which has been brought up on this site and others before. If your "ID" is stolen, you cannot change it. Until, and unless, we can secure digital information (doubtful from this perspective), biometrics will remain interesting but unuseful in wider implementation.

Re:Unreliable

[Heisenbug]

When you sign up to use the system, they scan all 10 of your fingers. You assign one (one per hand?) of them as the proper finger(s), and the remaining fingers serve as ALERT fingers.

That strike me as 1) an easy secret to steal 2) difficult technology to implement 3) pretty likely to yield false positives, either by misreading or by user error 4) way harder than just using a credit card.

Sorry, I think I'm actually talking about the whole system here. Carry on ...

One Small Problem

[Hal The Computer]

Do you have any idea how incredibly stupid most people are. How often do you think someone is going to press the wrong finger onto the scanner by accident. After the first time, the police department is going to stop sending in a SWAT team and just call the store and ask if they have another very confused customer.