Charlie's Diary

[ Site Index] [ Feedback ]

Fri, 21 Oct 2005

Speaking of authentication ...

Here's how the British clearing banks nearly collapsed during the 1990s due to ATM fraud.

(If you were wondering why the Chip and PIN system was rolled out -- at vast expense -- so abruptly, here's why, in a nutshell.)

Incidentally, if you think the moral of that story is that PINs are no good, you're wrong -- the real issues it exposes are that (a) banks are horribly exposed these days, and (b) any central database that is responsible for the transfer of money is a target for attacks on its authentication mechanism. (Moving to biometrics, in my view, merely creates a central authentication database full of authentication tokens that will attract criminals like a honeypot. And unlike a PIN, your bank can't issue you a new set of fingerprints or iris patterns if your biometrics are compromised.)

[link][Discuss criminal futures]

posted at: 12:57 | path: /sing | permanent link to this entry

More on Imaginary Crimes

I've been away for a week (and recovering from a flu bug before that). While I was away, Dave Edelman emailed me a couple of responses to the article on biometrics I posted on the 8th (right below this one). Dave works for BioPay (although he does not speak for them in an official capacity), so you can take his comments as representative of -- but not an official response from -- folks who work in the biometric authentication/payment business.

I normally run this blog as my own personal soapbox (or bully pulpit, if you want to be uncharitable) but I think Dave's comments deserve to be heard, so with his permission, I reproduce them here. I'll post my own thoughts on his responses later.

(Full disclosure also requires me to state that, when it comes to talking about the credit card clearing system, I was lead programmer at Datacash from approximately two weeks before the company was formed, leaving shortly after its' IPO. However, (a) I left some five years ago, and (b) the British credit card settlement system operates rather differently from the American one.)

Over to Dave:

A couple of quick responses. (And yes, I work for BioPay, but I don't speak for them in an official capacity.)

1 - While it's probably feasible to forge someone else's fingerprint, it's *extremely* easy to swipe someone's credit card number or print out fake checks in their name. Obviously.

2 - Finger scanning is just phase 1. As soon as other biometric technologies (iris, face, etc.) get quick and cheap enough to use at point-of-sale, we'll probably be moving on, or using a combination of biometric verification.

3 - You're right that the selling point for the merchant is that it's cheaper. WAY cheaper. Right now Visa screws small merchants by taking a 2% cut off every purchase. Banks do the same with debit. BP transactions cost as little as 10 cents. Unless you're Starbucks or Walmart and can negotiate low credit card transaction rates, the difference in transaction fee can literally make the difference between making a profit and losing money -- we're talking thousands of dollars every month. Just one more way the small merchant gets fucked out of business.

4 - Right now (and for the next few years, at least) all of the vendors using BP and PBT are selling small-ticket items. You can't buy a car or a Powerbook with biometrics. If someone goes through all the hassle of forging a fingerprint, all they'll get out of it right now is a few cups of coffee and a trip to the grocery store. If someone steals your checkbook, they could walk away with a Lexus.

5 - Biometric verification isn't perfect. But it's here today, you can use it, it's cheap. The fraud protection systems protecting checks and credit cards -- which are accepted everywhere -- are laughable.

So, there you have a first grab-bag of general objections to the anti-biometrics position. I'm probably not giving anything away if I say that Dave's comments haven't changed my position, but they demand a response, and I'll give it shortly.

(Meanwhile, go read Dave's book when it comes out.)

[Discuss criminal futures]

posted at: 12:34 | path: /sing | permanent link to this entry


Is SF About to Go Blind? -- Popular Science article by Greg Mone
Unwirer -- an experiment in weblog mediated collaborative fiction
Inside the MIT Media Lab -- what it's like to spend a a day wandering around the Media Lab
"Nothing like this will be built again" -- inside a nuclear reactor complex

Quick links:

RSS Feed (Moved!)

Who am I?

Contact me

Buy my books: (FAQ)

Missile Gap
Via Subterranean Press (US HC -- due Jan, 2007)

The Jennifer Morgue
Via Golden Gryphon (US HC -- due Nov, 2006)

Via (US HC -- due June 30, 2006)

The Clan Corporate
Via (US HC -- out now)

Via (US HC)
Via (US PB -- due June 27, 2006)
Via (UK HC)
Via (UK PB)
Free download

The Hidden Family
Via (US HC)
Via (US PB)

The Family Trade
Via (US HC)
Via (US PB)

Iron Sunrise
Via (US HC)
Via (US PB)
Via (UK HC)
Via (UK PB)

The Atrocity Archives
Via (Trade PB)
Via (Trade PB)
Via Golden Gryphon (HC)
Via (HC)
Via (HC)

Singularity Sky
Via (US HC)
Via (US PB)
Via (US ebook)
Via (UK HC)
Via (UK PB)


Some webby stuff I'm reading:

Engadget ]
Gizmodo ]
The Memory Hole ]
Boing!Boing! ]
Futurismic ]
Walter Jon Williams ]
Making Light (TNH) ]
Crooked Timber ]
Junius (Chris Bertram) ]
Baghdad Burning (Riverbend) ]
Bruce Sterling ]
Ian McDonald ]
Amygdala (Gary Farber) ]
Cyborg Democracy ]
Body and Soul (Jeanne d'Arc)  ]
Atrios ]
The Sideshow (Avedon Carol) ]
This Modern World (Tom Tomorrow) ]
Jesus's General ]
Mick Farren ]
Early days of a Better Nation (Ken MacLeod) ]
Respectful of Otters (Rivka) ]
Tangent Online ]
Grouse Today ]
Hacktivismo ]
Terra Nova ]
Whatever (John Scalzi) ]
Justine Larbalestier ]
Yankee Fog ]
The Law west of Ealing Broadway ]
Cough the Lot ]
The Yorkshire Ranter ]
Newshog ]
Kung Fu Monkey ]
S1ngularity ]
Pagan Prattle ]
Gwyneth Jones ]
Calpundit ]
Lenin's Tomb ]
Progressive Gold ]
Kathryn Cramer ]
Halfway down the Danube ]
Fistful of Euros ]
Orcinus ]
Shrillblog ]
Steve Gilliard ]
Frankenstein Journal (Chris Lawson) ]
The Panda's Thumb ]
Martin Wisse ]
Kuro5hin ]
Advogato ]
Talking Points Memo ]
The Register ]
Cryptome ]
Juan Cole: Informed comment ]
Global Guerillas (John Robb) ]
Shadow of the Hegemon (Demosthenes) ]
Simon Bisson's Journal ]
Max Sawicky's weblog ]
Guy Kewney's mobile campaign ]
Hitherby Dragons ]
Counterspin Central ]
MetaFilter ]
NTKnow ]
Encyclopaedia Astronautica ]
Fafblog ]
BBC News (Scotland) ]
Pravda ]
Meerkat open wire service ]
Warren Ellis ]
Brad DeLong ]
Hullabaloo (Digby) ]
Jeff Vail ]
The Whiskey Bar (Billmon) ]
Groupthink Central (Yuval Rubinstein) ]
Unmedia (Aziz Poonawalla) ]
Rebecca's Pocket (Rebecca Blood) ]

Older stuff:

June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
(I screwed the pooch in respect of the blosxom entry datestamps on March 28th, 2002, so everything before then shows up as being from the same time)

[ Site Index] [ Feedback ]

Powered by Blosxom!