Pendum
Media Kit

Fb Share

That was the question asked by the European ATM Security Team (EAST) in its website research poll conducted from July to September 2010.  73% of the respondents would not use the technology, or were cautious about it.

The participants were asked if they felt comfortable with the notion of having their finger scanned.  The results below follow the statement:

If ‘finger vein’ biometric technology was on an ATM:

  • I would be happy to use such technology in place of my PIN (27%)
  • I would only use such technology after full explanation as to how my personal data will be held and controlled (23%)
  • I would not use such technology due to concerns about personal data privacy (50%)

So the majority would not use the technology, or are cautious about it.  Biometric ATMs are however well established in Japan, where tens of thousands are now in operation, and in Brazil.  A common system is ‘finger vein’ identification technology.  The transaction is authorised by a finger scan, rather than by entering a PIN.

This technology has been launched in Europe, by BPS Bank in Poland which is running a trial using a system developed by Hitachi and Wincor Nixdorf.  The technology combines ease of use for customers, with enhanced card protection.

My concern is the possibility of my biometric data template falling into the wrong hands or being misused.  There is a big difference between a compromised PIN and compromised biometric data.  My finger vein pattern is not going to change and, once taken and stored, the data is out of my control for ever (yes, maybe data protection legislation says it should be destroyed once an account is closed, but if that is the case how do I know that it actually happened and, even if it did, was it compromised before hand?) 

A compromised PIN can be changed, and is for the sole purpose of authorising transactions for a single card - it is unique for that card, which can be re-issued if compromised. For online transactions we are told to never use the same password for different purposes. It also can be changed if compromised.  Yet hypothetically, if I have accounts with several different card issuing banks and they all use finger vein technology for ATM transactions, then I am using the same authentication (admittedly unique to me) for multiple cards (and possibly other future legitimate purposes)

The industry view is that compromise of stored biometric data is impossible - but is anything impossible relating to data that is held on computers?  The cycnic in me says that insider and external vulnerabilities will always exist for stored data and that those with the necessary technical know how will find them.  I agree with the the 50% - what's your view?

Related Content

User Comments – Give us your opinion!
  • Alessandro Ricci
    106198994
    Why don't save biometric data inside the card? The card reader could verify the actual fingerprint against the one recorded inside the card and never send these data outside.
  • Peter Freeman
    106102561
    Most technologies work in the right environments. The biggest issue revolves around practicalities.
    In very cold weather do you really want to remove gloves?
    In outside environments voice is difficult with so much background noise, and do you want to appear really stupid talking to a machine.
    The main issue is registration of the biometric, and validation? How and where is this planned? Remember most people use ATM and other self service devices because they cannot get to a bank. There is easy opportunity for impersonation. The registration costs can be large.
    Of course it negates any possibility of interchange unless others use the same technology.
  • Thomas Beshke
    101426947
    Most technologies work in labs, where the environment is controlled. Lumidigm's Multi-Spectral Imaging technology works "in the real world". Too wet, too dry, too old...no longer are these performance concerns. Spoof detection is a must for this type of environment> MSI is extremely robust to spoofing.
    Storing the data and encrypting it locally is the key to deal with the privacy concer.
    Regarding enrollment, that's easily handled, but I cannot elaborate as we have active projects in the works.
Products & Services

About Custom Group

http://global.networldalliance.com/new/images/products/Custom_Logo_100.gif

1235/About-Custom-Group

ATM, EFT and POS Simulation and Testing Software - FASTest™

http://global.networldalliance.com/new/images/products/Fastest_100.gif

864/ATM-EFT-and-POS-Simulation-and-Testing-Software-FASTest

Multivendor SW ATM application - WWS Client

http://global.networldalliance.com/new/images/products/6213.png

6213/Multivendor-SW-ATM-application-WWS-Client

FINsim POS

http://global.networldalliance.com/new/images/products/6489.png

6489/FINsim-POS

Wooden ATM Cabinets

http://global.networldalliance.com/new/images/products/4292.png

4292/Wooden-ATM-Cabinets

Terminals

http://global.networldalliance.com/new/images/products/5789.png

5789/Terminals

Full Service ATM with Multi-depository

http://global.networldalliance.com/new/images/products/Itautec_IW1565.gif

735/Full-Service-ATM-with-Multi-depository

Software Security – NCR Solidcore Suite for APTRA™

http://global.networldalliance.com/new/images/products/NCR_logo_100_0409.gif

3728/Software-Security-NCR-Solidcore-Suite-for-APTRA

Fraud Protection System

http://global.networldalliance.com/new/images/products/4255.png

4255/Fraud-Protection-System

ATM Dial Up to IP, IP to IP, The DPL Group Hercules IP

http://global.networldalliance.com/new/images/products/721.png

721/ATM-Dial-Up-to-IP-IP-to-IP-The-DPL-Group-Hercules-IP

EMV, PCI and the ATM Industry
ATM & Mobile Innovation Summit
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.