Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Businesses Technology

Fingerprint Payment System Gets Financing 179

prostoalex writes to tell us Yahoo! News is reporting that Pay By Touch, an electronic payments startup that connects your fingerprint to your wallet, has received an additional $130 million in financing to move forward with their biometric payment system.
This discussion has been archived. No new comments can be posted.

Fingerprint Payment System Gets Financing

Comments Filter:
  • Oh, great. (Score:5, Insightful)

    by Pig Hogger ( 10379 ) <pig DOT hogger AT gmail DOT com> on Tuesday October 04, 2005 @08:58PM (#13718942) Journal
    Now, thieves will cut the fingers off people they mug.

    Isn't technology wonderful???

    • Re:Oh, great. (Score:1, Insightful)

      Its already a method of stealing cars that have biometric access. There was a story awhile back (I think here on Slashdot) that mentioned a man getting his finger cut off when the perps realized they needed it to start the car.

      Biometrics is a technology we can do without.
    • Unreliable (Score:5, Insightful)

      by Cave_Monster ( 918103 ) on Tuesday October 04, 2005 @09:06PM (#13718983)
      We use fingerprint technology at work. Without scanning our fingerprint (in addition to entering a personal code of digits) we cannot get through the door. On occasions this scanner fails to recognise your fingerprint and after a few tries, you either try a different door or get someone else to scan their fingerprint. I cringe at this to be used for payments for this reason, not to mention somebody using standover tactics and forcing you to pay for their purchase or even like the parent mentions, getting your finger cut off.

      • Totally agree. Half the time the credit card scanners at the grocery store don't read my card as it is. I can only imagine how quickly the finger scanners will wear out and then you sit there waiting for the cashier to call the manager who is the only one that knows the special code to override the damn finger scanner...

        Credit cards (or better yet, something like the Mobil Speedpass) are perfectly fine for now. No need to spend all the money upgrading the systems just yet...
      • Re:Unreliable (Score:5, Interesting)

        by utnow ( 808790 ) <utnow@yahoo.com> on Tuesday October 04, 2005 @10:20PM (#13719324) Homepage
        I can think of at least one thing that would make the system a bit more secure.

        When you sign up to use the system, they scan all 10 of your fingers. You assign one (one per hand?) of them as the proper finger(s), and the remaining fingers serve as ALERT fingers. So assuming (like in your scenario) someone is standing over you with a gun you can proceed with the payment (or whatever) as usual (aka, you don't get shot), and the athorities can be alerted that you're in a 'situation'. Just use the wrong finger. Since you set your own 'correct' finger, the guy/gal won't know you've done anything, and will at least think twice before putting a gun to your head and telling you to do it. They can't just cut them all off and try them all since the chance of scanning the wrong ones is too high (8 or 9 out of 10) unless they watch you do it before approaching you. I'm rambling... you get the picture. 3
        • Re:Unreliable (Score:3, Insightful)

          by Heisenbug ( 122836 )
          When you sign up to use the system, they scan all 10 of your fingers. You assign one (one per hand?) of them as the proper finger(s), and the remaining fingers serve as ALERT fingers.

          That strike me as 1) an easy secret to steal 2) difficult technology to implement 3) pretty likely to yield false positives, either by misreading or by user error 4) way harder than just using a credit card.

          Sorry, I think I'm actually talking about the whole system here. Carry on ...
        • Do you have any idea how incredibly stupid most people are. How often do you think someone is going to press the wrong finger onto the scanner by accident. After the first time, the police department is going to stop sending in a SWAT team and just call the store and ask if they have another very confused customer.
          • Love your .sig

              main(){while(new int);}

            I just had to see if it would really compile. Then I just had to run it.

            Now it's eating up 100MB / second. Neat.

            It does seem to be capped at about 550MB though (1GB RAM, XP Pro SP2). Anyone know why this would be?
        • Interesting idea, but I don't think it will work.

          People won't remember which fingers are "good" and "bad" - you'll get tonnes of false alerts. Ask your helpdesk guy how many people (the same ones) call in every monday for a reset - It's depressing.

