59 comments

[ 0.26 ms ] story [ 131 ms ] thread
Not Content with Owning your Data, Corporations Seek to own your Body
Knowing what you look like is different than owning you.
You're not without representation. If you don't like the actions of CEOs, you should have run against them in an election.

- The US Supreme Court (more or less)

Reads like a press-release directly from MasterCard. Is there any proper articles on the technology that doesn't read like it wants to sell something to me?
Giving away biometric data like this seems like a very poor trade-off compared to just pulling out your phone or card.

More secure? More hygienic? Come on...

Any arguments about security they make are pretty weak given how badly they screwed the pooch on NFC.

It's comically bad. Stuff like "oh, it's cool, we'll just trust the device to auth the user", allowing NFC to have a higher spend limits, readers using the same seed for encrypted sessions...

What now, this sounds terrible. I'll have to read up on it.
MasterCard and most other card networks are happy to shift fraud liability onto the banks and/or merchants. Why should I care as a user that the system is technically insecure if I’m not actually put at risk?

I also don’t see the problem with your own device authenticating you - I trust my device more than a random terminal onto which I’m supposed to type a PIN.

When it comes to spend limits, this is primarily down to merchants - they are in control of their terminals and can choose to reject (or ask for additional auth - mobile contactless + PIN is technically possible for example) any method if it doesn’t fit their risk appetite. Most merchants choose to allow even completely insecure methods (card-based contactless with no CVM) because in practice the convenience for the prospective shoppers offsets the cost of fraud.

The security on a card is really via policy, not via technical security. It doesn't matter how secure your encryption is if you are susceptible to a wrench attack [0]. As long as the bank accepts liability for NFC payments while vehemently denying any liability if you share your pin, it doesn't really matter how technically good their security is.

[0] https://xkcd.com/538/

What specific vulnerabilities are you referring to?
Plus I suspect you will still need to pull your card. Biometrics sort of work when you are trying to match one user with one face (authenticate on a computer). But if you are searching a face among a billion users, you will get false positives, not the least because of twins. So you still need a way to tell your ID to the system.
Biometrics have to be the biggest meme in security maybe behind anti-virus software.
Wait, you dont run multiple anti virus software?
Fingerprint authentication for unlocking personal devices seems alright to me. It works well on my laptop, as an alternative to typing the password, and makes it easier to stomach my rather aggressive auto-locking settings. (And with fprint on Linux, you get quite a bit of control over exactly what and how fingerprint based auth works, using PAM.)

Facial recognition, on the other hand, is annoying as hell. Apple Face ID is seemingly one of the better systems, but I’ve used Windows Hello as well as Face ID and I can honestly say I hate both of them. They’re both solutions to problems I really do not believe anyone had. Like a lot of other “magic” security primitives such as passive proximity keys, facial authentication systems fail to validate intent. Fingerprint sensors are also a lot worse than passwords in this regard, but facial recognition authentication is absolutely ridiculous. I can accidentally unlock Windows Hello from halfway across the room. If my cat is about to walk on my laptop, I would like to lock the screen, but if Windows Hello is enabled, tough shit, as the moment keys are pressed it will try to find your face and unlock. At least Face ID tries very hard to ensure you’re looking at the device; if Windows Hello is trying to ensure that, it is not doing a good job. There’s hardly anything I can do to prevent the laptop from accidentally unlocking.

Fingerprint authentication is still not ideal, so I think it should be limited to things that don’t need as much physical security. I think that it’s fair to say sudo prompts and screen unlocking are decent candidates. Even in the case where you have very advanced adversaries, at a certain point I wager the weakest link is going to be something else, and you are going to want to try to keep them physically separated from the machines if you want to stand a chance.

Then again, I’m not a security person.

That said, I think anti-virus is still a bigger meme.

not disagreeing but, a part that is missing is the consent of the user to be in such an arrangement to use a computer. Next is the chain of custody for data linked to you personally and legally. Both the consent or lack-thereof, and the use and abuse of that persistant, highly-transmissible security data bundle. in short, if it were only in a formal environment for the right reasons, then sure, locks are useful; not that? problems
Having used fingerprint unlock on an iPhone for a while, it's kind of a pain in the ass sometimes.

* it doesn't work if your finger is even slightly wet, so using it while in the kitchen is annoying (like when trying to consult a recipe.) Even if you wipe your hands on a towel or your pants, it still might not work

* it doesn't work if you're wearing latex/nitrile gloves, like when cleaning, or doing car work, etc.

* it doesn't work if you're wearing gloves, which is a borderline necessity 3-4 months out of the year if you're planning on being outside for more than 5-10 minutes, or if you plan on using your hands for anything while outside. 6+ months out of the year if you're on a bike.

