Your Fingerprint Buys Groceries in Seattle 381
lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?
Convenient... (Score:3, Interesting)
Re:Convenient... (Score:2)
Fingerprint == Money (Score:3, Insightful)
Identity verification at registration (Score:5, Insightful)
(from the article)
"It takes about one minute to enroll," Kapioski said.
I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:
"Employees underwent 15 or 20 minutes of training in the system this week."
The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.
Re:Identity verification at registration (Score:3, Interesting)
Another part of the problem is lack of consumer awareness. You would be amazed at the number of people that don't even bother to sign the back of their cards. We're supposed to ask for id in that case, but when you've got a line of 15 customers, waiting for someone to dig their license out isn't the greatest idea.
To solve the problem, I think credit cards should come with a mandatory PIN number, one which isn't stored on the card (so theives can't crack the card). In addition, some responsibility is due for the cashiers. If my cash drawer is 5 dollars under (or over) what it should be, I get written up. Why not do this for cards not used by their owners?
Re:Identity verification at registration (Score:2, Informative)
Uh, what? "Personal identification number number" is a self-evident logical statement? Perhaps you mean redundancy, like "Based on NT Technology" or "hot water heater".
Re:Fingerprint == Money (Score:3, Informative)
That should require the same amount of difficulty as getting a credit card in somebody else's name. So, in that sense (setting up the account), this fingerprint system has no advantage or disadantage over a credit/debit card.
However, it has a huge advantage in accuracy of authenticating the owner of the account. I will submit that it is far more difficult to forge a fingerprint than it is to forge a signature (usually the only authentication system used to validate a credit card purchase).
Re:Fingerprint == Money (Score:2, Insightful)
Well, I don't know where you live, but around here the don't even bother checking the signature. Seriously, my two roomates and I have proved this several times. We have receipts where we signed for each other, used stupid names (I can show you more than one thing bought with Santa Clause's signature), etc. Never had a clerk even look twice. Same thing goes with checks, but those a a little harder to get ahold of.
Re:Fingerprint == Money (Score:2, Insightful)
Re:Fingerprint == Money (Score:2)
Counterfeit currency exists. According to the US Secret Service, the amount that they recovered annually prior to '96 equals about one thousandth of the paper currency in circulation. But notice this key word "recover." That doesn't mean that counterfeit currency only represents one thousandth of the circulating money supply, that's now much the SS physically inspected, identified and removed from circulation.
Furthermore, the analogy of busting into the database is more like robbing a bank than committing forgery. Let's not pretend we don't have bank robberies in the real world. And the real world break-ins are often accompanied by murder which is less frequent when some bozo hacks a database.
Re:Fingerprint == Money (Score:2, Funny)
Ugh! I am so -stupid-!
I wish I'd thought of forgery. WTF am I going to do with this hand?
-Kevin
this is terrible (Score:2, Funny)
Re:this is terrible (Score:2)
Re:this is terrible (Score:3, Funny)
They should branch this out to QFC, Safeway, WF (Score:2)
Unless you're a West Seattle resident, chances are you never shop at this Thriftway. People I know in Belltown, Capitol Hill, Fremont, and near UW all either go for the small co-op grocery stores, Whole Foods, or the commercial Safeways and QFCs.
I think the technology is a great convenience for the consumer, but why should it be limited to one store in a not-so-often-visited part of town? I've lived in Seattle for nearly a year now and I didn't even know about this Thriftway.
Re:They should branch this out to QFC, Safeway, WF (Score:2)
That Thriftway isn't even the good one--Admiral Thriftway, further North along California, would have been a much better choice. I would gain hours of my life back as if I didn't have to wait in line behind hordes of Yuppies paying for a bottle of Perrier with their debit/credit card in the 'express checkout' lane, fumbling with their PIN, receipts, etc. I suppose that using regular ol' dollar bills like the commoners would sully them horribly, but perhaps they could be trained to use this finger scanner system.
The Logical Extension (Score:5, Insightful)
Re:The Logical Extension (Score:4, Insightful)
Re:The Logical Extension (Score:3, Funny)
Only 9 times though...