          I don't think using a single digit for a password/token is too bright either, for a couple reasons:

          1. If you lose a password, it can be changed. If the algorythm that turns your fingerprint into a hash is cracked you're screwed - you can't get the helpd
        • by jdfox ( 74524 )
          Here's a helpful diagram of the proper finger [hypercreations.com] to use. As you can see, this method of authentication is so simple that anyone can use it.
          Note also that the the remaining fingers serve as ALERT fingers.

        • A lot of this assumes that people aren't stupid - an assumption I'm hesitant to make.

          Alternitively, a finger print system could store baseline data on the payee as well. Information like average heart rate, body temperature, skin conductivity and the like would allow the payment system to determine stress levels.

          An elevated stress level would then result in a security check, requiring that the payee produce photo-id and have a face to face with a teller or somesuch. While this would decrease the convenien
        • assuming (like in your scenario) someone is standing over you with a gun you can proceed with the payment (or whatever) as usual (aka, you don't get shot), and the athorities can be alerted that you're in a 'situation'.

          Or it spits out a $5 bill and a receipt that states you have overdrawn your account. Of course I already use that security measure.
    • Re:Oh, great. (Score:5, Interesting)

      by turg ( 19864 ) * <[turg] [at] [winston.org]> on Tuesday October 04, 2005 @09:08PM (#13719000) Journal
      Now, thieves will cut the fingers off people they mug.
      Oh, yeah. The thief will just take the severed finger into the grocery store and use it right in front of the clerk. That'll work real well.

      Seriously, though, there are biometric devices that confirm whether the finger is the correct temperature.
      • by Anonymous Coward
        Seriously, though, there are biometric devices that confirm whether the finger is the correct temperature.

        That's why you carry them in your mouth until you need them.
        • If someone would cut off another's finger than they would also have to kill that person so that the person could not call customer service and report it. They would also have to get rid of the body so that no one would find it and also report it. They would also have to insure that the victim did not have anybody who cares about them and would also report the fact that they are missing. The risk would far outweigh the benefit even if the victim had zero balance and a few thousand dollars of credit. Most
      • Are Pay By Touch's machines among them? (TFA doesn't say...)
      • Comment removed (Score:5, Informative)

        by account_deleted ( 4530225 ) on Tuesday October 04, 2005 @09:33PM (#13719129)
        Comment removed based on user account deletion
        • Yup, and what's worse, if you have your credit card number stolen, you just cancel the card and get a new one. If you have your fingerprint stolen, the thief has a permanent personal identifier for you forever.
      • Oh, yeah. The thief will just take the severed finger into the grocery store and use it right in front of the clerk. That'll work real well.
        Why not? They don't look at your signature and make sure that it matches your name. Hell, they don't even care if you don't write WORDS! A new feature at fast food places is that you present the credit card, and you dont even have to sign if it's under $25.
      • What about raynauds Syndrome. My Own mother suffers from this and causes her fingers to go cold. She wouldn't be able to buy groceries in the winter if the scanner checked temperature. For about an hour after being outside in the cold she has "dead fingers" they get all white and look kinda like deflated baloons. It's gross. Here's some back ground info. http://www.niams.nih.gov/hi/topics/raynaud/ar125fs .htm [nih.gov]
      • "The thief will just take the severed finger into the grocery store and use it right in front of the clerk."

        Why pay $5.15 an hour for a warm body when this fingerprint system means you have less reason to have someone around to handle cash?
    • Just wait for the retina scan!

      You ain't seeing nothin' no more...
    • Trusted Metrics (Score:2, Insightful)

      There is a more profound problem with using body parts for trusted metrics, which has been brought up on this site and others before. If your "ID" is stolen, you cannot change it. Until, and unless, we can secure digital information (doubtful from this perspective), biometrics will remain interesting but unuseful in wider implementation.
      • Re:Trusted Metrics (Score:2, Informative)

        by tboult0 ( 880064 )
        Actually the are number of revocable or cancable biometrics-based technologoies being developed. Securics.com has one and IBM has had many recent press releases on their work. These at least protect against database hacks/insiders so that when (not if) a database is compromised. Also recent work at MSU has show real progress on a fuzzy vault that hides digital keys in a fingerprint. Securics even has a version that mixes a pin/passcode with the cryptograpically transformed print, but neither is stored
    • Malaysia car thieves steal finger http://news.bbc.co.uk/2/hi/asia-pacific/4396831.st m [bbc.co.uk]

      ...

