JPMorgan Test Will Ditch Cards To Let Consumers Pay with Palm or Face Instead (bloomberg.com) 90
JPMorgan Chase is planning to test new technology that would let consumers pay with their palms or faces at certain US merchants. From a report: The bank, home to one of the world's biggest payment-processing businesses, plans to roll out the service to its broader base of US merchant clients if the pilot program goes well, according to a statement Thursday. The pilot may include a Formula 1 race in Miami as well as some brick-and-mortar stores. "The evolution of consumer technology has created new expectations for shoppers," Jean-Marc Thienpont, head of omnichannel solutions for JPMorgan's payments business, said in the statement. "Merchants need to be ready to adapt to these new expectations."
JPMorgan is seizing on the rising popularity of biometrics technology, which uses unique body measurements to authenticate a person's identity. The technology is expected to account for roughly $5.8 trillion in transactions and 3 billion users by 2026, JPMorgan said, citing Goode Intelligence. Here's how it works: Customers enroll their palm or face through an in-store process. Then, at checkout, they scan their biometric to complete the transaction and get a receipt.
JPMorgan is seizing on the rising popularity of biometrics technology, which uses unique body measurements to authenticate a person's identity. The technology is expected to account for roughly $5.8 trillion in transactions and 3 billion users by 2026, JPMorgan said, citing Goode Intelligence. Here's how it works: Customers enroll their palm or face through an in-store process. Then, at checkout, they scan their biometric to complete the transaction and get a receipt.
Pay with Palm or Face (Score:5, Funny)
How about Facepalm?
Re:Pay with Palm or Face (Score:5, Insightful)
I guess their thinking is that people already do this every day, with their phones. Google Pay and Apple Pay both use biometric authentication, either fingerprint or 3D IR face scan.
Of course the difference is that only I ever touch my phone, not all the other icky people who need to pay for stuff, so I'll probably skip their palm reader. Face at least is non-contact, but I don't use face recognition for anything. Overall I can't see any benefit over just using my phone, which also helps hide my identity from the merchant.
Re:Pay with Palm or Face (Score:4, Funny)
JPMorgan is developing tactile facial recognition just for you. It works using the same principle blind people use.
Re: (Score:2)
Radar?
Re: (Score:2)
"JPMorgan is developing tactile facial recognition just for you."
Indeed, here's a photo.
https://www.reuters.com/resize... [reuters.com]
Re:Pay with Palm or Face (Score:5, Insightful)
Do they? I've used used such, and the INSTANT they demand such, THEY DIE and STAY DIED.
I can get a new card & new numbers. I CANNOT get new eyes or new hands.
Re: (Score:2)
What is the threat model though?
Your face was captured as you walked in the door on CCTV. Fingerprints are left on things you touch. Somehow that doesn't seem to have resulted in a massive amount of biometric based fraud.
Personally I don't like face unlock and wouldn't trust my bank with this, but biometrics have proven to be better than PINs for credit card fraud. So while you might have a good reason for not wanting to use biometrics (say you don't trust your partner and don't want them looking at your ph
Re: (Score:2)
Card plus face/palm biometrics is good. But the biometrics by themself is problematic.
Re: (Score:2)
If you can get past face recognition on my phone you still need my actual phone to make a purchase. If you steal my phone I can deactivate it and set up a new one and go on my way.
If the reader and logic is on some scanner that is in every store and you find a way to bypass it for my account I can't do anything to stop you... ever... as long as my palm print is tied to an active card, even if its a different card from the one I was using when you found a way to compromise it.
Reissuable (Score:3)
Overall I can't see any benefit over just using my phone, which also helps hide my identity from the merchant.
Plus, if anything goes really wrong, at worse, it's easy for you to get a new phone.
Whereas, if anything goes deeply wrong with JPMorgan, getting a new face or a new palm is slightly more complex [citation needed].
does not work. (Score:2)
yeah, nope, does not work.
How could you get a new phone to be able to pay again, if the credentials to pay your new phone are left on your old phone, that you cannot use ??????
Re: (Score:2)
Nobody pays with their fingerprint or the face scan. At least not directly.
Your credentials are stored locally, albeit, encrypted using the secure enclave/TPM device, which can only be unlocked using the fingerprint or face scan data. This only really works when you control/possess the device with the secure enclave and the fact that the fingerprint data never leaves your own device.
The level of trust this would require borders on stupidity.
