Just to be clear, consumers are saying what they would like to see, would be willing to use, and believe would be more secure rather than whether it would actually be more convenient, secure and reliable?
You really do want to use biometrics for payments, beam banks
Two in three European consumers actively want to use biometric technology when making payments, according to a new Visa-sponsored survey. Nearly three in four (73 per cent) see two-factor authentication – where a form of biometrics is used in conjunction with a payment device – as a secure payment authentication method. More …
COMMENTS
-
-
Thursday 14th July 2016 20:34 GMT Anonymous Coward
They say they want to use what they know about
They are saying they want to use what they've been hearing about for the last 2-3 years.
While fingerprints are not perfectly secure and really should be used as a username rather than a password, is the security of fingerprints really a concern? If your phone is lost or stolen, a third party still need to go through a lot of work to fake your fingerprint and hope it is done before you remotely deactivate it via Find My iPhone or similar. It isn't worth it for a thief to steal your phone on the basis of hoping to fake your fingerprint and use Apple Pay or Android Pay to buy stuff. Still a much better deal to steal your wallet, at least there's usually cash in there, and in the US credit cards that are authorized with a signature that is not checked.
-
-
-
-
Thursday 14th July 2016 14:39 GMT Anonymous Coward
@scott
"Exactly. It's been said before and I'll say it again - you can change your password, but you can't change your finger prints!"
Which is just the problem here: I can't change the PIN code on my bank or credit card. Theoretically I can do it for my credit card, but only once per usage period (roughly 3 years) and it also means you won't be able to use your card for a while. Obviously these things differ per bank, but there are already several which opt to using the same PIN code.
Conspiracy or not but I sometimes think that this stuff has been well prepared and orchestrated. Just so we're clear here: I also oppose this whole biometric stuff with a passion.
-
-
Thursday 14th July 2016 13:18 GMT Cynical Observer
Oy Vey!
Two-thirds (68 per cent of those quizzed) want to use biometric authentication methods to pay for things,
LMFTFY
Two-thirds (68 per cent of those quizzed) are blithely willing to allow biometric data - or some hash thereof -to be stored in a database that may or may not be accessed by person or persons unknown.
Any such persons may or may not be acting within the auspices of the legal system.
What could possibly go wrong?
-
Friday 15th July 2016 10:59 GMT paulf
Re: Oy Vey!
Let me suggest an alternative fix:
"Two-thirds (68 per cent of those quizzed) answered the carefully crafted survey questions and gave the response required by the person paying for the survey".
Sorry for the massive cut and paste but Sir Humphrey's example is much more eloquent than mine:
Sir Humphrey: "You know what happens: nice young lady comes up to you. Obviously you want to create a good impression, you don't want to look a fool, do you? So she starts asking you some questions: Mr. Woolley, are you worried about the number of young people without jobs?"
Bernard Woolley: "Yes"
Sir Humphrey: "Are you worried about the rise in crime among teenagers?"
Bernard Woolley: "Yes"
Sir Humphrey: "Do you think there is a lack of discipline in our Comprehensive schools?"
Bernard Woolley: "Yes"
Sir Humphrey: "Do you think young people welcome some authority and leadership in their lives?"
Bernard Woolley: "Yes"
Sir Humphrey: "Do you think they respond to a challenge?"
Bernard Woolley: "Yes"
Sir Humphrey: "Would you be in favour of reintroducing National Service?"
Bernard Woolley: "Oh...well, I suppose I might be."
Sir Humphrey: "Yes or no?"
Bernard Woolley: "Yes"
Sir Humphrey: "Of course you would, Bernard. After all you told you can't say no to that. So they don't mention the first five questions and they publish the last one."
Bernard Woolley: "Is that really what they do?"
Sir Humphrey: "Well, not the reputable ones no, but there aren't many of those. So alternatively the young lady can get the opposite result."
Bernard Woolley: "How?"
Sir Humphrey: "Mr. Woolley, are you worried about the danger of war?"
Bernard Woolley: "Yes"
Sir Humphrey: "Are you worried about the growth of armaments?"
Bernard Woolley: "Yes"
Sir Humphrey: "Do you think there is a danger in giving young people guns and teaching them how to kill?"
Bernard Woolley: "Yes"
Sir Humphrey: "Do you think it is wrong to force people to take up arms against their will?"
Bernard Woolley: "Yes"
Sir Humphrey: "Would you oppose the reintroduction of National Service?"
Bernard Woolley: "Yes"
Sir Humphrey: "There you are, you see Bernard. The perfect balanced sample."
-
Friday 15th July 2016 12:52 GMT Anonymous Coward
Re: Oy Vey!