      The car, a Mercedes S-class, was protected by a fingerprint recognition system.

      ...

      But having stripped the car, the thieves became frustrated when they wanted to restart it. They found they again could not bypass the immobiliser, which needs the owner's fingerprint to disarm it.

      They stripped Mr Kumaran naked and left him by the side of the road - but not before cutting off the end of his index finger with a mache

    • And now you'll think twice when a friend says...

      "Hey, can you lend me a hand?"

  • by Jackie_Chan_Fan ( 730745 ) on Tuesday October 04, 2005 @09:02PM (#13718953)
    ... actually i'd like to pay for everything with my middle finger...

    Fucking sweet.
  • Seriously... (Score:3, Insightful)

    by Anonymous Coward on Tuesday October 04, 2005 @09:02PM (#13718959)
    ...what is wrong with my credit card?
  • by jasonditz ( 597385 ) on Tuesday October 04, 2005 @09:03PM (#13718962) Homepage
    That's going to make it a bitch to type.
  • yeays, just another place that will log my fingerprint ... lets see people getting access to my personal information that I might not want hrmm, that must be good. I never liked the idea of even the government having my fingerprints on file, so I always opted out of it during the 'class' field trip to see what the government office was like. I like the idea of heat patterns for this instead because that doesn't leave a trace that someone can duplicate unless they have a thermal monitor and something to re
  • by turg ( 19864 ) * <[turg] [at] [winston.org]> on Tuesday October 04, 2005 @09:04PM (#13718969) Journal
    From the article:
    Here's how it works: Customers sign up once, by registering a checking account or a credit card, and showing government identification such as a driver's license. The Pay by Touch technology records the lines and ridges of their fingerprints, and translates the data into a numerical algorithm that is stored in a secure database.

    [ . . . ]

    Pay By Touch is sharing the cost of each installation, and it gets a fee per transaction of between 12 and 14 cents, he said.

    That is cheaper than what stores pay for alternative payment methods, he explained. A credit card transaction typically costs a store about 60 cents for an average $25 purchase of groceries. A debit card costs a store about 50 cents
    But it is a credit card or debit/check card transaction. So how are the debit/credit card fees getting paid?
    • by Kohath ( 38547 ) on Tuesday October 04, 2005 @09:25PM (#13719088)
      Once you're identified, the store writes an electronic check from your bank account. The credit card companies aren't involved and don't take their cut.

      The system is much cheaper for stores than credit cards. 60 cents Visa gets is more than ~15 cents Pay by Touch + check costs

      I see these every time I go to the grocery store. I always wonder: what's the benefit to me? What do I care if the store saves 45 cents?
    • It's not a credit transaction per se. You are granting the the store permission to take money out of your bank account electronically any time they want. You are trusting that they will actually only do this when appropriate, but you have no way to be sure. And once you grant them access to your account, the only way to cease their access is to close your bank account and create a new one.

      A number of people have had major complaints with companies that do this sort of thing - because they may and do just ke
      • And while you can tell them to stop - they still have access to your account and you can't make them stop. Period.

        This is why I never use my bank card for anything other then the ATM or emergencies. If someone commits fraud on my bank card, my bank account will be empty until I can get it sorted out with the bank. I know people that have had this happen and it has taken weeks for them to get any money at all, even from their direct deposit paychecks.
        Using the credit card get around this, because if I see ba
        • Some times, debit cards wind up being backed just like a credit card is, with any transactions being disputable just the same. Now, while there is the whole issue of them pulling money from your account directly, it actually worked to my benefit once, when my debit card was stolen. I believe the thief charged gas to it, to ensure it was working, and then tried to go buy a TV or something. As I had all of $40 in my account, paying for gas worked, but the larger purchase failed. Of course, nowadays, they'd ac
    • The article does a lousy job at explaining that (I read that the 12-14 cents per transaction go to Pay by Touch.)

      The Merchant FAQ http://www.paybytouch.com/merchants/faqs.html> on the site says...