> * it doesn't work if your finger is even slightly wet, so using it while in the kitchen is annoying (like when trying to consult a recipe.) Even if you wipe your hands on a towel or your pants, it still might not work

To be fair, this one genuinely varies per fingerprint sensor. Some of them work under surprisingly bad conditions.

> * it doesn't work if you're wearing latex/nitrile gloves, like when cleaning, or doing car work, etc.

True.

> * it doesn't work if you're wearing gloves, which is a borderline necessity 3-4 months out of the year if you're planning on being outside for more than 5-10 minutes, or if you plan on using your hands for anything while outside. 6+ months out of the year if you're on a bike.

This is really the same thing as the last one, but it depends on where you live. Also, gloves tend to not be great on touchscreens anyways.

My issue with Face ID in particular is that it does not immediately show a PIN unlock, which means when it isn't working quite right you might fumble for a little bit trying to figure out how to get it to stop trying. Also, while it is again totally possible to accidentally unlock with fingerprint if you are not careful, it is hard to _not_ unlock with facial recognition on accident.

(Not to mention, compounding on the problem, the fact that a whole lot of us are wearing face masks in public places right now, and therefore unable to easily unlock our phones with Face ID. Not having a convenient unlock option in public is quite a problem; PIN works, but for example, for payments I'd argue it really isn't ideal, and in public everyone can easily see your PIN when you type it.)

Because of those issues, to me, fingerprint authentication feels like it's mostly a UX positive over PIN alone, whereas facial recognition + PIN is actually worse than just PIN because I legitimately can't avoid a lot of the awkwardness. I mean, anyone can get used to it and deal with it, but I absolutely felt a lot better with Touch ID than Face ID, and I doubt I'm alone on that one.

Touch ID is excellent and fortunately has returned via the power button on iPads. Let's hope it arrives on iPhone power buttons.
I want fingerprint and pattern on android. Nearly impossible, impossible practically.
No thank you. I will not use these and I hope both city councils and legislative bodies ban them from use
The problem is there are thousands of unaware or complacent people who gives their data easily. And, it doesn't matter if 2% of people grouse and complain over issue. If enough people use it, then many people are forced to use it whether its good or bad. Also, don't expect politician to fix such issue because they themselves probably think its good due to "security"
NYC, SF and a few other US cities have banned cashless stores, so all is not lost.

As long as there's a choice to use cash, digital alternatives will have to compete against reality rather than narratives.

USD in circulation continues to increase: https://fred.stlouisfed.org/series/CURRCIR

Security is for them not for you. Their 3D secure system is already quite annoying
Honest question, what's the worst thing that could result from MasterCard having a hash of my handprint?
There will be no situation in which a mugger could get something from you

Don't have your card/phone on you? No worries! We can still force your hand to withdraw money

Is the idea that they chop your hand off?

If it's just that they hold a gun to your head and make you authenticate with your palm, then they can do that right now. Once the gun is to the head you're kinda compelled to do what they're saying regardless of whether you authenticate with biometrics, password, whatever.

The idea is that even if someone points a gun at you they can't do anything to you immediately if you don't have a phone or a credit card with you (as far as I know anyway). But with biometrics no matter what precautions you take, you'll always be in a position to give people your stuff by force
So is the threat model that the guy mugging you points a gun at you, then walks you to a store that supports Mastercard bio authentication, and while holding you at gun point, forces you to buy some fungible good from the store that they then rob from you?

…does that not seem incredibly convoluted? And not even that damaging for you, it’s obviously and clearly fraudulent, you’d have no issue getting the chargeback.

I can imagine the future involving the removal of ATMs tbh. They are becoming less and less of a requirement in modern economies.
In a world with same day delivery I also imagined a future with fewer cell phone stores, but they still seem to be everywhere. At the very least there seems to be bank branches everywhere and they will always have ATMs.
MasterCard gets hacked (or someone internal steals the data, same effect). Now someone can imitate you to MasterCard, buy expensive stuff, and blame you.

Worse is if everyone uses the same hash as MasterCard. Say, the IRS, or the passport office, or the police. That's outside the scope of your question, though, which was if only MasterCard had the hash.

When it comes to the police, if they’re after you, can’t they follow you and just lift your biometrics from something you touched?
Unfortunately when it's "stolen", you can't be issued a new fingerprint. Worse, you leave them everywhere. I think it would be naive to believe this won't become a method of committing fraud, perhaps even a common one.
It’s hard to tell how it works from the article, but this is not a major issue if it’s used as a second factor for authentication. Apple Pay is an adequate system imo. It requires both your face and your physical phone to make a payment.

It’s not exactly a realistic threat that someone steals your phone and builds a model of your face to use at a retail checkout.

