mother's maiden names...
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jul 15 06:42:57 EDT 2005
Ian Brown <I.Brown at cs.ucl.ac.uk> writes:
>Steven M. Bellovin wrote:
>>>Cambridge Trust puts your picture on the back of your VISA card, for
>>>instance. They have for more than a decade, maybe even two.
>>
>> One New York bank -- long since absorbed into some megabank -- did the
>> same thing about 30 years ago. They gave up -- it was expensive then,
>> and may not have solved any real problems. (Possibly, it simply didn't
>> fit their real purpose of attracting more customers.)
>
>They don't for example seem to reduce fraud -- shop staff don't compare
>the photo to the customer carefully enough:
>
>R. Kemp, N. Towell, G. Pike, "When seeing should not be believing:
>Photographs, credit cards and fraud," Applied Cognitive Psychology Vol
>11(3) (1997) pp 211-222.
For those who haven't seen this study, it's an important read (it's also been
re-published in a somewhat more accessible journal, perhaps it was CACM?).
What they did was send students into a supermarket with card photos of either
them, someone who looked vaguely like them, or someone who looked nothing like
them. Both the FRR and FAR were found to be such that the photo IDs were more
or less worthless for fraud prevention. Some banks over here started to
introduce photos on cards, but dropped the scheme based on this study and
other research which showed that it wasn't worth it: The photos were too small
to be useful, only customs & immigration staff and to a lesser extent police
have any formal training in matching faces to images, and your typical
minimum-wage checkout operator couldn't care less if the image matched or not,
their incentive was to move shoppers through quickly, not to check IDs.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list