Re: (Score:2)
Nope, I don't use any biometrics on my phone or other devices I own.
I have 3 words for them.
NO FUCKING WAY...
[eom]
Re: (Score:2)
All the merchant has to do is look through its record of transactions with the credit company and find the right one to know who you are. If you insist on remaining anonymous, use cash and make sure the security cameras don't get a good shot of your face.
Re: (Score:2)
Google Pay uses a single use token for the transaction, so that the merchant can't get your identity from it. I think Apple Pay does something similar.
Re: (Score:2)
"All the merchant has to do is look through its record of transactions with the credit company and find the right one to know who you are."
One of the reasons I use PayPal.
Re: (Score:2)
Yeah the thing I prefer about phone based payment is that even if the biometric portion is bypassed you still need my actual phone which has the registered card on it (or access to my card itself). If my phone goes missing I can do something to stop it from being used (remote wipe for instance) and set up a new phone with the same cards quite safely. But if someone finds a way to fool JP Morgans palm scanner it could be a month before I know my accounts are compromised and I can't do anything but disable
Re: Pay with Palm or Face (Score:1)
Its just another reason to build new digital infrastructure to avoid all of the undiscovered flaws that have yet to be found in the cloud software.
Especially for finance, healthcare, remote learning and remote government (online voting). It needs to be estab
Re: (Score:2)
What could go wrong? (Score:5, Insightful)
Biometrics are so secure. Also difficult to fake. What could go wrong?
Anyone want to buy a bridge?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:What could go wrong? (Score:5, Funny)
Re:What could go wrong? (Score:5, Funny)
This is why I advocate for Anus Recognition tech. It's a lot easier to keep private.
The correct term is colonic mapping, as in "we don't have your retina scan, fingerprint, or colonic map on file"
Re: (Score:1)
For reference, https://www.youtube.com/watch?v=g9Z4d5EOjGs [youtube.com]
Re:What could go wrong? (Score:5, Funny)
Salvador Dali, the surrealist painter, actually made many clay casts of peoples buttholes, and made the conclusion that an anus either has 35 or 37 folds/crevices but are very much unique in their own way.
"On occasions, he would ask female visitors to sit on a bed of moist clay with their buttocks parted, in order to take an impression of their orifices. He would subsequently frame the impressions, adding the names of the ladies in question. Supposedly -and this again demonstrates Dali's tirelessly investigative cast of mind - the anus has thirty-five or thirty-seven little creases which are as unique as fingerprints. He regretted that he could not account for the variation in number, but noted that it had nothing to do with social class, and that thirty-fives were as likely to be found among the aristocracy as among the working classes. Only the backsides of identical twins had exactly the same pattern and number of creases. He conducted experiments to substantiate his claim, and made the impressions of twins' behinds into candelabra."
http://www.all-art.org/art_20t... [all-art.org]
Re:What could go wrong? (Score:5, Funny)
Since slashdot is full of assholes I figure this would be interesting to readers:
https://www.nature.com/article... [nature.com]
"Our system also uses fingerprinting and a distinctive method of using anal creases (the distinctive feature of the anoderm, referred to here as analprint) as biometric identifiers to securely associate the collected data with the user’s identity."
https://mashable.com/article/s... [mashable.com]
Re: (Score:3)
Re: (Score:1)
I wonder what the goatse guy would think of this. I bet he would be very rich. Or at least well-known.
Re: (Score:2)
Merchants already pay a hefty cut for POS terminals, and many of them still don't handle NFC or even chip insertion, relying on classic magstripe swiping. Introducing Yet Another technology requiring them to replace expensive terms again will see limited adoption.
Thanks, no (Score:4)
This seems like a remarkably bad idea. What problem is this trying to solve?
Re: (Score:2)
What problem is this trying to solve?
Are you implying banking fraud is not a thing? I mean sure this won't solve it, but the problem it is *trying* to solve is quite obvious.
Re: (Score:2)
I'm sure it is, but as you note, this won't solve it. Won't even slow it down.
Re:Thanks, no (Score:5, Insightful)
Are you implying banking fraud is not a thing?
How does this reduce banking fraud?
Currently, I pay with my phone. To log into my phone, I enter a PIN or scan my face.
This new system removes the need for the phone, so 2FA becomes 1FA, which is less secure than what I have now.
Re: (Score:2)
Re: (Score:2)
Nobody cares who you are or what you’re buying, seriously. The surveillance cameras are good enough to read the serial numbers on your dollar bills.
