After I wrote my idea about protecting your biometric data, Larry Hollowood the CSO of Pay By Touch, the company that I used as an example, left this comment:
"Jewel-Osco does not keep a record of the fingerprint. As a matter of fact, no merchant that uses the Pay By Touch payment system has access to any biometric information. All biometric data is securely encrypted at the point of sale…"
Thanks for the comment Larry, it was helpful and insightful. And while I hate to pick on your business idea further, let me elaborate on why I still think this is a bad idea, and explain the only way of doing biometric authentication that would be acceptable to me.
The question I posed back to Larry, and which I haven’t gotten a response to yet, is whether that encryption at the point of sale is reversible or not. If it’s not a one-way hash that can’t be turned back into my fingerprint by someone at the other end, I don’t really care if it’s encrypted or not because there’s always a possibility that it could be compromised. Since my fingerprint can’t be reset, that’s an unacceptable risk to me.
Even if it were using a one-way hash, the fact is that the biometric authentication device is a black box to me: I have no idea what’s going on 
behind the scenes. If they were to change their policy and store fingerprints unencrypted at the point of sale, they could make the change without anyone knowing about it. Even if they made an effort to publicize the change, I doubt I would notice in the sea of phone calls, emails, IM’s, and junk mail that gets blasted at me every day.
There’s only one scenario that I’ve been able to envision where biometric authentication would be completely secure to make a point of sale purchase. It involves the use of the personal servers which I’ve been talking about lately. Here’s how I see it working:
- After the checkout is complete, I tell the merchant my personal server address "My address is jasonkolb.com"
- The merchant sends a request for payment to jasonkolb.com.
- I receive a notification of the request for payment on my personal server which has integrated biometric authentication built-in. "Jewel-Osco in Plainfield, IL has submitted a request to charge you $38.75. Would you like to authorize the transaction?".
- I can then choose to accept or reject the request. If I choose to authorize it, I verify my identity with my own personal server using biometrics. "Verify your fingerprint to authorize the transaction."
- After verifying my identity and authorizing the transaction, I can choose which account to use to send the money.
- After sending the money, the merchant system would receive a notification that the payment has been posted. This would be forwarded to the point of sale where the receipt would print, the cashier would give it to me, and I’d go on my merry way.
As you can see, this doesn’t involve me giving my biometric data to anyone. It’s only used on my personal server, which only uses it to ensure that I didn’t drop the server somewhere and somebody else is trying to go on a shopping spree with my money. All of the actual transacting takes place in the cloud, there’s no need to exchange anything with the merchant besides the receipt.
Part of the 60 Ideas in 60 Days series. Click here for the rest of the ideas.