I'm always deeply suspicious of surveys that don't publish sample sizes or methodology of data collection
A 68% figure could be obtained by asking 17 people who want to sell biometric sensors and 8 people in a shopping centre who think biometric is a washing powder
"Would you use Biometrics ? - Yes, Funny you should ask, we've developed this nifty little gadget that scans the pores on your nose at a thousand paces, it's really good"
"Would you use Biometrics ? - No I'll stick to my usual brand please"
Not suggesting this is what actually happened, just a little light relief, but when assessing claims like this it would be useful to know the sample size & methodology
I've seen too many Government surveys that look like they were collected by a man with a clipboard standing in the "Aye" corridor of the House of Commons querying the "random passers by" about some issue
-
-
Thursday 14th July 2016 13:26 GMT Anonymous Coward
new Visa-sponsored survey
so, let me guess, what result would make the sponsors happy... correct!
and think of all the governments, democratic and even more democratic ones. Wouldn't it be wonderful if somebody else designed, implemented and paid for a system accessible to the government, to hold all fingerprints of an adult (and more) population? ID cards are so outdated! Combine fingerprints with iris (FBI, hello), and DNA sampling (anyone?) and you have a perfect control over who does what with whom and how. Now, if I only I come up with a flash-based presentation (powerpoint is like SO outdated!) to show it to the right people in the right offices! Gravy-train ahoy...
-
-
Thursday 14th July 2016 17:10 GMT Charles 9
Well, think of it this way. Too many people have bad enough memories that they can't remember PINs or passwords, even if their lives depended on it. Plus they tend to LOSE things. What do you do when you can't KNOW anything and sometimes don't HAVE anything?
PS. If you read the article thoroughly, it seems they only want the biometric to be part of a multi-pronged approach, which might help to mitigate the stolen biometric bit.
PPS. As for changing fingerprints, what about acid etching?
-
-
Thursday 14th July 2016 20:35 GMT Charles 9
You don't have to stop them altogether. Just alter them enough so they change into one the system doesn't recognize since fingerprints are epigenetic. Alter them too much and it's like busting an error code: something else comes out instead. People who receive finger lacerations seem to experience this. Perhaps medical science can find a way that isn't so painful.
-
Saturday 16th July 2016 12:09 GMT Anonymous Coward
So for the convenience of Visa & so that the makers of biometric sensors can make a profit we can undergo unnecessary & possibly painful surgery to change our access key for their system when it gets compromised
Or we can remember a password that we can change by thinking of a new one
Tough choice
-
Sunday 24th July 2016 16:19 GMT Charles 9
"Or we can remember a password that we can change by thinking of a new one"
Yes, tough choice, because many people CAN'T remember passwords. Hell, many people can't remember PINs? Why do you think reset exploits are so good? Because people forget them all too easily.
How do you authenticate someone with nothing to KNOW or HAVE?
-
-
-
-
-
Thursday 14th July 2016 18:21 GMT Chris G
Profile
The use of biometrics for all financial aspects of your life will give not only the commercial providers of the services unparalleled access to your spending and other behavioural patterns but also governments who typically have relatively open access to financial records for tax and many other reasons.
Profilling you will be easy, I can see where even payments online could need fingerprint verification as so many devices have readers now.
Fuck'em is all I can say!
I keep some money in the bank, then take it out as I need it and pay cash for most things. Thank god I don't live in California, when I lived there before, many gas stations had no means to process cash only credit cards.
-
Thursday 14th July 2016 19:12 GMT Anonymous Coward
Dear Customer,
Would you like to use biometric data to secure your account? it's almost 100% infallible.
Customer: Yes, Where do I sign up?
Dear Customer,
Would you like to use biometric data to secure your account? If truth be told there have many different cases where it has not been 100% infallible and we can't guarantee we won't sell this biometric data onto other companies.
Customer: Not a chance.
All depends on how you ask the question really. An informed person would say no.
-
-
Thursday 14th July 2016 20:31 GMT Mike 16
Cashless
----
if I want to buy political book a from book shop b and not be put into category c, I can.
----
So, you must live somewhere without ubiquitous CCTV. Not a Brit or Mercan then?
Also, "for the prevention of counterfeiting", I expect all stores to soon be required to scan bills for "enhanced" serial numbers, and "check them" on line against a registry. Of course, ATMs will also note the numbers on any bills they issue. A bit less far into the future, NFC tags in the book cover.
All "science fiction" now, but how long ago would you be considered barking mad to suggest that millions of people would be wandering around parks and graveyards at night, hunting Pokemon?
-
-
Friday 15th July 2016 07:43 GMT Invidious Aardvark
“Unlike a PIN which is entered either correctly or incorrectly, biometrics are not a binary measurement but are based on the probability of a match."
Am I the only person somewhat disturbed by the fact that he appears to be advocating a form of 'authorisation' that boils down to "you sort of, maybe, could be be almost right-ish" rather than "Yes, that is the correct answer to the question I asked"?
I'm really not sure that talking up an authorisation method as being good because it isn't binary is a good idea. Authorisation should be certain, not fuzzy, otherwise it's a bit like having a PIN and the system saying "Well you got 5 of the 6 numbers correct so go on then, take some money!".
-
Friday 15th July 2016 12:40 GMT not.known@this.address
I really cannot see a problem with this*
I say full speed ahead because they promised Chip'n'PIN would stamp out any form of card crime and look at the success that has been...
I mean, Chip'n'PIN must be a perfect solution otherwise they would be trying to foist some other dumbass idea on us...
*for a given value of "see"
-
-
Saturday 16th July 2016 04:01 GMT Charles 9
Re: Biometrics ruins cybersecurity
So what happens when you have a terrible memory and keep forgetting your phone?
It may be inconvenient for YOU, but for many people biometrics is the ONLY thing guaranteed to be on their person. You can't rely on what they KNOW (for they may not have a good enough memory to KNOW anything) OR what they HAVE (for they may not have anything on their person), so what choice do you have?
-