How South Africa’s new fingerprint payment standard will work

mister

Executive Member
Joined
Jul 21, 2008
Messages
8,354
Should your fingerprint not work, your bank or other issuer will be able to allow your card to fall back to PIN.

As with chip-and-PIN cards, if the chip or reader is damaged and your PIN can’t be verified, the bank may allow you to fall back to signature authentication.
So another waste of time?
 

FaSMaN

Expert Member
Joined
Mar 24, 2010
Messages
1,631
After watching the Mythbuster episode on finger print security, I am now highly suspicious about it....

I would prefer it if they gave there members the choice not to have a mag stripe or RFID embedded in the card, just chip and pin, that would stop 99% of the cloning as most of it seems to be focussed on the mag stripe and newer attacks involve small transaction over the RFID (tap and pay) system.
 

access

Honorary Master
Joined
Mar 17, 2009
Messages
11,107
seen many labor guys with hardly any or no finger print.

seen mythbusters beat the liveness detection.

this idea seems dumb.
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
16,538
So basically retailers/banks/owners of pos now have to rollout add-on hardware(or complete new pos) + software to use the fingerprint (on pos device, retail pos app maybe and also maybe switch).. yah i don't see this happening unless a mandated support deadline especially when in retail all they just want faster checkout.. i.e. contactless is/was a win.

I wonder how the pension card system is going as they use biometrics(actually makes sense for really old people).

Another thing.. what some banks in the US have started doing is using the iPhone for 2-factor auth where auth is requested via fingerprint. This gets around people needing to use a public biometric reader. I like this kind of auth though it does mean it requires pos and phone to be online with minimal latency
 
Last edited:

Underworld

Well-Known Member
Joined
Jun 11, 2008
Messages
141
South Africa with it's high crime rate you will definitely start seeing many more corpses without fingers.....
 

Rocket-Boy

Executive Member
Joined
Jul 31, 2007
Messages
8,497
I wonder how the pension card system is going as they use biometrics(actually makes sense for really old people).
I know someone who worked with the payouts and they were able to just rub their finger up and down when a pensioners fingerprint didnt work. Apparently the readers were completely useless.
 

HavocXphere

Honorary Master
Joined
Oct 19, 2007
Messages
31,628
I'm very much attached to my fingers. Would rather not part with them should a tsotsi decide to rob me...

Besides, they'll need to support pin & chip anyway for international cards....and magstripe for US cards.
 

maumau

Honorary Master
Joined
Aug 13, 2009
Messages
15,704
From the article:

"To guard against criminals stealing your fingerprint, or cutting off your finger, PASA said it will require liveness detection on readers used in South Africa."

Had to laugh.
 

freddster

Expert Member
Joined
Dec 13, 2013
Messages
2,471
South Africa with it's high crime rate you will definitely start seeing many more corpses without fingers.....
exactly what I thought. People don't have second thoughts of killing someone, cutting fingers off would be quite natural. Draw the money and use said fingers for muti. Two flies with one swat.
 

freddster

Expert Member
Joined
Dec 13, 2013
Messages
2,471
From the article:

"To guard against criminals stealing your fingerprint, or cutting off your finger, PASA said it will require liveness detection on readers used in South Africa."

Had to laugh.
Why, you can detect a pulse from your thumb, exactly the reason why you don't use your thumb when checking for pulse in the neck.
 

krycor

Honorary Master
Joined
Aug 4, 2005
Messages
16,538
I'm very much attached to my fingers. Would rather not part with them should a tsotsi decide to rob me...

Besides, they'll need to support pin & chip anyway for international cards....and magstripe for US cards.
Wonder how long before magstrip disappears and how, if it does, the payment card will change. For me, it seems pretty obvious that the card maybe disappearing in the distant future with the Phones hosting the tokens once ownership of the wallet is overcome. But yah.. gonna be interesting as once the US stops supporting magstrip it will disappear fast and the card size will be changeable along with more support for virtual cards or card of cards.

Also curious if, when(it's going to happen) the phone becomes the new wallet, the payment module will be separately powered or rfid like(powered by payment device) such that it's independent of phone power(such that offline works).
 

Vice

Expert Member
Joined
Aug 8, 2005
Messages
1,134
This war won't be won any time soon. All measures seem to fall short :crying:
 

system32

Expert Member
Joined
Dec 29, 2009
Messages
3,595
Would like to see how the "liveness detection" is going to work.
The "liveness" of my arse wiped finger germs will spread to your finger.

This sounds like a health issue.

Just thinking of where the previous person's finger has been makes me sick.
 

P924

Expert Member
Joined
Jan 18, 2010
Messages
2,346
How well will a fingerprint system work with a lot of bad hygiene and therefore a card machine that remains permanently dirty from unwashed hands, dust etc?
This is no differrent from a machine that requires a pin, unless you wear gloves.
 

squid66

Well-Known Member
Joined
Feb 27, 2009
Messages
128
So another waste of time?
Yes security is only as strong as the weakest link, so a chip fail can be easily simulated and you are at the mercy of the mag strip scanner merchants. God forbid they allow fallback to Zipzap and signature, who does that nowadays?!!

Also, fingerprint scanning (even at max level, not the lower grade level used for access control) is not security. Its can be an ancillary method of identification (or one of a series of multifactor 'passwords') but does not contain sufficient entropy to cater for the size of population requiring a unique password. Its strength is in its ease of use (quick presentation and processing) and portability (you always have your fingers on you...hopefully) which has to be weighed against the less than ideal security and targeted population group. Limit the group size (and perhaps regionalise the groupings) and you just might get away with fingerprint based security.
 
Last edited:

maumau

Honorary Master
Joined
Aug 13, 2009
Messages
15,704
Why, you can detect a pulse from your thumb, exactly the reason why you don't use your thumb when checking for pulse in the neck.
I was getting at the idea of corpses without thumbs, not questioning a pulse in the thumb.
 

daffy

Expert Member
Joined
Jun 24, 2004
Messages
1,130
Well that's a step backwards.
Fingerprints = PINs you can never change.
 
Top