Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database

from the are-you-sure-you've-thought-this-through? dept

As part of President Obama’s BuySecure initiative, US merchants and the public are being encouraged to adopt the Chip and PIN technology for credit, debit, and other payment cards. As the announcement in October last year noted, these Chip and PIN cards have been used for some years in other parts of the world, notably Europe and Canada. For all the technology’s vaunted security, there are inevitably still weaknesses that can be exploited, as with any system. That was true five years ago, and it’s still true now, as shown by this story on the BBC Web site about one company’s idea for reducing Chip and PIN fraud:

One of the biggest payments processing companies has revealed it is developing a chip-and-pin terminal that includes facial recognition technology.

Worldpay’s prototype automatically takes a photo of a shop customer’s face the first time they use it and then references the image to verify their identity on subsequent transactions.

The company admits that the system is unlikely to be perfect:

Worldpay is not suggesting that shoppers be blocked from making payments if its computer system failed to make a match.

Rather, it suggests that tills would display an “authorisation needed” alert, prompting shop staff to request an additional ID, such as a driving licence.

It’s only an experimental idea at present, but Worldpay says it could roll it out to the 400,000 retailers that use its system within five years if there’s sufficient interest. That would obviously create rather a large collection of facial biometrics, which raises questions of how they would be stored. But don’t worry, Worldpay has got that sorted:

The firm says it would store the captured images in a “secure” central database.

Well, that shouldn’t be a problem, then — provided you remember to change your face when that database gets broken into?.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,
Companies: worldpay

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database”

Subscribe: RSS Leave a comment
lfroen (profile) says:

... and what exactly is a problem?

Sorry, but I just can’t see a problem here. My photo and name is not a secret. You don’t even need “secured database” for this.
Credit card info _is_ a secret, and breaking into _this_ database is a crime very similar to bank robbery.
Now, let’s say someone does break into and steal those “biometrics”. You can’t wear someone else face in “mission impossible” style, and “technology” for stealing money more directly already exists: it’s called gun/knife.

PaulT (profile) says:

Re: ... and what exactly is a problem?

You also can’t revoke or reissue your biometrics if your data is compromised. You think it’s bad now when your credit card information is compromised, wait until it’s your face…

“”technology” for stealing money more directly already exists: it’s called gun/knife.”

Yeah, and if people are going to be trying to compromise my bank account, I’d rather they did it from card data they skimmed than needing me to have my face in front of them.

mcinsand (profile) says:

Re: Cash is king...for now

Decades ago, Analog published a short story where the protagonist was dealing with societal issues associated with using cash. The premise seemed ridiculous, back then. After all, who would assume that, just because you possess something that can be misused that you are going to do so. After all, that’s as ridiculous as assuming that, just because you use BitTorrent to download fresh OS ISOs that you must also be using it to pirate music or software. Alternately, you could be judged to be planning to make illegal copies of something because you’re buying a pack of blank DVD’s.

The main hangup I had with the short story was that the premise seemed ridiculous. It doesn’t seem so today. I can see a campaign to throw suspicion on individuals that use cash for transactions. Cash can be exchanged anonymously, so anyone that uses cash must ‘obviously’ have something to hide. I fear that is just around the corner, as an effort to make our movements easier to track by the cards we use.

Anonymous Coward says:

Re: Re: Cash is king

…That database already exists, since ATMs take your picture regardless of the card tech (or if you’re even using the ATM)…

While true, is that imagery being sent off elsewhere? That is the issue. Many ATMs’ imagery is stored locally, whether it’s in the ATM itself or in the building the ATM is in. When there’s an inquiry the imagery can be copied or transmitted elsewhere. Not all ATM video systems have off-site archiving, and I have seen ATMs that don’t have built-in cameras (a chain c-store in my area several years ago took over the ATMs in their stores when their bank contracts expired; none of the ATMs involved had any cameras in them, and still don’t today).

PaulT (profile) says:

“Worldpay’s prototype automatically takes a photo of a shop customer’s face the first time they use it and then references the image to verify their identity on subsequent transactions.”

If this is as reliable as Cisco’s similar system for sitting their exams, it’s got a long way to go. Every damn time, I have to spend 20 minutes with the exam centre verifying things because my photo & signature weren’t captured properly the first time and the exam can’t be authorised until it’s recognised me… Although i haven’t sat one in the last 2 years so maybe it’s improved, who knows.

Ninja (profile) says:

Re: Re:

And it isn’t even remotely secure. Unless they are very sophisticated a picture of the owner face would be enough to fool the system.

Biometrics can be awesome but it’s an issue when it’s breached because you can’t change them. The idea of using biometrics as a multi-factor authentication is nice but it shouldn’t be the only set of keys needed to enter.

Anonymous Coward says:

Face-Off coming to a retailer/theater near you ..sooo which mask/face do you want Nic Cage’s or Johnny Travolta…

and I find it funny Worldplay … gives a ton of WordPlay to say it kinda works ..but we’ll still need your ID, which makes it pointless unless they are just gathering data for the agencies of the 3 letter variety.

Rekrul says:

My friend doesn’t use his credit card much. A while back he was going on about how much more secure the cards with a chip in them were than a normal credit card. He was telling everyone how he was going to contact his credit card company to get a new card with a chip in it. Of course when I finally saw his card, it was already chipped, he just didn’t realize it.

I tried to point out to him that if someone obtained his card number and the verification number on the back, the chip would do absolutely nothing to prevent them from using it online or placing orders with a mail-order company over the phone. He still insisted that having the chip somehow magically endowed the card with extra protection against such things.

Anonymous Coward says:

Some people love technology, some of them dont know the concept of “building technology that can easilly fringe upon peoples right”

Hey, can i take a picture?


Take the picture anyway

Its not the action, its that you ignored the no

Those that ignore, deserve the things they do to others, ignore their rights as they ignore the rights of others, within reason, an eye for an eye, an eye for an ear, but not an eye for a life, unless its a life for a life

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...