Tim
Re:The Logical Extension (Score:4, Funny)
Re:The Logical Extension (Score:2, Funny)
I've posted on Slashdot with a username and been consistently modded up, I've trolled anonymously and been -1'ed. But neither of these is in any meaningful way flattering: the former, who fucking cares what the lamers on
But wow
In the near term... (Score:3, Funny)
Re:The Logical Extension (Score:2, Interesting)
These include temperature measurements, electric field (around the body) measurements, etc. This is where the real innovation around this field will take place over the next few years - accuracy (of fingerprint recognition) is already pretty good.
Re:The Logical Extension (Score:2)
Why? Because they make those white gloves for the cops who direct traffic?
less fees - HA !! (Score:4, Insightful)
That's what they said about ATM's.
That's what they said about Net banking.
Its all cheap and rosy until its mainstream and then BANG up jump the fees.
The technology might be cool, it may be convienient, but dont be fooled into thinking that it will be cheaper.
Re:less fees - HA !! (Score:2)
Why drop fees? People are paying them at the level they are now, and (at least in this country) banking is controlled by a small cartel of banks that strangely enough all raise and lower prices at around the same time.
Re:Cartel?! (Score:2)
Most of the smaller banks are owned by one of these four.
Re:less fees - HA !! (Score:2)
Re:less fees - HA !! --no, that's backwards (Score:3, Interesting)
According to the Constitution that's how it was supposed to go.
Net banking fees emerged AFTER it went mainstream?
Sorry, that's factually incorrect.
Re:less fees - HA !! (Score:3, Interesting)
ATM's were also known to not be the most secure item when they were invented, but they are only as secure as you are [duh].
Fraud is a considerable thing to deal with for a bank - many times the person who was defrauded demands not to pay and the bank does as their customers want. Getting your ATM card stolen by someone you know can cost you a lot of money - sometimes up to ten times more than you lost if you try to push on with the investigation. A bank isn't the police, and the police can do little in these situations even when there IS a picture. In the end more is lost that what was stolen in the first place.
Fingerprint technology could bring those fees down, but we will need to see it work.
But where is the Fee? It's basically the same as that sticker in your car that pays the toll or the barcode on your keychain that charges gas to your credit or debit card.
Adding fees would destroy such a flimsy top-level service and force it into the hands of Mastercard or Visa which only get paid when you use it anyway.
Fees? It's your money - learn where to shop it around.
I can see it now.. (Score:2, Funny)
Clerk: Ok sir.. But I'll need you to place your finger on the scanner so that the change drawer will open and i can get the money for you..
Robber: Err, umm.. nevermind
Re:I can see it now.. (Score:2, Funny)
Clerk: We don't have cash registers anymore since your fingerprint acts like a credit card.
Robber: Er, oh yea.....
Not unique (Score:4, Insightful)
Now, I wonder why people continue to use non unique data as identification methods. It really scaries me, then I think about the kind of trouble one get get into on these issues.
Re:Not unique (Score:2)
So you'd rather trust your life savings to a minimum wage clerk's handwriting interpretation (and that's if she even bothers to compare your receipt to your credit card) than to a sophisticated computer system which has a remote chance of error?
Re:Not unique (Score:2, Insightful)
Simpler attacks (Score:3, Interesting)
A far easier attack here is to swap out the record in the database. If it doesn't have good auditing, it would be trivial to swap in somebody else's prints, make a large purchase of easily fenced goods, then swap the original prints back in without detection.
You could probably even just add additional prints as an additional purchaser. But that's risky since those prints could then be used by investigators.
Re:Not unique (Score:2)
The level of detail analysed on finger prints probably doesn't approach the same level of uniqueness.
Re:Not unique (Score:2)
Re:Not unique (Score:2)
OK, let's take a MAC address... 6 bytes. 256 possible values per byte. So we end up with 256^6 = 281,474,976,710,656 possible values for MAC addresses.
That's about 5.6x10^4 times more possible MAC addresses than fingerprints currently on the planet... hmmm.
Plus, as others in this thread have pointed out, the METHOD of matching fingerprints isn't 100% exact, as they only match defining features, so the odds of finding a duplicate 'match' are increased.
- Jester
The main advantage... (Score:5, Insightful)
No, the main advantage is easier tracking of the customer.
