Fingerprints Replacing Credit Cards at Retail Stores

When students living in Berkeley, Calif., crave a chicken burrito with an extra heaping of guacamole at High Tech Burrito, a Bay Area-based fast-food chain, they need to remember to bring only two things — an empty stomach and a forefinger.

That's because even when they leave their wallets in their other pair of pants, they can pay up by simply using their fingerprints.

High Tech Burrito is one of 2,100 stores in 44 states that are or have been clients of Pay By Touch, a company that lets customers use biometric identification — body-based measurements unique to each person — instead of cash or a credit card to pay their bills.

• Click here to visit's Cybersecurity Center.

For Pay By Touch and its clients and customers, biometrics is the cutting edge of convenience and consumer technology.

For critics, biometrics straddles the line between privacy rights and identity security on one side and the selling-out of personal data on the other.

"Paying by card is antiquated," Pay By Touch COO John Morris said from the company's headquarters in San Francisco. "It's a constant from a long time ago. But people love [biometrics], people love the convenience — it's like a free service that speeds them through the line. They like the security of it.

"If you hand a paper check to a stranger, seven or eight humans touch that check before it gets into your account, and see your personal data," he added. "With biometrics, you're uniquely you. Why carry a purse in a dark parking lot when I can lock it in the trunk and pay by finger?"

People who enroll in Pay By Touch have two fingerprints — usually those of both forefingers — scanned into a computer that records the patterns of ridges, swirls and whorls that make each person's print unique.

The fingerprint information is stored in a top-security IBM data center. To prevent a data leak, Pay By Touch hires "ethical hackers" to try to break in to the system.

It's got a relatively small staff of 700, but Pay By Touch spends a good portion of its budget, "million of dollars," on data security, according to Morris.

"We won't sell it to anybody, we won't provide it to anybody, and it's a system we started designing ourselves from scratch," he said. "We had input from the Bank of America, from IBM, from Accenture, from the FBI — all of whom have built incredibly secure systems, and it's stored in a fortress that IBM runs for us. It's as secure as anything in the industry."

At each point of purchase, a computer scanner reads the customer's finger, allowing for countless environmental factors that make each reading slightly different from the next.

"If you're holding something in your right arm, like a child, you can use your left hand," Morris said. "Or if you have a Band-Aid on your finger, or if you have a cut, depending on how wide the cut is, the technology would still be able to read your unique print, even if you had a blemish or a scrape on your finger."

For those curious readers who are morbidly inclined, it might be reassuring to note that the scanners take into account the level of moisture on a person's skin. In other words, dead fingers won't work.

Even Pay By Touch's critics concede that using fingerprints, instead of other biometric readings, was a wise choice.

Retinal scans, which examine the pattern of blood vessels inside the eye, have largely proven not to be very useful, say biometrics experts. Face scans, voice prints and hand telemetry have all had varying levels of success, but none to the level that fingerprint scans have.

Iris scans, which memorize the colored part of each person's eye, look promising, but that field hasn't been explored enough yet to base an industry on.

Fingerprint scanning has so far proven the most accurate. That's been enough for the stores and customers who tout Pay By Touch's convenience, reliability and security.

Since High Tech Burrito enrolled with Pay By Touch in 2002 as one of its first retail clients, more than 2,000 other retailers have joined up, and 2.4 million shoppers have given Pay By Touch "the finger," as it were.

The number of Pay By Touch consumer users expands by tens of thousands each month, Morris said. He added that the service has also proven surprising popular with people on welfare, who no longer have to whip out an embarrassingly noticeable card to pay for their groceries.

Pay By Touch is also trying to expand into new marketplaces. One potential client is an association of physicians in a "mid- to large-sized" city, according to Morris.

Pay By Touch would allow the patients to register basic medical information — such as allergies, medical history, family histories of heart disease, and so on — in the company's database so that it would be in a "digital wallet" instead of in, as Morris put it, "a manila folder where who knows who can see it?"

But some say that the convenience of paying by fingerprint isn't worth the trade-offs, whether those problems are evident yet or not.

