Loss of Privacy

No, this is the old Soviet Union, though the KGB would have loved this new machine. Russia is testing a new ATM that has a lie detector built-in. It is hoped that it will be able to prevent fraud.

Consumers with no previous relationship with the bank could talk to the machine to apply for a credit card, with no human intervention required on the bank’s end.

The machine scans a passport, records fingerprints and takes a three-dimensional scan for facial recognition. And it uses voice-analysis software to help assess whether the person is truthfully answering questions that include “Are you employed?” and “At this moment, do you have any other outstanding loans?”

The big bank involved, Sberbank, whose majority owner is the Russian government, said it intended to install the new machines in malls and bank branches around the country eventually, but had not yet scheduled the rollout. Technology consultants say the machines, if they go into commercial use, would be the banking world’s first use of voice analysis in A.T.M.’s.

Although most Russians are used to and expect this kind of intrusiveness from the government, most people in the West will see these machines as a massive invasion of privacy. Indeed. Who would want to give up so much information to a machine?

A prototype of the machine is on display at Sberbank’s Branch of the Future laboratory in a nondescript office building above a Moscow subway station.

The lab bristles with biometric surveillance technology. When a person walks in, a facial-recognition camera takes note, and an artificial voice cheerily greets known customers. Or, more often, it utters a glum, “Hello, you are not registered,” because only a few of the lab’s staff members have had their faces scanned so far.

Sberbank says that to comply with the part of the privacy law that would prohibit a company from keeping a database of customers’ voice signatures, the bank plans to store customers’ voice prints on chips contained in their credit cards.

Oy vey! What kind of person so readily gives up so many biometric identifiers? In one fail swoop, it gets your passport information, fingerprints, facial scan, voice and video samples, credit card information, and banking information. No thank you.

Found via Wired.

The first biometric ATM in Europe is now available at Poland’s cooperative BPS bank. Utilizing a finger vein authentication system by Hitachi, customers now merely need to place their finger on the pad and the machine will read your pattern and dispense money to you.

The company says that an infrared light is passed through the finger to detect a unique pattern of micro-veins beneath the surface – which is then matched with a pre-registered profile to verify an individual’s identity.

“This is a substantially more reliable technique than using fingerprints,” Peter Jones, Hitachi’s head of security and solutions in Europe, told CNN.

“Our tests indicate there is a one in a million false acceptance rate — that’s as good as iris scanning, which is generally regarded as the most secure method.”

Unlike fingerprints, which leave a trace and can be potentially reproduced, finger veins are impossible to replicate, according to Jones, because they are beneath the surface of the skin.

Amusingly, Jones also added that it cannot be read if the finger had been chopped off. So, all the stories you hear about that, it isn’t possible for this to happen. Blood has to be coursing through the veins for it to work.

This may be a first for Europe, but Asia is far ahead of the curve on fingerprint ATMs.

Jones says that there are now over 80,000 biometric ATMs in Japan, currently used by more than 15 million customers.

The machines are also dotted around parts of Asia, Latin America, the Middle East and even parts of Africa — where, according to banking analyst Stessa Cohen, they are preferred by rural workers living in remote areas, who are not accustomed to carrying bank cards.

So far though, the technology has failed to penetrate banking markets in the West. Cohen, who works for industry analysts Gartner, believes there are a number of data privacy issues that commercial banks have failed to address.

No one knows what is going to happen to the technology, where the customer information is going to be stored or what will happen if a case of fraud does occur. The false acceptance rate worries many privacy advocates considering that the statistics given means that in a Europe filled with 30 million people, 30 other people could access your account. While that may be an acceptable number to a company, it isn’t to most people.

I’m really not looking forward to have the crap beat out of me so a mugger can drag me to the ATM and take my money. Worse yet, the mugger doesn’t know it doesn’t work with chopped off fingers, so he comes back to kill you because he couldn’t get your money. It’s a step in the right direction, but more needs to be done. Dual or triple identification would be a start.

Before you use the bar or mini-mart’s ATM, you might want to think twice.  Robert Siciliano, a security expert for Intelius, an identity theft protection company, bought an independent ATM and decided to see just how safe they really are.

Siciliano then used an associate, a hacker, to see what they could find in the machine. “The next day after we bought it, my hacker comes over to my garage, manual in hand, all giggly, like hackers sometimes do and says, ‘Watch this.’ He punches the master codes to access the machine’s data . . . and hundreds of credit and debit card numbers just start falling all over the floor.’’

There were more than 1,000 numbers recorded in the machine that Siciliano and his colleague printed out. ATMs like that are resold all the time, Siciliano said. They are particularly easy to find in big cities and can be found from time to time in the Boston area.

“The issue with these types is the portability of them and anyone can get one and put it anywhere,’’ he said. They are easily hacked and the innards can be reconfigured to store your card data and PIN. A criminal can also affix skimming devices that capture your data from the card’s magnetic strip and they install wireless cameras that record your PIN codes.’’

Before you use a non-bank ATM, you might want to remember that they are easy to hack, have no security cameras, and could very well be a rogue machine placed there solely to steal your information.