How so? (Score:4, Interesting)
Maybe I am unclear on this, but I use the same debit card 95% of the time at the Kroger I visit for my groceries. Do they have to agree to something saying they won't just use my unique cc number to track my purchases? And even still, is it technically against the rules to grep the data from the card for my name that is encoded on the strip and use that to track my purchases?
Furthermore, most stores have the "happy consumer tracking" card that many of us keep on our keychain, and to complicate the "tracking" argument further, the fingerprint thing is completely optional, as all of the methods I mentioned are today--
JUST USE CASH PEOPLE!!!!!
Cash? (Score:4, Insightful)
Ok, so now you are to the point where you can no longer withdraw cash form the mall ATM. You may be thinking, "I'll just use the QuickieMart ATM down the street." In time, and with better AI software, the places where you get cash annonymously will shrink. Right now, I consder the counter at my local bank the only place to get cash and not have my name cross-referenced to an ammount and then published to the world. But who knows what kind of deal your bank may have with local merchants. Even if they don't share your info, someone clever enough can find your pay scale, subtract your bills, and target you for specific advertisements based on what you will likely buy. Even knowing that it really isn't difficult for a 3rd party to find out how much free cash you have every month can scare the hell out of you.
Re:Cash? (Score:2)
Re:How so? (Score:2)
--
Benjamin Coates
No, the main advantage... (Score:2, Interesting)
The less people who have access to biometric information from which they can infer genetic information that they could then use to discriminate against me, the better.
"I'm sorry sir, but our partner Thriftway provided us with information that indicates that you have a genetic predisposition to liver cancer; we are going to have to deny you medical insurance."
Re:The main advantage... (Score:2)
Trusting your biometrics to anyone ? (Score:5, Insightful)
The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.
The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)
The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.
Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.
Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).
Re:Trusting your biometrics to anyone ? (Score:2)
That's right...the system is only as strong as its weakest link-- I read in the paper that someone made off with 2,300 or so blank, signed birth/death certificates taken from a health center. The repercussions from this have the potential be VERY significant.
Re:Trusting your biometrics to anyone ? (Score:3, Interesting)
I understand it allright, and I understand what I or anyone else could do messing with those databases. Now, I'm not the kind of person who would do such a thing - but I know what technology does to people who does not understand that it is not infallible.
The technology does not scare me one bit. What scares me, is knowing that *people* will be using the technology.
Re:Trusting your biometrics to anyone ? (Score:2)
If I ever decide to participate in some kind of biometric check I want to know where the data is going, if there are protections, if I really need to be doing this, who's running it, etc. A knee-jerk reaction wouldn't ask these questions, it would just quote some archaic biblical verse.
Re:Trusting your biometrics to anyone ? (Score:2)
You might trust every person in the company today but who knows who will work there tomorrow or who may come along and buy the company.
An example would be ntl protest and gripe site www.nthellworld.com.
NTHellworld.com protest site bought by NTL [theregister.co.uk]
Company coems in a buys assets of site, possibly including logs which could reveal the identities of complainers and ntl whistle blowers alike.
Place your bets... (Score:2)
*Insert disaster scenerio here* (Score:3, Funny)
THESE BASTARDS ARE GONNA AD-TARGET ME!
On a serious note though, I'd be more concerned about targetted marketing and advertising from the supermarket itself than identity theft and mistaken fingerprints.
Think about it.. they'll have your name, your address, and your shopping habits. my gramma asks me to nip down to the grocery store for her.. next thing you know, i'm getting samples of preperation H and Depends shipped right to my door.
That time of the month? Don't worry, we've been tracking that too! This handy dandy sample of Playtex tampons will show up JUST IN TIME! (oh wait.. that one could actually be useful).
Gah. No thanks.. think i'll skip the fingerprinting and keep paying with cash. At least til they come out with a wrist chip implant...
Re:*Insert disaster scenerio here* (Score:2)
Re:*Insert disaster scenerio here* (Score:2)
OH NO! Quick arrest somebody!!!! When will people understand? If it's at all possible, you will be given ads. If there was a way to bombard you with ads 24/7/365 you would be. But the fact of the matter is, you will get advertising - so wouldn't you rather get ads for something you're actually interested in?
Re:*Insert disaster scenerio here* (Score:2)
Yeah, except rape is illegal, not to mention just plain WRONG, whereas advertising is legal, and nothing more the best way people can try to convince you that you want their product. If nobody buys it, they'll go away.