"The problem with all biometric identifiers is that they're not so easy to replace," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, in Washington, D.C. "If someone gets a hold of your biometrics, you can't easily replace it."

Lee Tien, a senior staff attorney at the San Francisco-based Electronic Frontier Foundation, had a similar concern.

"So you lose your keys," said Tien. "You get another key and you change your locks, and you're back to where you were before. If your credit card number is stolen, you get another credit card and revoke the old one. You can't do that with biometrics. At a certain point, you're running out of fingers."

Pay By Touch's data security may be mighty by today's standards, but both Tien and Rotenberg said that if humans have learned anything, it's that nothing is infallible.

Part of being secure, Tien said, is having a good system in place for what happens when the supposedly undefeatable security system is defeated.

"When they talk to the rest of the world about how great this is, they fail to go into what happens if something does screw up," he said. "It's not at all fault-tolerant the way other systems are."

Anyone who's read the seemingly daily news nowadays of corporate, government and even military computers and databases being breached by hackers, or compromised simply by a misplaced laptop, might feel they have a right to feel a little anxious about having their fingerprints and a financial account together on even a high-tech database.

"Our experience has been that most security measures can be defeated," Rotenberg said.

Cracking Pay By Touch's biometric encryption might not even need to be high-tech.

Tien noted, for example, an experiment in late 2005 by a Japanese cryptographer named Tsutomu Matsumoto. He fooled several fingerprint scanners using a digital camera, a PC and material that could be found in many kids' lunch boxes.

The secret material that ended up fooling 80 percent of the fingerprint scanners he tested? Gummi Bears.

"In the context of fingerprint scanners that were even supposed to detect whether it was live or dead fingers, [Matsumoto's experiment] used the substance they make Gummi Bears candy out of, and created little sleeves to put over their fingers with someone else's fingerprint, and it was able to fool any commercial-type scanners," explained Tien. "It's simply not very hard to do."

Similar experiments have proven that Play-Doh and Superglue could also be used to fool fingerprint scanners.

Morris countered that the Pay By Touch system isn't designed to be used alone. The scanners are always attended by a cashier or supervisor, he said, who is trained to make sure there isn't any trickery.

"It'd be pretty noticeable if you're in the checkout lane and using a hunk of Silly Putty," he said. "It'd be noticed by the associate, and we've never had an incident of that kind."

Other biometrics companies are looking to reduce the chances of Gummi Bear fingerprints. They're developing such double-safe systems as a credit-card-sized object that the user holds onto that both reads the user's fingerprint and then sends the data to a card reader at the store.

The card scans the fingerprint to make sure the proper user's using it, then performs the transaction without the necessity of the company keeping a biometric database somewhere else.

"It's a complete on-card biometric platform," said former International Biometric Group executive Richard Ouaknine. "It's like a mini-microcomputer in your hand, and this way the store doesn't have your financial data, the credit-card company doesn't have your financial data, and if someone were to pick up on the street they would get absolutely no information from it."

Of course, he acknowledged, the user would still have to carry a card around, which would seem to ignore the convenience factor that partly makes a fingerprint scanner so appealing.

But it's the larger implications of Pay By Touch that disturb some critics.

"It's dangerous for people who care about consumer rights," Tien said. "You need to ask, 'Is that the kind of society we want?'"

"In the world where we can live today where I can still buy things with cash, you can still be anonymous and engage in transactions without them being recorded and people knowing about it," he continued. "From a consumer perspective, that's part of what privacy means. ... A lot of what we do in life isn't really anyone else's business, but what [biometric retail identifiers are] doing is creating the infrastructure that makes it easy for that kind of data to be collected."

Morris stands by his system, and says that it's ultimately going to prove safer than anything else out there.

"People are very concerned. They know they're doing a lot of things with personal data," he said. "What people understand is that using a unique biometric is so much more secure than anything you do paying by a check or a credit card."

[Correction: Since this story first ran, has learned that High Tech Burrito is no longer a Pay By Touch client.]