In Japan, tourists will soon have their fingerprints scanned when they enter the country. That’s not new–it happens to everyone who visits the U.S., too. The difference here is that in Japan, you will then be able to use your fingerprint to pay for things.
The project is a trial, and the convenience of fingerprint payments is clearly a sugar coating on the other security-related reasons for biometric data collection. According to the Japan News, the Japanese government wants to have a fully functioning biometric collection system in place for the 2020 Olympics.
It works like this: Tourists can register both their credit cards and their fingerprints upon arrival at an airport. They can then use fingerprint readers in participating stores to pay for goods and services. For now, 300 shops and hotels in popular tourist areas will participate, says Japan News, and will be gradually expanded.
Of course, even the convenience of shopping without a wallet won’t be free. Tourists will also be tracked for commercial benefit–helping the tourist industry and government analyze visitors’ movements and spending habits.
The problem is that fingerprints aren’t even a good biometric ID. They may be unique, but they are far from secure and have the added problem that you have to hand over a unique identifier to a government agency.
“Biometrics are easy to steal,” says security writer Bruce Schneier. “You leave your fingerprints everywhere you touch, your iris scan everywhere you look. Regularly, hackers have copied the prints of officials from objects they’ve touched, and posted them on the Internet. We haven’t yet had an example of a large biometric database being hacked into, but the possibility is there. Biometrics are unique identifiers, but they’re not secrets.”
Better, says Schneier, is a system that uses your fingerprint to unlock your cellphone, which then authenticates you. This requires two things: your phone and your fingerprint, making it harder to spoof.
The other problem with using a fingerprint for payment is that you’re stuck with it. “Passwords can be changed, but if someone copies your thumbprint, you’re out of luck,” says Schneier. “You can’t update your thumb. Passwords can be backed up, but if you alter your thumbprint in an accident, you’re stuck.”
If somebody steals your credit card number, it can be canceled. Try that with a fingerprint. And that’s before we even get started with movie-plot crimes where criminals lop off fingers to steal your ID.
Fingerprints and other biometrics are useful ways to ID people, but we should be careful about how we use them, and an individual should retain control over their own prints, perhaps by using a your own fingerprint scanner in your phone. We don’t want to end up with fingerprints being like antibiotics–so overused that they become useless. Imagine if the Japanese government’s fingerprint database were hacked. The entire payment system would collapse, with no way fix it.