Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database
from the are-you-sure-you've-thought-this-through? dept
As part of President Obama’s BuySecure initiative, US merchants and the public are being encouraged to adopt the Chip and PIN technology for credit, debit, and other payment cards. As the announcement in October last year noted, these Chip and PIN cards have been used for some years in other parts of the world, notably Europe and Canada. For all the technology’s vaunted security, there are inevitably still weaknesses that can be exploited, as with any system. That was true five years ago, and it’s still true now, as shown by this story on the BBC Web site about one company’s idea for reducing Chip and PIN fraud:
One of the biggest payments processing companies has revealed it is developing a chip-and-pin terminal that includes facial recognition technology.
Worldpay’s prototype automatically takes a photo of a shop customer’s face the first time they use it and then references the image to verify their identity on subsequent transactions.
The company admits that the system is unlikely to be perfect:
Worldpay is not suggesting that shoppers be blocked from making payments if its computer system failed to make a match.
Rather, it suggests that tills would display an “authorisation needed” alert, prompting shop staff to request an additional ID, such as a driving licence.
It’s only an experimental idea at present, but Worldpay says it could roll it out to the 400,000 retailers that use its system within five years if there’s sufficient interest. That would obviously create rather a large collection of facial biometrics, which raises questions of how they would be stored. But don’t worry, Worldpay has got that sorted:
The firm says it would store the captured images in a “secure” central database.
Well, that shouldn’t be a problem, then — provided you remember to change your face when that database gets broken into?.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: chip and pin, credit cards, facial recognition, payments, privacy
Companies: worldpay
Comments on “Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database”
Forget broken into, that’s stuff the Gov’t would love to get their hands on…
... and what exactly is a problem?
Sorry, but I just can’t see a problem here. My photo and name is not a secret. You don’t even need “secured database” for this.
Credit card info _is_ a secret, and breaking into _this_ database is a crime very similar to bank robbery.
Now, let’s say someone does break into and steal those “biometrics”. You can’t wear someone else face in “mission impossible” style, and “technology” for stealing money more directly already exists: it’s called gun/knife.
Re: ... and what exactly is a problem?
Uhh, yes you can, and with current technologies, to boot.
Compromising this database give you core personal access to data that neither the government nor criminals should have access to. EVER.
Re: ... and what exactly is a problem?
You also can’t revoke or reissue your biometrics if your data is compromised. You think it’s bad now when your credit card information is compromised, wait until it’s your face…
“”technology” for stealing money more directly already exists: it’s called gun/knife.”
Yeah, and if people are going to be trying to compromise my bank account, I’d rather they did it from card data they skimmed than needing me to have my face in front of them.
Re: Re: ... and what exactly is a problem?
BigGiveAShitCorp: Were sorry, your info has been compromised. You might want to consider a face transplant.
Re: ... and what exactly is a problem?
No, but someone with access to the database can change the photograph used to identify the card holder.
Re: ... and what exactly is a problem?
“Sorry, but I just can’t see a problem here.”
The problem is that the images are being put into a database, which when combined with the other databases increases the ease and comprehensiveness of corporate and governmental surveillance.
Cash is king
So this database will be full of pictures of me taking out money at the ATM.
What I spend it on…..
Re: Cash is king...for now
Decades ago, Analog published a short story where the protagonist was dealing with societal issues associated with using cash. The premise seemed ridiculous, back then. After all, who would assume that, just because you possess something that can be misused that you are going to do so. After all, that’s as ridiculous as assuming that, just because you use BitTorrent to download fresh OS ISOs that you must also be using it to pirate music or software. Alternately, you could be judged to be planning to make illegal copies of something because you’re buying a pack of blank DVD’s.
The main hangup I had with the short story was that the premise seemed ridiculous. It doesn’t seem so today. I can see a campaign to throw suspicion on individuals that use cash for transactions. Cash can be exchanged anonymously, so anyone that uses cash must ‘obviously’ have something to hide. I fear that is just around the corner, as an effort to make our movements easier to track by the cards we use.
Re: Re: Cash is king...for now
We already turned that corner … it’s called civil forfeiture.
Re: Cash is king
“this database will be full of pictures of me taking out money at the ATM.”
That database already exists, since ATMs take your picture regardless of the card tech (or if you’re even using the ATM).
