Are Fingerprints a Secure Way to Pay?

18 8 Loading

SH 114_#1 BIG

You may have heard Google wants to absorb your wallet into your smartphone. But these days, slimmer is better. So how about making the wallet disappear altogether? Paytouch wants to link credit cards to fingerprints (your index and middle fingerprints, to be exact). What’s the advantage of a fingerprint payment system? No more carrying around cards. No more losing cards. No more worrying about identity theft. Fingerprints are unique and therefore secure (maybe). The world is your oyster, and your oyster alone.

Sounds lovely. But a few (mostly worried) thoughts come instantly to mind. First, our fingerprints are unique whether or not they’re attached to our hand. That sounds like a dangerous incentive to chop off a few fingers, no?

Apparently, people worry about this one a lot. So much so, that Paytouch’s FAQ helpfully notes their scanners use a “very low electric shock…to detect pulse and finger ridges.” Fingers with no pulse will get you nowhere. (And no sales clerk is going to allow you to place a pair of disembodied fingers on the scanner.)

But here’s something else: Take a moment to google “how to fake fingerprints.” What do you know? Unsurprisingly, there are numerous “how-to’s” out there (YouTube, WikiHow, eHow, etc.). All you need is a good copy. And as any lover of detective stories knows, we tend to leave copies of our prints everywhere.

A prospective thief need not steal your card, or learn your social security number, or break into your house—he only has to follow you around for a day. Or maybe some enterprising thieves will go “phishing” for prints by selling folks items and yanking their print profile from the scanner.

SH 114_#2Once our future-thief has a good print image, a fake fingerprint will soon follow. Sure, the scanner detects a heartbeat, but ultra-thin material should allow enough of a pulse to fool the machine. Or if the scanner doesn’t like the artificial fingerprint material because it doesn’t conduct electricity like human skin—soon enough, we’ll be 3D printing tissues and real fingerprints to order.

According to MythBusters, there’s no need to wait. The show reportedly fooled a scanner that detects prints, body temperature, pulse, and skin conductance with a 3D-imprinted latex strip, 3D-imprinted ballistics gel, and even a photocopy of a scanned print!

The final worry: You’re in trouble if/when your prints are stolen. We can easily replace a card…but a fingerprint? Once compromised, there’s no substituting it with a new copy.

Maybe the point isn’t perfect security, but good enough security. That is, security that slows down or demotivates theft. And in this case, two fingers are better than one. Likely, in the future it’ll be a continuous back-and-forth between security makers and security breakers. And the best last line of defense will be common sense and attention to your accounts, just as it is today.

Image Credit: William Clifford/Flickr (featured, banner), Stefano Mortellaro/Flickr (body)

Discussion — 8 Responses

  • Robert Schreib May 26, 2013 on 5:11 pm

    There was a horrible scene in that Stallone movie “Demolition Man”, where the villain takes out his prison warden’s eyeball, to use on the prison door ID sensor to escape. The best option to prevent ID stealing is just to make all of your passwords as long and varied in numbers and letters as you can, an option all of the banks, etc. will have to embrace in our near future.

  • singvisitor June 10, 2013 on 2:39 am

    Yeah, it’s a real fear from too many movies. What about adding a secondary type of security to it, like requiring a pin number or scan a RFID / NFC (on a keychain or phone)? I can see more people using it. So then a would be thief would have to find and take prints, fake body temperature, fake a pulse, fake skin conductance and know their pin (or unique RFID). I would worry about germs :( if the machinery wasn’t disinfected. It would be nice to have them succeed either way.