Re: (Score:1)
Re: (Score:2)
What problem is this trying to solve?
The marketing team is trying to justify their bloated budget by putting out tech I am pretty sure no one is asking for.
Re: Thanks, no (Score:3)
Itâ(TM)s trying to solve the âoeproblemâ that the tech companies managed to wrestle control of payment processing out of their hands and they lost a bunch of user data.
Re: (Score:1)
This seems like a remarkably bad idea. What problem is this trying to solve?
Problem 1: Unacceptable people with unacceptable opinions [financialpost.com] can still spend money.
Problem 2: Ability to spend money in unapproved ways [npr.org] for anyone.
Re: (Score:2)
Yep, illegal actions can mean having funds frozen.
Me, I'm too poor to criminally harass people because other countries have requirements at their borders instead of working.
Re: (Score:2)
Re: (Score:2)
Peaceful ones.
Re: (Score:2)
Re: (Score:2)
For resisting registering in racist S. Africa or for resisting colonialism in Imperial India. I expect that if Canada gets occupied, speaking out against it will result in imprisonment or worse.
Currently, while the odd protester has been thrown in jail for contempt in not following a Judges order, things like getting off the road here, I'm not aware of any laws currently where simply peacefully protesting results in imprisonment, and generally the previous laws were also colonialism related. Natives getting
Re: (Score:2)
Re: (Score:2)
It’s a voluntary trial. I fail to see any harm or outrage in this. If you’re that worried about being tracked in public then you should probably ditch the phone completely, any credit cards with rfid, wear a full tint motorbike helmet and wear gloves.
Maybe it will work great, maybe it won’t. Who really cares?
What could go wrong? (Score:2)
Re: (Score:1)
Hmmm - just get a photo of someone? Or a hand print?
Modern face/palm recognition uses 3D and/or pulse detection.
Re: (Score:2)
Unintended consequences? (Score:3)
So, if in the old days, they would cut up your card if it was denied, what are they going to do if your biometrics are rejected? Is this going to be a Yakuza thing where I have to cut off a knuckle as penance for having bad credit?
All well and good (Score:5, Insightful)
In my dreams, it's always there (Score:4, Funny)
And he shall make all, both little and great, rich and poor, freemen and bondmen, to have a character in their right hand, or on their foreheads.
And that no man might buy or sell, but he that hath the character, or the name of the beast, or the number of his name.
Here is wisdom. He that hath understanding, let him count the number of the beast. For it is the number of a man: and the number of him is six hundred sixty-six.
Re: (Score:2, Troll)
Re: (Score:2)
Re: (Score:2)
What does Caesar have to do with any of this?
As I understand it:
The Romans fiercely penalized anything that looked like an attack on their control of their subject provinces, typically with slavery and/or death by crucifiiction. (It's what Jesus was executed for under Roman law - a trumped-up charge that he was claiming to be a previously prophesied figure who would liberate them from Rome.) This applied to writings criticizing Roman officials.
But Rome also had a policy of allowing subject peoples to reta
immanentize the eschaton ? (Score:1)
Re: (Score:2)
This is what I came here to look for....
April 1 is getting close (Score:2)
Really Now??? (Score:3)
Against the back drop of fancy ML toys being handed to the masses they want to go toward doing pure biometrics for payment authorizations?
WTF
We have already seen abuses of ML to fake out voice identification systems. Would anyone really be surprised if it turns out you can 'generate' a relatively small number candidate palm prints from a partial print or similar?
We really think people are not going to be able to capture a palm print and 3d print a flesh toned overlay prosthetic thing, that is thin enough pass any opacity expectations or thermal tests a scanner might do and be invisible to clerks who are not paying very very close attention.
Remember you can change your password or get a chip/card, much harder to change your palm print...
This seems like a really pretty bad idea.
Already been done. (Score:2)
We really think people are not going to be able to capture a palm print and 3d print a flesh toned overlay prosthetic thing, that is thin enough pass any opacity expectations or thermal tests a scanner might do and be invisible to clerks who are not paying very very close attention.
There has already been a proof-of-concept of this for fingerprint scanners: The target fingerprint was photo-etched on a PC board which was then used as a mold to make collodion(?) fingertip covers which fooled print-readers jus
Implanted chips would be better (Score:2)
Not that I want it either, but at least with a chip implanted in me, I can theoretically have it reprogrammed and/or removed if there is a flaw discovered in the implementation.