To compare advertising with rape show you as nothing more than an arrogant child, and belittles what a horrible thing it is. Can a woman being raped simply ignore it? Can she hit the delete button? Can she change the channel???
Nice guy (Score:3, Insightful)
Okay, I'm all for new conviences, but I think this is quite a bit unfair. I ran a cash register for Marshall's starting when I was 16, and ending when I was 19. My highest drawer variance was 13 cents, and the most expensive thing i took home was a pen from a register.
During my time there, 13 people where fired for dishonesty, and there was no trend in the age- people of all generations got canned for theft, including a 63 year old lady.
Really, I'm 23 now, but is there that much a problem with the youth being dishonest nowadays, moreso then anyone else? Please, do tell me.
Re:Nice guy (Score:2)
I worked at a retail store for a summer job and once I had a signifigant variance (something between $20-$80, I don't recall exactly). Fortunatly, the owner knew I didn't steel (and I didn't), so he let me off the hook. I guess some random customer did very well on their change back that day!
So, a lesson. If the till is off a lot, it could just be human error (as it was in my case) instead of theft. Mistakes happen. On a side note, I did once catch a fake $100 bill by sight checking, so I guess it evened out!
Re:Nice guy (Score:3, Interesting)
You are right, dishonesty doesn't have a correlation to age. When you have a situation where the employee can steal an hour or two's wages easily, and unprovably, then its going to happen. I worked the register at a pharmacy back in the day. Everyone there was dishonest. Inventory, cash out of the register, accepting cash payments and never ringing the items up all occurred.
You definetly don't want your money handled by people who make minimum wage, but you can't afford to pay for trustworthy employees.
Privacy issues asside, cutting down on the amount of money that is handled cuts down on theft, which "theoretically" cuts down on store prices.
Note the theoretical, as the costs of pressing CDs has falled to almost nothing, but you don't see the costs of CDs falling with it.
Captain_Frisk out.
Re:Nice guy (Score:3, Interesting)
You're both wrong. While this is not to say dishonesty doesn't exist at all age levels, as any decent sociologist will tell you youth (particularly in the 15-24 year old age bracket) are more prone to criminal behavior. Crime rates drop off dramatically after that.
cutting down on the amount of money that is handled cuts down on theft
Admittedly, this comes from someone who has never worked in a grocery store, but don't most stores keep a pretty close eye on cash register draw balances? Seems to me it would be much easier to make off with store merchandise than cash out of your drawer. Which, if true, means this won't have a major impact on employee theft.
Re:Nice guy (Score:2)
At the same time, most of the 15-24 year olds are more likely to have these minimum wage jobs. I think I phrased my reply poorly. I'd agree that younger people are more likely to steal, but its defintly not all about the younguns.
Admittedly, this comes from someone who has never worked in a grocery store, but don't most stores keep a pretty close eye on cash register draw balances? Seems to me it would be much easier to make off with store merchandise than cash out of your drawer. Which, if true, means this won't have a major impact on employee theft.
At least at the place where I worked, while the register was checked every day. However, once in a while (particularly if you were covering for someone else during their shift) an employee could lift a 20, and at the end of the day, the boss just shrugs his shoulders. A co-worker of mine did this on a semi-regular basis.
Once, the register was $10 over at lunchtime (the morning cashier was not very gifted), my co-worker lifted a 20, and at the end of the day it was 10 under. Just for kicks, I was talking with the manager when she counted the drawers, just to see what would happen, and she said... "Well, it was $10 over at lunch, and $10 under now... see, it all balances out!"
Also, another scam was on items that had a very defined cash value (newspapers, cigarrettes) where people would just come in, give you cash, and leave. They didn't want a receipt. So they hand you 2.25 for a pack of cigs, and walk out. Since inventory isn't checked often as registers, theres no way to correlate inventory theft to an individual employee, but the employee gets to take the cash home. A non-cash based system destroys this.
Captain_Frisk out
Instead of poo'pooing... (Score:2)
More than one finger? Extra key items required? End user definable spending limits?
I would feel comfortable using this system if it was also combined with an alpha numeric password.
It still can be open for fraud... (Score:4, Interesting)
Amazed that a man would live so long, the London head-office naturally sent for the old man.