      What is the cost to me?
      As a merchant, you make a small investment in the Pay By Touch hardware and processing. This investment is quickly offset, however, by savings you'll realize due to less fraud, shorter tender times, payment type shifts, and the repeat business you can expect from offering your customers a
  • shitest idea ever (Score:1, Redundant)

    by timmarhy ( 659436 )
    yes great when someone steals your finger print your fucked aren't you. not to mention it's the easiest to steal and duplicate
    • Very well said. It is incredibly easy. As shows like CSI keep showing, you can get a person's fingerprints pretty easily. Shouldn't be hard for an enterprising criminal to swipe a few fingerprints each day. Especially if he works around wealthier people, he can get "good" ones.

      But, it'd be hard to graft onto your finger, and you'd look weird swiping a piece of paper or whatever over the finger swipe.
      • Depends, with some effort you can probably create a nice skin-colored fake patch to put over your finger. You really only need it to stay on and look real from a distance. You can probably even use a rather crude mold if you're decent at concealing it when using it.
  • Which Finger? (Score:3, Interesting)

    by NtroP ( 649992 ) on Tuesday October 04, 2005 @09:05PM (#13718977)
    I have a chronic problem with the skin of my thumbs and occasionally my index finger. Do I get to choose and alternate finger? Multiple fingers?
  • Don't sign up for this right away. Wait a while for the bugs to get worked out, and for the early adopters to get robbed blind. Only when the bugs worked out should anyone who is technically literate sign up for this.
    • If everyone did that, it would never get off the ground.
    • Anyone technically literate, as you put it, would never voluntarily give their fingerprints to any government or business. Regardless of how "secure" they say it is, it WILL be obtained and used to make you a suspect in any crime or suspected crime where you have touched anything nearby. It *will* be used to obtain your identity without your consent in all kinds of creative ways.
    • yeah don't sign up right away.

      wait a while, like say 50 years or so.

      let the bugs be worked out.
  • by timmarhy ( 659436 ) on Tuesday October 04, 2005 @09:07PM (#13718984)
    some dirty sod will sitck their finger up their own arse then use it no doubt.
  • by Crixus ( 97721 )
    Is there anyone here who would actually USE this?
  • by Foktip ( 736679 )
    so... all i have to do to pay, is give them the finger!
  • How do I... (Score:1, Offtopic)

    by slashname3 ( 739398 )
    How do I get the tin foil hats to stay on my fingers now?

    And I have this neat idea for a glove that captures finger prints when you shake peoples hands...wonder if I should patent that idea?

    Now I just need to figure out how to setup a meeting with Bill Gates and shake his hand....

    Profit!
  • Copy-proof? (Score:5, Insightful)

    by Anonymous Coward on Tuesday October 04, 2005 @09:12PM (#13719020)
    One wonders how secure this is after seeing how relatively simple [cryptome.org] it is to create a fingerprint mold from nothing more than a residual fingerprint.

    The information in credit card magnetic strips can be copied, but the person copying the credit card must at least have physical access (even if only temporarily) to the card in order to make a copy. Using fingerprints, however, is like writing down your PIN on everything you've touched...
    • MOD PARENT UP! (Score:5, Insightful)

      by Spy der Mann ( 805235 ) <spydermann.slash ... com minus distro> on Tuesday October 04, 2005 @09:16PM (#13719046) Homepage Journal
      Seriously - have you guys thought how many FSCKING FINGERPRINTS are there in the streets? Any glass, seat, trash can, paper, door handle, glass, clothes, suitcases...

      sheesh! With credit cards at least someone had to steal it first! But now it only takes some scotch tape to do the job. What are those morons thinking?
      • Re:MOD PARENT UP! (Score:4, Insightful)

        by game kid ( 805301 ) on Tuesday October 04, 2005 @09:22PM (#13719078) Homepage

        Add me to the Mod Parent Up® petition. Thoughtful of both of you (parent and GP).

        More and more it feels like a shortcut for corporations to find targets for what I call PPA1.

        1 Professional Personal Annoyance, or "targeted advertising"

      • What most people do not understand here is that fingerprint biometric companies are working hard at creating methods of inhibiting entry with anything but live human skin: known as anti-spoofing.

