Vein-scanning technology may trump fingerprint scanning for payments

Fujitsu's vein-recognition technology identifies a person by scanning the unique pattern of veins.

Scanning veins in the human hand could become the biometric measure of choice  for authentication when we pay for things or want to unlock devices such as smartphones, an Australian professor says.

Thanks to the iPhone 5s and Galaxy S5 smartphones, fingerprint scanners are going mainstream quickly. But how will they fare against vein scanning?

According to computer science Professor Willy Susilo of the University of Wollongong, fingerprint scanners are a "gimmick" and iris and vein scanners are likely to trump them.


"Using our fingerprint is not a secure way to do [authentication]," Professor Susilo said. "It's just like a gimmick."

One of the main benefits of vein and iris scanning is that you don't tend to leave behind iris or vein prints, he said.

As most vein scanner sensors coming out this year require no physical contact, it means there are no residual biometric patterns that could be copied, preventing fraudulent use.

Fingerprints are notoriously easy to lift from surfaces and are not secure, he said, which has been demonstrated by researchers for more than a decade.

In 2002, Japanese researchers showed that fingerprint scanners could be fooled with about $10 worth of household supplies. They also found many fingerprint systems did not detect if someone was "live and well".
"Gummy fingers, namely artificial fingers that are easily made of cheap and readily available gelatin, were accepted by extremely high rates by particular fingerprint devices with optical or capacitive sensors," their paper said.

At the time, renowned cryptographer Bruce Schneier called their research impressive.
"The results are enough to scrap the systems completely, and to send the various fingerprint biometric companies packing," he said. "Impressive is an understatement."

When the iPhone 5s came out in September last year, security researchers also managed to fool its fingerprint scanner within days. A fingerprint of a phone's user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s, said the Chaos Computer Club researchers.

"This demonstrates – again – that fingerprint biometrics is unsuitable as [an] access control method and should be avoided."

Despite this, many manufacturers continue to use fingerprint scanners.

Samsung's new Galaxy S5 lets consumers pay for things with their fingerprint using PayPal.

Fingerprints scanners continue to be used because they are cheap, Professor Susilo said, but ultimately iris- or vein-scanning technology could win out.

"[Vein scanning] seems to be the way forward," Professor Susilo said, noting that there have been concerns about iris scanners potentially causing cancer.

Already shops and cafes at Lund University in Sweden offer Quixter, a vein pattern payment system developed by student Fredrik Leifland. It has 1600 users and, according to Leifland, is believed to be the first in the word.

US company Biyo, which Fujitsu has partnered with, is the first to provide payment terminals that connect a vein scan to a credit card. According to Fujitsu, it will provide one false positive for every 1.25 million attempts, paving the way for a wallet-less future where in-store purchases are verified by veins.



No comments:

Post a Comment