But they found nobody: turns out that the guy died some 30 years before. As he was illiterate, he endorsed his pension cheques with his thumbprint. When he died, the family "forgot" to notify the company, and they still cashed the cheques with his thumb, which was neatly mummified right after they cut it off...
Re:It still can be open for fraud... (Score:2)
if i find out... (Score:2)
Anybody got ideas on how I can conceal the fact I got a decaying hand with me?
Re:if i find out... (Score:2)
They'll get my fingerprints... (Score:2, Funny)
when they take them from my cold, dead hands.
Wait a minute -- this makes credit fraud potentially lethal, instead of just extremely inconvenient!
security paranoia? (Score:2)
What bugs me about this is that people shouldn't have to worry now--credit card fraud (which is not identity fraud) is covered by the credit card issuers. Even that $50 thing which is talked about is usually waived.
The only way this helps with fraud is that it reduces the amount of times the credit card is pulled out--obviously when your card is pulled out someone could quickly read the number and expiration date. (Hopefully all the merchants you go to no longer print the entirety of the credit card number and expiration date on the card. I just spoke in front of the Ohio General Assembly about passing a law to prevent that here.)
The vast majority of credit card fraud is online credit card fraud--which is an issue, by all means. However most companies have address verification now, and if the fraudster gets your address, then you got another problem altogether.
Fraud with a card in a store is too expensive and personal, and is generally avoided. It does happen (a fake credit card printed with your credit card number and expiration date, a fraudster's credit card remagnetized with a new credit card number, and in unusual situations, a stolen card with a new signature strip.) The least likely is someone just using a stolen credit card as is.
I think what's funny is that, as I said, credit card fraud is not identity fraud. However, by tying the credit card to your fingerprint, suddenly subverting the system becomes identity fraud. That's progress for ya.
Technologically, it's neat. (Score:2)
Keep in mind any time you let the store handle the financing, and don't use cash, you are paying more than the price of the item.. you are paying with your privacy.
Biometrics CAN BE FOOLED...here's how... (Score:2)
This method solves the texture problem (if done correctly), the color is easy to duplicate, and the pulse...well the imposter also has a pulse so getting around that is piece of cake!!
Iris scans are also vulnerable by using a similar approach...one takes the iris image of the victim and imprints it onto a contact lenses and then wears them...how would an iris scanner be able to tell the person is a imposter...it probably wouldn't...so much for biometrics.
And that's the problem...many people assume that biometrics are fullproof, but in reality they are far from it...
Now one may say..."nothing is 100%, but biometrics is very secure"...that may be, but in those instances where a system is compremised, there is then NO WAY TO REVOKE AND REISSUE A NEW KEY since biometrics by their very nature are difficult to change unless one wants to undergo very expensive surgery.
Bottom line is that biometrics, like any security method is not fullproof and needs to be used wisely; or in some applications should not be used at all.
What's the difference? (Score:2)
Right now, they track all sorts of stuff (I used to work at a grocery store that implemented a loyalty card program) ... with biometrics it's even easier.
On the plus side, since biometrics are perceived to be "more secure" than a loyalty card, let's add the possibility to store your payment information in a Windows IIS Server that is located at the central database.
Now you can even pay as well as sending your buying habits ...
I've worked with biometrics ... once you get past the bullsh^H^H^H^H^H^H white papers ... its actually one more piece to go wrong with the system.
Re:What's the difference? (Score:2)
"Frequent shopper" cards are easy and fun to trade with your friends! Try it!
Fingers are not so easy or fun to trade.
John Doe can get a frequent shopper card (Score:3, Insightful)
If they insist on my fingerprints, I'm outta there.
Lifting Prints (Score:2)
Just notice what finger the purchaser in front of you uses, when you buy your groceries you lift the print, then go home and transfer that to some vinyl/rubber/whatever mold/model, and apply to the apropo thumb.
Then you just shop at times when the store personnel aren't likely to know the person you've stolen the print from, or even another store completely. If it doesn't work (I'm sure that even for the real person this might happen occasionally) just pay with cash and be on your way.
Like others have noted, Schneier wrote about the downsides of biometrics in "Secrets and Lies". I was ok with them as an id device until that book.
Of course, I've just tagged myself as a subversive element in the Echelon database. Let's just hope they don't have a Tempest surveillance system on me as well.