Its a real challenge to get a new palm or face. And how annoying would it be if you scraped up your hand playing basketball or in a car wreck and can't use it to pay for medical treatment or some other emergency issue. Soon we will have homeless people asking for money because they have plenty but a pimple is making their face scan f
Re: (Score:2)
Not that I want it either, but at least with a chip implanted in me, I can theoretically have it reprogrammed and/or removed if there is a flaw discovered in the implementation.
Its a real challenge to get a new palm or face. And how annoying would it be if you scraped up your hand playing basketball or in a car wreck and can't use it to pay for medical treatment or some other emergency issue. Soon we will have homeless people asking for money because they have plenty but a pimple is making their face scan fail so they "can't get gas to get home" or "feed their children" or whatever their reason to need money is.
"What do you think you're scratching?"
Date or coconut? (Score:1)
Either way, I think I'll pass.
Stores still get surprised at ApplePay... (Score:2)
I've had more than one store who either didn't know they were able to take payments through things like ApplePay, or worse intentionally disabled it because "that new fangled stuff is scary" (or even credit cards themselves!), so ignoring all the other issues with using my palm or face exclusively, it won't matter, because if these stores won't accept any of the very many much more secure payment methods, what makes JPMorgan think any of them will accept something like this?
A Palm or a Face? (Score:2)
I guess it's less than paying an arm or a leg, but I'd still prefer to pay with money instead.
Quit screwing around! (Score:1)
Biometrics = denied credit for lifetime? (Score:3)
https://www.schneier.com/blog/... [schneier.com]
So the Christians were right? (Score:1)
biometric security (Score:1)
once the face is the authentication by default everywhere, there is likely no privacy or free world
No thanks (Score:2)
These places already have enough of my information.
Someone wants to sell more hardware. (Score:2)
So instead of using the face or fingerprint scanners we already have in our pockets tied to established payment networks (ApplePay, Google Wallet, etc.) they're going to force merchants to buy yet-more payment terminal hardware that now has cameras and palm readers that only work with their payment network? And they'll still have to have the other payment terminals for anyone that doesn't bank with JPM Chase and thus doesn't have this biometric info attached to their bank account?
Seems like a winning strat
Re: (Score:2)
So ... they're going to force merchants to buy yet-more payment terminal hardware that now has cameras and palm readers that only work with their payment network?
Naw. They'll just create a standard, like they did with credit cards, mag stripes on credit cards, smart chips on credit cards, nearfield chips on credit cards, MICR type on the bottom of checks, etc.
If it catches on there will be plenty of vendors who will make compatible terminals, in order to stay in the point-of-sale-equipment game.
Another bad day for retail employees (Score:3)
Customer: Why isn't this working?!!! ... much drama follows ...
Retail employee: I'm sorry ma'am, there's a problem with your face.
You can pay us with your palms or your face! (Score:2)
Sounds like a Mafia level threat to me?
Re: (Score:2)
Sounds like a Mafia level threat to me?
Bigger Mafia-level threat: Do what we want or we'll up your face and hands so you can't access money.
Palm Vein Scan (Score:3)
They don't say which "palm" scan (article is paywalled). A surface palm scan is as useless, invasive, and dangerous as a fingerprint.
But a deep vein palm scan is different. It reads the unique pattern of blood vessels deep in the palm. That registration data cannot be readily abused. It can't be latently collected like DNA, fingerprints, and face recognition can. You have to know you are registering/enrolling when it happens. You don't leave evidence of it all over the place. When you go to use it, you know you are using it every time. It can't be "read" without near physical contact. And on top of all that, it is accurate, fast, reliable, unchanging, live-sensing, and cheap. If you must participate in a biometric, this is the one you should insist on using. Example: https://www.m2sys.com/palm-vei... [m2sys.com]
Still, it is not wise to use any biometric, even a good one, without "something you know" to go along with it- like a PIN code.
Wellp.. (Score:1)
Looks like its time to switch my bank.
bird is the word (Score:2)
Single unreliable factor ... (Score:2)
Biometric scans need to be very reliable, not give false positives, and not too many false negatives, and work reliably in retail conditions ....
But the technology is simply not up to this level of reliability - it will simply be a way to shift blame onto the consumer .... it matched you face so you were there and approved the transaction.... prove you were not there or there was no fraud
top (Score:1)