I could see biometrics being used as an alternative to card pins where you tap your card and then scan your hand. This would be more secure than the current system where you can tap under $200 with no authentication.

I am always impressed by the ingenuity the people have to exploit the security systems, bump keys, car proximity keys signal relay, car bluetooth opening from Tesla, "card readers" in ATMs, non secure Wifi poisoning, etc.

These were all non realistic threat.

This makes me very conservative with all these integrations and more software running and databases to just make it more convenient than a 4 digit PIN.

>These were all non realistic threat.

They still are. How many stories are there of people actually having their cars stolen via remote relay attacks? It gets demoed a lot in proof of concepts but I have never heard of it being actually executed. Why on earth would someone build fake fingerprints when they can just walk in to a designer handbag store with a knife, grab a few bags, and resell on facebook market place.

Credit cards don't _need_ bulletproof security, they just need to be secure enough. Fraud can often be reversed and fraudsters don't get away with it many times since there is CCTV in every location that takes card. The card companies would rather opt to eat the losses on any non reversible fraud because the profits of a friction less user experience is worth more.

Or just require the PIN for all transactions?

I have a hard time believing that the gas station down the street is going to adopt high quality scanners that can process my handprint faster than I can type my PIN.

They sell access to their database to law enforcement, even though it was never designed for that, and your reputation is ruined by false accusations (if you're rich), or you're executed (if you're in the US and black).
I assume law enforcement would have access to this also but a hand scan I think is just a vein scan. So I don't know how useful it is to law enforcement but I would be extremely suspicious of large monopolies working with government against citizens. I may be wrong about how useful it is to LE.
It says you just wave your hand over the scanner, so, even if it is a vein scan, LE could probably start putting similar cameras up to scan passers by without their knowledge. (This would obviously also work for facial recognition, but with existing cameras.)

A 1/1,000,000 chance of falsely matching a face is a non-issue for payment validation. For a law enforcement search, it means the computer will auto-fabricate local suspects.

Prosecutors in the US are judged on conviction rates. They have no incentive to worry about bogus matches. (And the ones that don't let such things slow them down tend to be promoted.)

Assuming the hand scan can't be forged or stolen, which is a big assumption and probably not true based on how other biometric scans have failed to be secure, I think I would be concerned about revealing too much data about myself.

I don't know how 'leaky' the hand print scan is meaning how much MasterCard learns from the scan. But imagine if they could figure out which people were more susceptible to buying say alcohol or coffee when they examine the hand print and then displaying an ad to get the person to make a last second purchase that is targeted to that person.

MasterCard can already track your location by seeing where you are buying things and they can watch your purchases which is a lot but who knows what can be learned from a hand print scan. But I think also hackers are very motivated so the security issues are probably understated.

The very worst? Probably something to do with your hand hash coincidentally being the same digit sequence as a nuclear launch code, and some unfortunate internet misrouting.

I tell you, this biometrics stuff, we need to watch out...

MC eventually leaks the database of handprints, yours is used to make a fake rubber handprint that ends up on a gun involved in a crime. Police has evidence, your weak argument that you were in a bar that night gets dismissed by the judge, nobody believes you.
(comment deleted)
you should seriously look at how "UPI" from india works. its fee-less, offers the same protection and maybe more becuase you have to actively accept/decline payment and they can even set up stuff like autopay mandate and all.

its tied to your mobile number AND your phone so it "might" not appeal to everyone but still, there are banks who offer it over their internet banking channels so the tech can be used in a browser setting which does help. There is already existing "fraud protection" mandated to banks so its not like the whole "mastercard does that so they need their share". they don't and india is slowly transitioning AWAY from plastic.

this is a "gimmick" i suppose because UPI apps already support using your phone authentication to confirm a payment so yeah...... mastercard does not get this data and they want to make it "cool" to lull banks into shoving the cards down their customers' throats

>smile into a camera or wave their hand over a reader to pay.

The difference between "please drink the verification can" 4chan copypasta and real life is a few years apparently.

A month short of nine years ago. It wasn't that far-fetched at the time; it was written in the context of the Xbox, which could identify players using the Kinect.
I wouldn't mind to have that option. Issue is that in sake of optimization, there are hardly any options in majority of categories. Even 1/3 of small fintech startups are tied strictly to unrooted android/ iOS. Just because my phone is rooted, I cannot use them as they don't even have browser option.

Same with supermarkets pushing card and having 1 tile (out of 10) for cash.

Hmmm.... so what is recorded to enable later verification? Saved video? Saved eigenvectors/values?

And What Could Possibly Go Wrong?

I find "smile to pay" very dystopian. It's been shown that the physical act of smiling can improve mood, so I don't think it's much of a stretch that someone at MasterCard said "hey what if we condition people to enjoy using their credit/debit card?"