Batman! (Score:2)
"I don't know who you are, so I'll take you to my super-secret hideaway to discover your identity. What, you're a super-villan? I never would've guessed. Your disguise was transparent but strangely effective."
Triv
How did they get it accurate enough? (Score:3, Informative)
The few systems I've encountered, fingerprints are not used to uniquely identify people, just as a verification - people still need to swipe a card or enter a pin, then the fingerprint is used for verification.
Do they have a new technique? There's nothing on the Indivos or Bioscrypt websites stating the crossover rates etc.
Interesting socio-political notice (Score:3, Insightful)
Thriftway, despite there name, is an establishment that caters to the middle and upper class portions of society. Their customers tend to be retired citizens or soccer moms.
Besides the very fact that I get damn nearly nauseous just going in there (no seriously, I think that they sprayed the damn place with "odor of extravagant spending" or something ), candy bars alone have a 200% price market from the local safeway. Ouch.
They rarely have any sales (or at least any that reduce prices to something halfway decent) and have 'guided tours' of their stores (what the hell ever. . .
Annyways, as I way saying. . . . ok actually no point to this message other then to say that the middle and upper classes suck. -_-
--- teh classissist
Hmmm... (Score:3, Funny)
Maybe, if someone could develop a system with, say, a two by three inch plastic card with someone's name on it, we could circumvent the whole deal. Yeah, it would be great! No more worrying about whether the machine would work, or your fingers were dirty, or someone had your prints - just slide the card and go through. We could even put a strip with bumps or - no, I've got it - a _magnetic strip_ with information identifying that person! As long as you didn't lose it - a far easier eventuality to avoid than, say, accidentally leaving your fingerprints on something - security would be perfect.
You think it'll catch on?
Oh no! (Score:2, Funny)
"handy" indeed, there's always someone who pays (Score:5, Insightful)
Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.
Sincerely, fingerprints were not made for shopping.
A couple of points (Score:2, Interesting)
The two big problems with this are the likelihood of misidentification and the fact that you can't just get a new fingerprint if somebody gains the ability to buy stuff with yours. (I feel the tracking problem is less severe because people are already tracking us with credit/debit card numbers and the world hasn't ended)
The identification problem is a very hard. As our pal Schneier likes to point out, a system that answers the question "is this person who they say they are" with impressive accuracy isn't necessarily any good at answering the question "who is this person". The accuracy drops fast as the number of people in the system increases. But don't throw out this system just yet. Is the base accuracy high enough, or can we keep the population low enough for the error rate to be acceptable? When Phil in L.A. is scanned at the supermarket, do we really need to consider Joe in N.Y. as a possible match(*)? Can we weed out more people with other checks before the fingerprint match is performed? I don't know the error rate of the best fingerprint matchers, but I need to know that, and the population size, and do the math if I'm going to reject a fingerprint id system on grounds of the misidentification risk.
The other big problem is devastating to your ability to use a biometric id system, but not to anything else. A stored reading can be marked as compromised in the system so an attacker can't use it any more. You won't be able to use it either, but you haven't lost anything you had before the system was put in place (unless some pea-brain decides that this shall be the only way to pay). You haven't even lost everything you gained when the system was implemented. You now have a choice to dictate that only a debit card + a finger print is enough to make a puchase with your account, which is safer than the credit card alone, although no more convenient.
Please, truly consider the benefits and liabilities of any new system and the system it replaces. At the very least, it'll make for more stimulating discussion than an endless stream of "this is bound to fail catastrophically" posts.
* And when Joe travels to L.A., we know where he is because we tracked his ticket purchase ;->
Re:Haven't they seen The Sixth Day? (Score:2)
Re:Haven't they seen The Sixth Day? (Score:2, Informative)
Re:Low tech implementation (Score:5, Interesting)
I design software for biometric systems and although I don't know where they are installed at, the US Gov. is our largest client. *NO* current systems verify a third dimensional component. The neural network that IDs the print is fed many parameters. Amongst them is color (as you stated), thumbprint temperature,ambient and outdoor temperature (because the human extremity body-temperature is so dependent upon the environment), plus many more features from the actual 2-Dimensional image. There is no 3-D component.
