They Only Need a Finger...

I just saw this post about voice print activation on credit cards linked from Slashdot. There are issues with biometric security with which it seems that most people are unaware. This kind of thing may decrease crime overall, but I believe it will actually result in an increase in violent crimes related to the subversion of biometric security techniques.

The would-be thief now needs some biometric in order to complete the transaction and this will increase the likelihood of thieves using violence to acquire the victim’s cooperation. This is already being seen in the case where a man’s finger was cut off in order to drive his new Mercedes without him around. The car had been factory-fitted with fingerprint authentication, thus making it necessary to obtain his physical cooperation to steal the vehicle. Personally, I’d rather just give a carjacker my keys and call the cops after they’re gone.

I’m pretty sure this is impractical at the moment, but something interesting to consider is this: perhaps they should not attempt to make the voice-print analysis very good (or perhaps, rather, extremely good). This would have the effect of making the voice-print match fail if the voice of the cardholder is too emotionally strained to fall within acceptable parameters (or the software could attempt to make the determination itself, if trained properly). This could serve to deter the use of violence to coerce cooperation in defeating biometrics because if the attacker got the victim too upset, the card would be inaccessible even with physical control of the victim. Even if possible, this would probably create too much customer confusion and false negatives to be implementable, but something along these lines would go a long way to detering this burgeoning avenue for violence.

Two-factor authentication, if done correctly, is a good thing, and I also love the fact that some companies are willing to try new things in the area of security, typically considered an expense rather than an opportunity to gain consumer trust. I would just like to see some more thought on how to keep the consumer safe, as well as the consumer’s money.