n9ik’s radio blog

According to a news article that I read this morning, a few Shell gas stations in the Chicago area are “testing biometric systems that let consumers walk up to the pump, scan their fingertips on a device and fill up their vehicles. The systems, also installed at Shell convenience stores, are directly linked to customers’ checking or credit-card accounts for payment.”

I’m going to have to think real hard about this one. The author of the article notes that “Shell officials note that the system is less susceptible to identity theft since it’s impossible to duplicate or steal a fingerprint.” Unless the pad where the finger is placed for it’s print to be “read” is designed appropriately (and I would not make that assumption), this is most patently false. It’s really not that difficult to “lift” a fingerprint from many surfaces. I know, because I’ve done it with my own prints when testing out a biometric security device to use on PC’s at a previous client. If these biometric kiosks are not designed appropriately, it would be a simple matter to get the fingerprint of the previous user, and if I’m observant and they’re careless, I’d probably able to watch them enter in a pin if that’s required. Never tried it myself, never will, but I know it’s easily done. At the very least, be sure to wipe the pad after you have your fingerprint scanned. Oh yeah. Don’t forget about the photograph that’s taken of you at the same time (at least by the station’s security system), as is done at ATM machines. Easy for the photo and fingerprint to be matched together in the transaction logs, which is good from a law enforcement perspective, anyway.