You might argue that the angling of the scanning lasers adds a third dimensional component (a shadow) to the 2D image, but this is still something that could be duplicated given an image.
A very basic components analysis of the Neural Network will show that the thumb temperature is an ineffective means of classifieing the print, yet where I work, marketing insists that we continue to use this. That is why we have tried to increase the temperature importance by also including ambient temperatures, but mostly, the temperature is useless as a classification feature.
As far as taping a photocopy of somebody's fingerprint to the scanner this won;t work. Our scanners are color images, and the light from the photocopier has to come in at the same angle as the lasers. Using a pane of glass, a red light angled in the right direction, and a camera, we have been able to create photos that pass for fingerprints ~97% of the time. The percentage would be slightly increased if you kept the image in your pocket (body-heat) until placing it on the thumbprint scanner. This number approaches the number of false-negatives that you get with any thumbscanner.
Using biometric information creates a *real* problem for identity theft. Bruce Schneier points this out in his second book. If the advanced criminals can't reproduce your thumbprint, then they might as well intercept your biometric going from the scanner to the computer and reproduce that on all subsequent machines.
This is something that I will definitely opt out of in the future. Using a pseudo-random key generator on a cel-phone and having it transmit the key would be more accurate than a biometric.
Re:Low tech implementation (Score:2)
Or they'll just cut of your thumb, keep it nice and warm and have nice and easy access...personally, I'd rather just have my keycard stolen
Re:Low tech implementation (Score:2)
So let's hope that the criminals are up to date in the latest advances of fingerprint scanning and are also aware of this small problem.
While I was semi-joking in my previous post, I gotta wonder how many people will get fingers cut off when fingerprint scanners become commonplace. A digit could be worth a lot of money for a couple of hours at least. And somehow I doubt grocery stores will go for the very advanced and secure systems that would be able to detect anomalies such as lack of pulse or body heat.
Re:Low tech implementation (Score:2)
Re:Low tech implementation (Score:2)
The number of input nodes depends upon the length of the feature vector, which varies from machine to machine (and with firmware upgrades). The output layer also varies from machine to machine, depending upon if we want a confidence measurement, and a few other factors. The hidden layer is dependent upon the training. for preprocessing, a PC uses a backprop/simulated annealing/GA combo. The genetic algorithm only changes the number of nodes in the hidden layer and picks from a small subset of the features, thus it isn't much of a GA. We figure, this way the GA can remove the temperature features without the marketing people bothering us about it. The simulated annealing is because the training is rerun on the PC whenever a new thumb is entered into the database, and a IMHO, every trainer should use simulated annealing to speed things up. Especially on low-end hardware.
Pretty much all biometric tools work this same way. We've reverse engineered some competitors, and found similar systems, so I'm not really giving away any trade secrets here.
Re:false positives? (Score:2)
We have some room for error for false-negatives, but I agree that those are annoying.
Re:Low tech implementation (Score:3, Informative)
Re:Low tech implementation (Score:3, Interesting)
No, it doesn't, because you're BUYING GROCERIES.
It doesn't have to be impenetrable. There are easier, and less detectable, ways to fraudulently buy groceries. You think nobody on line behind you is going to notice you walking around with a photocopy of a fingerprint TAPED to your THUMB?
The supermarket is not your lab, Dr. Biscuit.
Re:Low tech implementation (Score:2)
Yes, I think nobody would notice. Not if you were discreet about it, and the photocopy was small and colored the same as your finger.
OT: Welcome to the Troll Hunter(tm)! (Score:2)
DrBiscuit is a new form of troll interesting I caught it after it's 3rd post. Posing as a female los alamos empolyee the troll seems to have an agenda of seeing if the false id can garner support. An interesting addition to the
Join me next week as I Mongoose the troll hunter search for the elusive first poster
Crikey!
I see one now!
Re:Low tech implementation (Score:2, Funny)
Re:Oh, I see.. (Score:2, Funny)
It's called Singapore.
Re:I LOVE IT!!!! (Score:2)
Unless someone mugs you and takes your fingers.
Re:great! awesome!! (Score:2)
Think again.
Re:Purchase beyond the limit? (Score:3, Funny)
I think everyone would give them the same finger.
Re:What about wounds? (Score:2)
Re:The best part (Score:2)
nah, it's because they just waste on having fun.