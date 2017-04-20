Please create an account to participate in the Slashdot moderation system

 


Mastercard said on Thursday it's beginning trials of its "next-generation biometric card" in South Africa. In addition to the standard chip and pin, the new cards have a built-in fingerprint reader that the user can use to authenticate every purchase. From a report: Impressively, the new card is no thicker or larger than your current credit and debit cards.

  • I've been wondering for quite a while when we could have something like this. The question is how the processing works for the card, for example
    a) Does it process against a chip in the card which allows the card to pass information to the pin-pad or not (good to prevent use of stolen cards)
    b) Does it process against the pin-pad allowing a transaction to be verified (good to transactions from cloned cards)

    The first choice is good to reduce the more immediate impact of card theft, and better from a privacy p

    • Re: (Score:2)

      by Nidi62 ( 1525137 )

      I've been wondering for quite a while when we could have something like this. The question is how the processing works for the card, for example a) Does it process against a chip in the card which allows the card to pass information to the pin-pad or not (good to prevent use of stolen cards) b) Does it process against the pin-pad allowing a transaction to be verified (good to transactions from cloned cards)

      The first choice is good to reduce the more immediate impact of card theft, and better from a privacy perspective. The second is more effective against somebody cloning your card - which around here is more common - but it means that your CC company presumably needs your biometric info. It also allows the use of fingerprints as a password replacement (pin-pad)

      It could be built in to the opposite end of the card from the chip. So as the chip is inserted in the reader, your finger is over the built-in scanner authenticating that the person using and holding the card is the person that owns the card. Might help for stolen/cloned cards, but it wouldn't do much for cards that were fraudulently issued due to identity theft, as the thief could just open and register the card using their own fingerprint.

      • Re: (Score:2)

        by Luthair ( 847766 )
        I have to imagine with physical access couldn't a thief circumvent the reader to simply OK the transaction.

    • The second is more effective against somebody cloning your card - which around here is more common - but it means that your CC company presumably needs your biometric info

      Don't they just need a one-way hash of your biometric info? But the second way is more likely since otherwise the card will need a battery to power that processing internally.

      • A hash is not enough. Fingerprint matching is a notoriously fuzzy process because fingers deform under pressure, they get damaged (cuts, burns), etc. The matching process works by doing a "good enough" comparison between the newly-acquired image and a pre-digested "template" computed from the enrolled image.

  • In an area where cutting off arms doesn't give some people pause - what could go wrong??

  • not foolproof (Score:3)

    by MickyTheIdiot ( 1032226 ) on Thursday April 20, 2017 @03:00PM (#54271737) Homepage Journal

    There are other things you can comment on like above, but I there are other ways this can go wrong as well.

    I have been diagnosed with bad eczema on my hands recently, and it mostly affects the tips of my fingers. The sensor on my Nexus will now periodically stop accepting my fingerprint scans until I log in with another authentication method and rescan them.

    If you don't have any backup ways to provide authentication there are cases where people will get locked out for medical reasons. That won't be extremely common I guess, but fingerprint biometric will, like all systems, not solve all problems.

    • And I have essentially lost my fingerprints (after a bout of dengue fever a few years ago, this causes skin shedding). Though now I can see just about see them on careful examination they hardly come out on fingerprint scanners. It caused some problems when visiting a country where they fingerprint you on arrival.

  • Still waiting (Score:3)

    by sir-gold ( 949031 ) on Thursday April 20, 2017 @03:06PM (#54271767)

    I'm still waiting for the version of the mastercard that includes a holographic AI assistant, that we were promised in the early 90s

  • One day they'll discover the folly.... (Score:3)

    by Bugler412 ( 2610815 ) on Thursday April 20, 2017 @03:19PM (#54271847)
    One day they'll discover the folly of using biometrics for authentication or authorization, but then it will be too late. Let's all tie everything to a password that we can never change right? Great idea! Sigh

  • When will fingerprints die? All fingerprint technology can't check if a human finger is actually what is being read.

    Too many designers watching James Bond films . . .

  • I've always wondered why they don't use some form of cryptography to authenticate the card. Skimming seems to be more prevalent than someone physically having a card, though perhaps theft is more common in South Africa.

    • They do in countries with modern payment systems.

      It's called "EMV" or "Chip+Pin".
      There's also "paypass" and "paywave" - aka NFC.

      I can't swipe my card in a local terminal even if I wanted to. There is data in the magstrip that says the terminal must use the chip if it can. There are no terminals that can't in NZ anymore.

  • Fingers (Score:3)

    by nnet ( 20306 ) on Thursday April 20, 2017 @03:40PM (#54271971) Journal
    In unrelated news, Lloyd's Of London sees spike in finger insurance.
  • Touch-activated sphincter rod sensor is much more secure and this is what they should go with for biometric authentication.
  • Okay, it's amazing how many "mickey's" the public has been swallowing in the name of "security" be it national or individual. This is basically a way of fingerprinting everyone in a private database. We all know of ways this can be bypassed (you can lift finger prints from anything someone has touched (doorknob, glass, whatever), so the only one who benefits are private corporations who want to sell that data, and governments who want to obtain it by buying it. We are treating the public as criminals by def

