Pointing the finger
Wednesday, 21 November 2007
I’ve just seen on the news today about German supermarkets using biometric data like fingerprints to purchase goods. The claims of increased convenience and the ability to earn points by just using your finger. All sounds good to the average consumer but what would happen if this method was used instead of debit/credit cards?
In the example I saw a women purchase goods by simply placing her finger on the fingerprint scanner, there was no form of identity confirmation and no second factor of authentication. Obtaining a fingerprint isn’t difficult and all it takes is for a bad guy to wait in a cafe until you’ve finished with your glass. Once biometric data has been obtained it’s game over, you can’t alter your fingerprints, unless you want to burn them off.
People could even start to collect fingerprint data and post it on the internet, committing theft could be as simple as downloading a graphic and walking into a shop with your finger and a bit of putty.
There’s also the problem of privacy and you may earn points from using your finger but the supermarkets can then collect your purchases and match them to your biometric data. So you’ve got a unique form of customer identification that cannot be modified and is stored for a lifetime, sounds like a marketeers dream and the worse nightmare for anyone concerned with privacy.
Storing this data is also a huge security risk, millions of people’s biometric data is at risk and you can only lose it once. The UK has recently experienced a huge data loss of public data, I think we should get the basics right first before we consider biometrics.
No. 1 — November 21st, 2007 at 3:20 pm
true, but then they can link the finger data with a picture so when they scan they also see a visual representation who you are. i am not saying that it is not possible to disguise yourself, but it becomes significantly more difficult. in fact, apart from the privacy issues, this method is less prone to misuse then credit cards! 🙂
No. 2 — November 21st, 2007 at 4:37 pm
“Storing this data is also a huge security risk, millions of people’s biometric data is at risk and you can only lose it once. ”
I think this point is wasted on a lot of people. It’s easy to re-issue a credit or debit card with a different #. Lets see someone try to replace my finger prints when they’re lost.
No. 3 — November 21st, 2007 at 7:20 pm
“Once biometric data has been obtained it’s game over, you can’t alter your fingerprints, unless you want to burn them off.”
You have ten fingers actually 🙂
No. 4 — November 21st, 2007 at 7:45 pm
Though if you get my used glass, you can get five of my fingerprints at once…
No. 5 — November 21st, 2007 at 10:18 pm
where the hell did you get that awful picture from!? Stick to the coding, Gaz!
No. 6 — November 21st, 2007 at 11:23 pm
@Jake
lol are you offering to pay to help with my stock library? 🙂 Mine consists of handshakes and wireframes 😀
No. 7 — May 8th, 2008 at 11:13 am
Yes, security of data would be a serious issue with a biometrics scheme.
Just think of all the cases of data leaks recently… (I am thinking DVLA info, and social security data being lost, etc)
One of the problems with any security system is that at some point, humans are involved! – People have laptops stolen… then it transpires they had sensitive data stored unencrypted etc…. and that is every before we get on the subject of hackers and crackers!
I think a serious amount of work will have to go into any plans around biometric use in credit cards!