        Coupling this with subcutaneous sensor technologies that image the live (saline) layer of the skin, spoofing the fingerprint biometric system becomes prohibitively nontrivial. (Read: the techniques needed to to crack the system are only known to the developers of the system, as the anti-spoof technology itself is h

  • No way (Score:5, Insightful)

    by evil agent ( 918566 ) on Tuesday October 04, 2005 @09:13PM (#13719031)
    This can't possibly catch on, can it? I mean why would you entrust your confidentiality to something as insecure as a fingerprint? You leave it everywhere you go! Imagine that everytime you leave a room, you leave behind a piece of paper with your credit card number written on it.
  • by Errandboy of Doom ( 917941 ) on Tuesday October 04, 2005 @09:22PM (#13719076) Homepage
    ...change your fingerprint every 6 weeks:
    How To Fake Fingerprints [www.ccc.de]
    • Informative? I wasn't aware of fingerprints changing over time. However, if the parent was trying to imply that unlike passwords which can be changed, fingerprints cannot, then I would wager that his comment lies closer to 'Insightful'. Of course, the parent could have also been attemping to be humorous, which in that case, I apologize for killing the joke >:-/
  • Unless everyone starts wearing gloves, they'll be leaving their fingerprints on their wallets.
    Well, at least the leather ones. And if not there, then on their credit cards, inside.
    So now, the thieves just have to be extra light-fingered, so to speak, and then they can go back to their lair, turning the goods over to their boss, who has some tape ready...

    Good news is, at least Oliver will eat more regularly, since Fagin probably won't have to worry about PINs any more.
  • Retinal Scanner (Score:5, Insightful)

    by Dan East ( 318230 ) on Tuesday October 04, 2005 @09:31PM (#13719120) Journal
    Considering the patent is about to expire on retinal scanning, they ought to wait a few more months and utilize that type of biometric. It is much harder to forge, more accurate, and does not require physical contact (which spreads germs).

    Dan East
    • Actually, the patent already expired. Here's the previous Slashdot story covering it:
      http://science.slashdot.org/article.pl?sid=05/07/0 9/2011249 [slashdot.org]

      Dan East
    • Considering the patent is about to expire on retinal scanning, they ought to wait a few more months and utilize that type of biometric. It is much harder to forge, more accurate, and does not require physical contact (which spreads germs).

      There is one basic problem with biometrics. If it is transmited, it can be intercepted. All I need to be able to do is copy the digital transmision of the retinal patern as it leaves the scanner (as in the physical scanner, not the "ATM" device) and play it back whene
  • Actually i don't know that it would be that much easier for you to purchase items fraudulently with a skin swipe versus a card. The hell would you do if someone came up to pay with a severed finger or a peculiar latex glove on the credit finger. I think it might be a little easier to pass with a credit card, especially since no one checks to see id. I think if they are getting hundreds of millions of dollars to piss all over R&D I think something somewhat knowledgable can come from it. That is unles
  • I am not a crypto or security expert, but I gather most experts agree that the more pieces of information you need to provide to be authenticated, the better. For instance, the combination of a personal password with some certificate/token on a USB key is (theoretically) better than either acting alone. Many of the comments in this thread make the point that fingreprints are pretty easily lifted and forged. So, perhaps it is not of much use, from a security standpoint, as a stand-alone authenticator. If

    • So to buy something, you have to swipe your card, have your thumb scanned, look into the retinal scanner, provide saliva, stool, and urine samples. To get your Dove bar and Chocolate Milk.

      "Cash."

      The more complicated these systems become, the less retailers will want to deal with it. I mean, Discover can't be the first one to do this or no one will take Discover anymore.
    • Something you know, something you have, something you ... are?
    • Combining the fingerprint with a physical token sounds like a great idea... assuming you can convince all customers to manipulate that token using only their toes, so as not to leave fingerprints all over it. Its like requiring a password from everyone who presents a credit card to you -- handily recorded on the reverse side of the credit card in case they forget it!

      The scary thing is people actually DO that... but thats largely to "prove" physical access to the card in the context of an Internet transa

  • by roughapprox ( 887427 ) on Tuesday October 04, 2005 @09:40PM (#13719154)
    Hey kid, thumb a hundred bucks will ya, help save the clocktower.
  • Ok, so i had another joke too...

