 |
| Iris scans for ATM card security Australian IT 12/10/02: Caitlin Fitzsimmons Original Link: http://australianit.news.com.au/articles/0,7204,5633467%5E15397%5E%5Enbv%5E,00.html AUTOMATIC teller machines of the future will have an iris scanner to verify identities, a security expert says. The skimming fraud that hit St George and other banks recently highlighted the insecurity of conventional magnetic stripe cards and the need to move to smart card technology sooner rather than later. VeriSign managing director Gregg Rowley says the security of the personal identification number (PIN) is also questionable. He says banks will move to smart cards over the next few years and biometrics will be the next step after that. "Biometrics - such as a fingerprint scan or iris or retina scan - will replace the PIN," Rowley says. "Most insecure is a magnetic stripe with a PIN, more secure is a smart card with a PIN and even more secure is a smart card with biometrics." Rowley says the iris scan is the best option because people will not want a laser beamed into their eyes for the retina scan, while a fingerprint reader will wear out and become dirty. Some ATMs in the US already use iris scanners, but are not widespread because of the expense of upgrading equipment. As ATMs became more functional - providing access to mortgage accounts, for example - the banks would allow higher withdrawal limits but demand greater security. Rowley says there is no such thing as 100 per cent security, but biometric technology is more secure than the PIN by "many orders of magnitude". The biometric data is usually split and stored in various locations to avoid creating a target for hackers. It is reportedly possible to fool some iris scanners by holding a photograph in front of the camera, but Rowley says the latest readers can detect this scam. The scanner matches a number of points on the iris and the algorithm can be changed to match different points if someone mimics your eyeball or - more realistically -- obtains the data needed for a match. Biometrics do not eliminate the possibility of robbers dragging victims at gunpoint to withdraw money from ATMs, but the banks will have the option of using sensors to detect stress. "It can sense if you're under stress - with the hand it's heat and with the eye it's jitters - and shut down," Rowley says. "But if it's a hot day and you've been running and you're hot and flustered and you go to the ATM to get money, it could think you're under stress and not let you in." Rowley says it may be more appropriate for the stress detection to trigger the ATM and take more photographs to investigate the incident later. The biggest hurdle is user acceptance, as many people don't want their biometric information stored by any organisation - private or government. Rowley says biometrics will probably be optional but they will enable more types of transactions, providing an incentive to sign up. It is possible to use iris scanners on eftpos readers as well, but it may not be necessary because of the limited number of transactions and lower withdrawal limits on that system. ------------------------------- PRISON PLANET.com |