Replacing plastic card with fingerprints could it work?

[Grimlock]

Most adult today got what three maybe four different cards ViSA card your Health insurance card and so forth and so forth.

But could it all be changed with just your thumb? Basically you would have your fingerprints taken when your born and when you come of age basically you would be able to do all the things you can with the different cards today, want to get some cash from your bank account or somethings else, just put your thumb on the scanner and type some code or what ever, and you get some cash or confirm your ID or check out some books from the library basically everything you do today with different cards one press of your thumb could do.

It would also help the police in the sense that if you find some fingerprints in a crime scene you can run it in the system and you,´ll be able to find the person that the fingerprints belong to in no time.

It would also be helpful to guys like me who keep losing their cards and have to spend fortunes on new ones.

So could it be done or is there just too many inconveniences with such a system?

 

[borrofburi]

No.
http://www.schneier.com/essay-019.html

I was actually trying to find a specific few that were particularly damning of basically every biometric security device out there, including fingerprints, but there's just so many that I gave up looking:
http://www.google.com/search?q=site%3Ahttp%3A%2F%2Fwww.schneier.com%2F+biometrics&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-USfficial&client=firefox-a

I particularly like: http://www.schneier.com/blog/archives/2010/03/nose_biometrics.html

 

[borrofburi]

No.

To clarify: Visa cards, Health Insurance Cards, cards in general, and most identification schemes are keys and require the characteristic of keys. Indeed so are signatures, but they're kinda the best solution we got to a bad security situation.

 

[CommonEnlightenment]

You might see more people walking around without thumbs.

:twisted:

 

[SimonSS]

Fingerprints are easy to forge. There's a mythbusters ep about it (if they can do it, anyone can...). Without actually reading it at all, I'm assuming the aritcle borrofburi linked says as much, and for more general biometrics.

Plus I'm not particularly comfortable with "Big Brother" having my fingerprints on file before I've even done anything wrong :-\ *dons tinfnoil hat*

I can see how biometrics might be useful in conjunction with a keycard. The new "chip" in credit cards is, as far as I know, very difficult to copy, and as a result certain outlets here in Australia, and I assume the rest of the world, allow small purchases without PIN or any other form of verification. The idea makes me twitch a little but so long as I have the original card I should be fine - so for larger purchases a biometric verification is probably not insecure.

 

[MRaverz]

Biometrics are awesome, but relatively new. My experience with such systems is irritating, even a slightly moist finger can result in you being denied.

Also, as SimonSS said - MythBusters have been able to fool these machines.

The future's bright, but it's not here just yet. ;D

 

[borrofburi]

I can see how biometrics might be useful in conjunction with a keycard. The new "chip" in credit cards is, as far as I know, very difficult to copy, and as a result certain outlets here in Australia, and I assume the rest of the world, allow small purchases without PIN or any other form of verification. The idea makes me twitch a little but so long as I have the original card I should be fine - so for larger purchases a biometric verification is probably not insecure.

Eek. So they removed one attack vector and concluded that it's now secure? That strikes me as silly, and without having seen any statistics, I doubt forging credit cards was a major source of credit fraud anyway. I mean, it seems far more easy to obtain the information required to forge the other guy's identity in order to get a credit card especially made for the other guy sent to you, than it is to forge an actual credit card (read: id theft is simpler than forging the credit card itself).

I don't know if we have new "chips" here, but they've been letting us do small purchases without signatures for a while. I'm not precisely sure what the reasoning behind that is.

 

[Nashy19]

Hell no, I don't know if it's easy to steal a finger print but it's easy to burn them off (yours and other peoples).

 

[SimonSS]

I can see how biometrics might be useful in conjunction with a keycard. The new "chip" in credit cards is, as far as I know, very difficult to copy, and as a result certain outlets here in Australia, and I assume the rest of the world, allow small purchases without PIN or any other form of verification. The idea makes me twitch a little but so long as I have the original card I should be fine - so for larger purchases a biometric verification is probably not insecure.

Eek. So they removed one attack vector and concluded that it's now secure? That strikes me as silly, and without having seen any statistics, I doubt forging credit cards was a major source of credit fraud anyway. I mean, it seems far more easy to obtain the information required to forge the other guy's identity in order to get a credit card especially made for the other guy sent to you, than it is to forge an actual credit card (read: id theft is simpler than forging the credit card itself).

We've had major problems in recent years with card fraud in the form of skimming (both credit and otherwise), Australia being targeted because our banks are quite liberal when it comes to daily withdrawal limits. However the schemes are a bit more elaborate than described in the wiki article, these days they gain access to actual, genuine EFTPOS terminals and modify them internally to capture card/PIN details, before reinstalling them in stores. Basically undetectable. ID theft probably goes on but definitely not to the same extent.

These new chips are supposedly uncopyable, at least for now, so that mitigates the problem somewhat. These "automatic" purchases can only be done if you use the chip instead of the magnetic stripe, but all cards still have the stripe for now, and not all store card readers have been updated yet.



I just had a thought about what I said though, using fingerprint scanning in conjunction with a card is probably redundant, because your fingerprints would be all over the card anyway! Steal card = steal fingerprints.

 

[MRaverz]

Just imagine, if you cut your thumb - you'd be unable to withdraw money for a day.

Or what if you lost your arms? You'd never access your money again. :shock:

 

[DeathofSpeech]

Hell no, I don't know if it's easy to steal a finger print but it's easy to burn them off (yours and other peoples).

I suspect it is.
I can think of too many ways to chemically mill an impression taken from a captured print.
I don't think it's a great idea for other reasons though.

I read a news story (and yes this is one of those "I read it somewhere" bits)
A soldier returned home with both arms amputated and his bank refused him access to his own bank account because he couldn't provide a thumb print.
The problem with having a tool, is that there will always be some idiot in the crowd that isn't intelligent enough to know the tool won't always work.
If you place people in positions that rely on human decision making ability, and then place policy over that person, they lose the ability to make human decisions.

It would be just too damned abuseable.
If the fundies manage to wrest control of the government... I want to be able to slip quietly through the cracks when they come to round the smart people up.

Then again... a little basal cell tissue... a little culture medium... a physical template and you could set up a nice business selling finger prints on the underground market.

 

[PatrickTheScienceGuy]

well they have used a fingerprint system in my old secondary school for a few years now and that works well.
But i wouldn't want to have my prints on a database that could be scrutinised if my prints were at a scene. but if the career path im looking at i may have to be put onto the European database, not as a criminal but there is a second database of people who work within crime scenes its sort of a "he had to be there that's why his prints are there" thing.

 

[scalyblue]

The biometric only gives you a particular access key..if your biometric, or its access key is stolen you only have 9 more tries before you're screwed, versus an infinite number of plastic cards.

 

[Daealis]

For a replacement to any form of card I'd go with the mark of the beast -approach, biochips. Biometrics are potentially all somewhat forgeable. To get rid of the plastics and in general of the mess wallets and passports bring, I'd suggest a chip and PIN-combo. Chips can be read and therefore faked like any physical device, and of course even when complemented with a PIN to back up, it's still possible to fake it, but until we get rid of the whole monetary system there really isn't a better way(imo). At least the biometrics I've seen so far are either unreliable or cumbersome to use.