Biometric payment drawbacks
Posted by Trey Reeme on November 6th, 2007
Two and a half years ago, I wrote about Piggly Wiggly’s biometric payment pads.
Novel idea, but not a particularly great one.
Today CU Times wrote about Shell gas stations in Chicago piloting biometric payments. Now before we get all “wave of the future” about this, let’s consider a few reasons why this isn’t that cool.
As this Tech Digest post points out,
- You’ll have to link your fingerprint to a credit card or bank account first.
- How much time does it really save? Swiping a card just can’t take that much longer than a fingerprint scan. In fact, I’d bet it’ll slow things down.
- The Mission:Impossible-ish scanner would be just one more thing I’d have to touch before squirting some Purell on my hands as soon as I got back in my car. Thus, contactless = more sanitary, right?
I don’t know what tomorrow’s wallet will look like, but I doubt it resembles my index finger.
Here, here! I make it a point to minimize my contact with gas station surfaces. And what about in the winter when you’ll have to remove your glove so that you can press your finger against a frozen scanner? No fun.
Why not have everyone carry around a blood sample and then can drop some in for a DNA Test.
Designed by idiots to be run by geniuses. Such is the future when companies are run by their IT departments.
I guess I’m not as worried about touching “dirty” things at the gas station, but I think this idea is wonderful. We’re already seeing fingerprint scanners being tied to computer security and unlocking/starting cars, why not the payments industry? I’m already tired of lugging around cash everywhere, but now all of these plastic cards are becoming annoying as well.
I say scan on, fingerprint readers, scan on.
I’m with Mike on this one. So very few retail folks are willing to verify that “I am who I say I am.”
I’ll stock up on the hand sanitizer and deal with it. Bring it!
@Mike – Great points. Also, your blog rocks. Adding it to our sidebar links.
running my fingers over piggly wiggly doesn’t sound like that kind of thing usually discussed on this site. did I click on the wrong link?
My thumb is something I’m very rarely without… Sounds “convenient” to me!
I don’t know if anyone saw the major improvements that were announced to DAS (Draw-A-Secret) last week. It could be as fast as signing a credit card receipt – with an added benefit of biometrics.
In case anybody wants to read… http://arstechnica.com/news.ars/post/20071103-graffiti-as-password-secure-and-memorable.html
I am all goosebumpy.
I so very much do not like the idea of thumbprints attached to my financial accounts or as proof of identity.
Maybe it is growing up in some pretty foul neighborhoods, but I cant shake the idea of muggers carrying a pair of loppers or tin snips in their pockets.
I am much more likely to give up my wallet than a thumb.
Yikes.
Oh, one last thought. You think identity theft is bad now, not too long ago Mythbusters defeated biometric locks with a photocopy of a fingerprint and a little spit.
If the database of fingerprints is compromised, or your fingerprint lifted from your desk or bottle of water, scanned and photoshopped a little – you could be in some trouble.
I saw that episode of MythBusters. I heart that show.
In order for any type biometric authentication to be a success, it seems to me that there are three factors. It has to
1) Make the process faster 2) Make the process more secure 3) Not put me at risk of losing a body part
I’m not quite as worried about germs, I’ll stock up on hand sanitizer. When was the last time you touch a stylus to sign a touch pad that fifty other people touched? Not to mention how many people have probably touched the gas pump.
For the thumb print scanner, refer to any of several posts above and point 3. To be fair, I would settle for faster, as long as it didn’t make it less secure, or more secure as long as it didn’t take longer – but at no point would I be willing to compromise on my personal security (I prefer to have my thumbs in MY pockets). The challenge is going to be balancing speed with security – the two rarely go hand in hand.
We use biometric authentication at work for network credentials as well as on our home banking site. Since being involved with biometrics I’ve come to the personal conclusion that, so far anyways, I don’t think biometric authentication is good all on its own. I think it needs to be a supplement to another type of authentication (and that helps people not want to cut of my body parts for starters). In other words, I think it works really well in a multi-factor authentication environment, but not so well as a primary means of authentication.
Since I really don’t want to loose an appendage to a pair of tin snips, I hope someone comes up with a biometric authentication that uses something I DO uniquely instead of something I HAVE that is unique. Things that people have can be stolen (or removed from their person) a lot easier than something they do (a reason I am intrigued by methods like Draw-A-Secret – very BioPassword like, but could be implemented on a much wider scale).
@Tony – Thumbs are overrated.
Seriously though, you guys bring up some good points that I had not considered – hopefully technology will find a way for us to have that balance that Jeff Owen so eloquently speaks about.
Doesn’t matter how the marketers serve this up to consumers, really it’s about losses.
CUNA Mutual has been on a two-year kick about plastic card fraud. Anybody who loses big money on fraud (banks, CUs, CU insurer …) is going to be pushing this or anything else that moves consumers away from hackable plastic.