biometrics
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Mon Jan 28 16:07:41 EST 2002
again, the issue is cost/benefit trade-off.
The current implementation of pin/magstripe .... allows evesdropping &
other techniques to efficiently electronically collect everything need
across a potentially extremely large number of different accounts ....
sufficient to perform multiple fraudulent transactions against each one of
them.
In the card/biometric example sited .... the water glass example is a total
red herring. the card has to be first stolen in order to perform a
fraudulent transaction. The claim is that it is more difficult & expensive
to fake a biometric lifted off the card than it is to fake a pin written on
the card (aka it is much more likely a fingerprint of interest can be
lifted from the stolen card). This is much more of a exploit than the water
glass red herring .... so the counter is how to make it more difficult that
a fingerprint lifted from the card could result in a fraudulent
transaction.
Sidney Markowitz
<sidney at sidney.com> To: Cryptography Mailing List
Sent by: <cryptography at wasabisystems.com>
owner-cryptography at wasabis cc:
ystems.com Subject: Re: biometrics
01/28/2002 10:47 AM
On Sun, 2002-01-27 at 14:07, lynn.wheeler at firstdata.com wrote:
> The issue then is that biometric represents a particularly
> difficult shared-secret that doesn't have to be memorized
Shared "secret"? People don't leave a copy of their PIN on every water
glass they use.
-- sidney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list