Re: Re: Cash is king
…That database already exists, since ATMs take your picture regardless of the card tech (or if you’re even using the ATM)…
While true, is that imagery being sent off elsewhere? That is the issue. Many ATMs’ imagery is stored locally, whether it’s in the ATM itself or in the building the ATM is in. When there’s an inquiry the imagery can be copied or transmitted elsewhere. Not all ATM video systems have off-site archiving, and I have seen ATMs that don’t have built-in cameras (a chain c-store in my area several years ago took over the ATMs in their stores when their bank contracts expired; none of the ATMs involved had any cameras in them, and still don’t today).
Re: Re: Cash is king
He was making a wry comment that if POS devices start taking photos when doing Card Transactions, he’ll stop using Credit/Debit Cards at POS devices and only at ATMs to withdrawal cash. As such, the only images would be him withdrawing his cash, not him spending it.
That would be the chip-pin-finger-retinal-face print db?
Re: Re:
No… that would be the chip-pin-finger-retinal-face-foot-ear-genetic print db…
“Worldpay’s prototype automatically takes a photo of a shop customer’s face the first time they use it and then references the image to verify their identity on subsequent transactions.”
If this is as reliable as Cisco’s similar system for sitting their exams, it’s got a long way to go. Every damn time, I have to spend 20 minutes with the exam centre verifying things because my photo & signature weren’t captured properly the first time and the exam can’t be authorised until it’s recognised me… Although i haven’t sat one in the last 2 years so maybe it’s improved, who knows.
Why not just ask for that in the first place? Unless the idea is to do away with people, at which point I’d ask if such a system really is that more inexpensive.
There’s going to be a fantastic irony set when these chip and pin systems see a spike in “Anonymous/V for Vendetta” face mask purchases.
Re: Re:
And it isn’t even remotely secure. Unless they are very sophisticated a picture of the owner face would be enough to fool the system.
Biometrics can be awesome but it’s an issue when it’s breached because you can’t change them. The idea of using biometrics as a multi-factor authentication is nice but it shouldn’t be the only set of keys needed to enter.
Re: Re: What you have vs What you know
It’s been a good while so I can’t remember who said it, but someone basically noted a while back that biometrics are great as the equivalent of a user name, but they should never be used as passwords.
Re: Re: Re: What you have vs What you know
Indeed!
Given the typical accuracy of facial recognition systems, I’d give it about a week before 90% of merchants are either ignoring it or demanding extra ID for all transactions.
As a card carrying member ...
… of the Church of Elvis, all of our pastors (and lay impersonators) are all eligible to access the Church’s one bank account through this new system. Feel the love!
IN europe chip and pin means you put the card into a
card reader , and type in your pin no,
if someone steals your card or clones it.
Its of no use to them, as only you know the pin no.
Face-Off coming to a retailer/theater near you ..sooo which mask/face do you want Nic Cage’s or Johnny Travolta…
and I find it funny Worldplay … gives a ton of WordPlay to say it kinda works ..but we’ll still need your ID, which makes it pointless unless they are just gathering data for the agencies of the 3 letter variety.
My friend doesn’t use his credit card much. A while back he was going on about how much more secure the cards with a chip in them were than a normal credit card. He was telling everyone how he was going to contact his credit card company to get a new card with a chip in it. Of course when I finally saw his card, it was already chipped, he just didn’t realize it.
I tried to point out to him that if someone obtained his card number and the verification number on the back, the chip would do absolutely nothing to prevent them from using it online or placing orders with a mail-order company over the phone. He still insisted that having the chip somehow magically endowed the card with extra protection against such things.
Re: Re:
Chips for Dips?
They had better not sell pictures of my face because I own the copyright and I’ll throw a huge fit wasting loads of cash on lawyers.
Re: Re:
Is that you, Donald Trump?
Some people love technology, some of them dont know the concept of “building technology that can easilly fringe upon peoples right”
Hey, can i take a picture?
No!
Take the picture anyway
Its not the action, its that you ignored the no
Those that ignore, deserve the things they do to others, ignore their rights as they ignore the rights of others, within reason, an eye for an eye, an eye for an ear, but not an eye for a life, unless its a life for a life
Maybe they should look into improving chip and pin security, that….i dont know,….does’nt have the side affect of being a potential rights violator in the public sphere, lord knows with already got that in abundance, wether we like it or not