There is no fail
safe means to prevent the theft of stored data by those with criminal intent, particularly if they
financed. A quick scan of the headlines supports this conclusion definitively.
Why I’m Feeling Insecure About
For all it
s convenience and pizzazz, biometrically secured electronic payment won’t gain mass
acceptance by consumers until the technology overcomes its very real vulnerabilities, says Biff
Biff Matthews is president of Thirteen Inc, the parent company of
CardWare International, Heath, Ohio. Reach
him at biff@13
Biometrics debuted as a payment method in 2000, with systems focusing on fingerprint scanners that linked
individuals to their checking accounts. A person enrolling in the system provided
identification to a teller,
who then entered the information into a proprietary database, took the person’s picture, and scanned his
finger into the system. The customer entered a 10
digit code that enabled the system to locate the scan for
After enrollment, the customer could cash checks and otherwise access his funds by scanning
his finger and having the merchant scan his check.
Iterations of this system, some involving retinal scans, voice recognition, more detailed finger scans,
atures, have proliferated since this early example, always with the promise that transactions,
personal data, and biometric identifiers will be protected. But concerns over security, specifically the
security of biometric data, have stalled implementation
in many markets.
Biometrics has great initial appeal. It’s easy, sophisticated, sexy, and potentially powerful. In some markets,
customers can register multiple credit cards, checking accounts, savings accounts, even lines of credit as
urces for payment via biometric ID. Yet, truly secure biometric authentication
the one thing that would
facilitate widespread acceptance
A decade ago, I had a conversation with a researcher at Battelle Labs. He was engaged by the four credit
rd associations, the Feds, and other interested parties in the study of signature dynamics, that is, the stroke,
pressure, speed, and curvature involved in creating a signature. They were considering various biometric
attributes as well as applications acr
oss a broad spectrum, from facilities access to the launching of rockets.
The study also encompassed thumb and fingerprint, voice, and retinal. But it became apparent that
retinal, fingerprint, and voice could all be readily duplicated. The one entity tha
t could not be adequately
duplicated is the way a signature is produced
the signature dynamic.
That was 10 years ago, before ubiquitous Internet use and before the elevation of hacking to an
advanced science. Hacking then was a physical intrusion, genera
lly done by a disgruntled employee or
thief. And the stakes were more modest: Systems were generally closed loops, with no wide Internet
access. And even if there were Internet access, the quantity of data resident on those systems was much
pen architecture and wide access are the new norm. What hasn’t changed is that the signature
dynamic algorithm remains the most secure form of personal identification. But because that information has
to be stored, and dispersal of that information is pote
ntially global, significant vulnerabilities are, at least at
this juncture, inevitable.
The problem is not interception of data at the point of transmission. Encryption is generally effective in
preventing this breach. The vulnerability is at the point whe
re signature dynamics meets authentication.
The Battelle study concluded that, though it was the securest method, signature dynamics was, at the
time, too costly to implement due to data
storage requirements and the size of the algorithm required for
Since then, both storage and computing capacity have grown exponentially, bringing signature dynamics
back into the realm of feasibility. The size of the algorithm, and the size of the signature dynamic, are still
huge, but the computing capaci
ty to manage them has expanded and has been miniaturized.
Still, the point at which personal biometric data are stored remains a serious security challenge, given the
universal access that’s necessary for payment systems to function. Every security proces
s has a flaw, and this
one is huge. All of the technology involved with these systems, as well as the myriad schemes to defeat
them, is available at public libraries and online.
An episode of the popular show “Alias” showed how a finge
rprint image could be extracted from a sheet of
paper and transferred to a mold, which was then used to create a duplicate to gain access to sensitive
computer data. It succeeded on the show, and it works in real life as well.
Stored biometric data, and t
he tools for accessing them, must be linked through some communications
methodology in order to provide the authentication required for a transaction. At present, there is no failsafe
means to prevent the theft of stored data by those with criminal intent,
particularly if they are well
A quick scan (pun intended) of the headlines of the past year supports this conclusion definitively.
For this reason, except in extraordinary “no
choice” circumstances, (employment, government agencies,
trics will continue to encounter substantial consumer resistance.
It is a similar story with radio
frequency ID (RFID), or contactless, card technology. Both concepts
promise great convenience, but at their core they’re just one more single
I, frankly, don’t
need another single
function card in my wallet with utility indistinct from the others.
Which may, after all, be the key. If there are multiple, valued uses on a single identifier
quickly and positively identifying me
ht be enough of an added value to tip the balance in favor
of widespread biometric ID acceptance. If one instrument could provide access to the office, the car,
personal funds, medical information, and insurance, that ubiquity might be sufficient to overco
me, at least
in the minds of consumers, the risks inherent in data storage.
Everything in life, after all, is a trade
off. If this occurred, the biometric instrument would effectively
replace the Social Security number. Whether that would be a positive de
velopment is the subject of another
Absent this extraordinary “multi
purpose” convenience, the consuming public will have to become far more
accepting of risk for the balance to tip in favor of biometrics. And if this does occur, the
public will have to
accept responsibility for the close monitoring of financial and personal data. Tools to correct problems will
also have to be far more readily available than they are now.
In the pre
biometrics era, merchants, banks, and customers all k
new each other. Today, most transactions
are not between familiar parties, and payment methods must accommodate this reality.
There is great convenience in biometric payment technology, but for implementation to be widespread in
the way, say, that ATMs ar
e, one of two things must occur. It must either provide a unique and exceptional
level of convenience, or there must be definitive security that trumps the perception of high risk. Neither is
on the horizon.