  • Oh jeez, I read that as "Fingerprint Pavement System."
  • So now it will be easier for me to make impulse buys which I certainly can do without (I don't have a nano yet and that is mostly due to the fact that the Apple store is a few miles uptown)

    AND

    Now getting mugged on the way home from work will involve permanent dismemberment... great. Maybe they could make something like those anti-mugging belt wallets for when you visit countries with high crime. It would basically keep your hands in your pants all the time to make them unavailable to theives. I am patent
  • by mixmasterjake ( 745969 ) on Tuesday October 04, 2005 @09:58PM (#13719238)
    I'm sorry sir, your finger was declined. It says here that we're supposed to cut it up...
  • is it just me... (Score:1, Flamebait)

    by krunk4ever ( 856261 )
    or did anyone else read the topic as:
    Fingerprint Payment System Gets Fingering

    i need new glasses.
  • after work, my hands can be dirty as hell.. i hope that wont effect it
  • I lost my wallet. I'd like to be able to call it and hear it ring so I could find it, or talk to the person who found it. Of course this idea isn't for serious.
  • This technology could be easily paired up with some sort of pass-code (Like the PIN number you use with a debit card), and it would be even more secure. Sure, it may be easy to dupe a fingerprint, but with the added pass-code, it would be much harder to fraudulantly use.

    Personally, I would never trust my financial assets on a finger-print alone. I think the only bio-metric device I would trust alone without some additional form of security is a retinal scanner.
  • If you view the flash demo [paybytouch.com] on the paybytouch [paybytouch.com] website, you will discover that the system only makes the need to carry the actual (plastic) credit card redundant. You will still need a checking account or credit card account to charge the purchase. In the demo you can see that you are give a choice on how you wish to pay, presumably from your payment choices given when you first registered for the system. You will also notice in the demo you are also required to enter a PIN number.

    More information can b
  • I shake my head with sadness as the early technology adopters blindly increase the dangers to our general public without much forethought...

    General populaces are at increasing risk due to:

    1. Loss of biometric data (finger detachments, eyeballs ripped out)
    2. Duplication of biometric data (back-end hacking; once stolen, always stolen; you are non-revocable)
    3. Transference of ancillary foreign objects (Infectious disease; fecal matter; Leprosy; Acid; Alkalinity)

    It is a non-starter. Only takes one plague to av
  • I know a lot of the comments about this will be that fingerprinting is not any more secure than using a CC number... that the digital data of the fingerprint can be intercepted along the way and used.

    But couldn't the fingerprint somehow be used as a hashing function. For example, lets say your bank scans in your thumb print in a 1000 x 1000 32 bit array and has it on record.

    Now, when you go to the store, instead of the machine scanning in your entire fingerprint and sending it to the bank, the bank sends to
  • The ideal method of identification will require something you have (card or fob), something you know (PIN or password), and something you are (fingerprint, retinal scan, photo ID.) For many purposes two of these may be sufficient, but a system that uses only one of these methods is by default insecure, and the least secure out of all of these is fingerprints.

    Severed fingers should be the *least* of anyone's worries--rest assured, working artificial fingers *will* be developed. Even better, the fingerpr
  • Signing slips of paper is a good system: each individual signature is hard to duplicate in its original form, the terms (total amount etc.) you agree to are clearly spelled out on the piece of paper, and both sides get a copy. All these electronic payment systems have the problem that the credit card company or store can, potentially, generate arbitrary numbers of transactions and you have no physical basis on which to challenge them ("please produce the credit slips"). With credit cards, you have some le
  • This is an extremely bad idea, since while you can cancel a credit card, you can't cancel your fingerprints . It's just a matter of time before someone figures out a way to use a fingerprint gathered by some undetermined means (discarded coke can, mail-in response form, etc...), scans it and spoofs the terminal into draining your account. And since it's allegedly been "signed" by your print, you can't refute it.

    Quite frankly, this system scares the heck out of me.
  • I find it amazing that this article about a new use of technology has not a single positive comment on it. Why is everyone on Slashdot so against the use of technology to make our lives easier? Reading through the comments I see all these far fetched ideas of how the technology is going to be abused.

    Yes, anytime something new is developed or implemented, someone is going to try to find a way to use it to commit fraud or do some bad thing. Believe it or not, everything has risks.

    If you folks had been aroun

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...