Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database
from the are-you-sure-you've-thought-this-through? dept
As part of President Obama's BuySecure initiative, US merchants and the public are being encouraged to adopt the Chip and PIN technology for credit, debit, and other payment cards. As the announcement in October last year noted, these Chip and PIN cards have been used for some years in other parts of the world, notably Europe and Canada. For all the technology's vaunted security, there are inevitably still weaknesses that can be exploited, as with any system. That was true five years ago, and it's still true now, as shown by this story on the BBC Web site about one company's idea for reducing Chip and PIN fraud:
One of the biggest payments processing companies has revealed it is developing a chip-and-pin terminal that includes facial recognition technology.
The company admits that the system is unlikely to be perfect:
Worldpay's prototype automatically takes a photo of a shop customer's face the first time they use it and then references the image to verify their identity on subsequent transactions.Worldpay is not suggesting that shoppers be blocked from making payments if its computer system failed to make a match.
It's only an experimental idea at present, but Worldpay says it could roll it out to the 400,000 retailers that use its system within five years if there's sufficient interest. That would obviously create rather a large collection of facial biometrics, which raises questions of how they would be stored. But don't worry, Worldpay has got that sorted:
Rather, it suggests that tills would display an "authorisation needed" alert, prompting shop staff to request an additional ID, such as a driving licence.The firm says it would store the captured images in a "secure" central database.
Well, that shouldn't be a problem, then -- provided you remember to change your face when that database gets broken into….
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: chip and pin, credit cards, facial recognition, payments, privacy
Companies: worldpay
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
... and what exactly is a problem?
Credit card info _is_ a secret, and breaking into _this_ database is a crime very similar to bank robbery.
Now, let's say someone does break into and steal those "biometrics". You can't wear someone else face in "mission impossible" style, and "technology" for stealing money more directly already exists: it's called gun/knife.
[ link to this | view in chronology ]
Re: ... and what exactly is a problem?
Compromising this database give you core personal access to data that neither the government nor criminals should have access to. EVER.
[ link to this | view in chronology ]
Re: ... and what exactly is a problem?
""technology" for stealing money more directly already exists: it's called gun/knife."
Yeah, and if people are going to be trying to compromise my bank account, I'd rather they did it from card data they skimmed than needing me to have my face in front of them.
[ link to this | view in chronology ]
Re: Re: ... and what exactly is a problem?
[ link to this | view in chronology ]
Re: ... and what exactly is a problem?
No, but someone with access to the database can change the photograph used to identify the card holder.
[ link to this | view in chronology ]
Re: ... and what exactly is a problem?
The problem is that the images are being put into a database, which when combined with the other databases increases the ease and comprehensiveness of corporate and governmental surveillance.
[ link to this | view in chronology ]
Cash is king
What I spend it on.....
[ link to this | view in chronology ]
Re: Cash is king...for now
The main hangup I had with the short story was that the premise seemed ridiculous. It doesn't seem so today. I can see a campaign to throw suspicion on individuals that use cash for transactions. Cash can be exchanged anonymously, so anyone that uses cash must 'obviously' have something to hide. I fear that is just around the corner, as an effort to make our movements easier to track by the cards we use.
[ link to this | view in chronology ]
Re: Re: Cash is king...for now
[ link to this | view in chronology ]
Re: Cash is king
That database already exists, since ATMs take your picture regardless of the card tech (or if you're even using the ATM).
[ link to this | view in chronology ]
Re: Re: Cash is king
While true, is that imagery being sent off elsewhere? That is the issue. Many ATMs' imagery is stored locally, whether it's in the ATM itself or in the building the ATM is in. When there's an inquiry the imagery can be copied or transmitted elsewhere. Not all ATM video systems have off-site archiving, and I have seen ATMs that don't have built-in cameras (a chain c-store in my area several years ago took over the ATMs in their stores when their bank contracts expired; none of the ATMs involved had any cameras in them, and still don't today).
[ link to this | view in chronology ]
Re: Re: Cash is king
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
If this is as reliable as Cisco's similar system for sitting their exams, it's got a long way to go. Every damn time, I have to spend 20 minutes with the exam centre verifying things because my photo & signature weren't captured properly the first time and the exam can't be authorised until it's recognised me... Although i haven't sat one in the last 2 years so maybe it's improved, who knows.
[ link to this | view in chronology ]
Why not just ask for that in the first place? Unless the idea is to do away with people, at which point I'd ask if such a system really is that more inexpensive.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Biometrics can be awesome but it's an issue when it's breached because you can't change them. The idea of using biometrics as a multi-factor authentication is nice but it shouldn't be the only set of keys needed to enter.
[ link to this | view in chronology ]
What you have vs What you know
[ link to this | view in chronology ]
Re: What you have vs What you know
[ link to this | view in chronology ]
[ link to this | view in chronology ]
As a card carrying member ...
[ link to this | view in chronology ]
card reader , and type in your pin no,
if someone steals your card or clones it.
Its of no use to them, as only you know the pin no.
[ link to this | view in chronology ]
and I find it funny Worldplay ... gives a ton of WordPlay to say it kinda works ..but we'll still need your ID, which makes it pointless unless they are just gathering data for the agencies of the 3 letter variety.
[ link to this | view in chronology ]
I tried to point out to him that if someone obtained his card number and the verification number on the back, the chip would do absolutely nothing to prevent them from using it online or placing orders with a mail-order company over the phone. He still insisted that having the chip somehow magically endowed the card with extra protection against such things.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Hey, can i take a picture?
No!
Take the picture anyway
Its not the action, its that you ignored the no
Those that ignore, deserve the things they do to others, ignore their rights as they ignore the rights of others, within reason, an eye for an eye, an eye for an ear, but not an eye for a life, unless its a life for a life
[ link to this | view in chronology ]
[ link to this | view in chronology ]