Apple's fingerprint scanner may be the biggest leap in payments since the C-Card

This fingerprint sensor and its potential use for payments is rather disturbing to me. I am (rightly, I would argue) apprehensive about general purpose computers acting in a &quot;trustworthy&quot; manner. I hope that this fingerprint sensor, which undoubtedly will be incorporated into authentication for payment systems, doesn&#x27;t usher in a future of reliance on a fundamentally untrustworthy device. I really, really worry that the banks will jump on this as a way of limiting their fraud liability. (I&#x27;m thinking about how chip and PIN has been cited as a way to move fraud liability to the consumer.)<p>To dumb it down: I&#x27;m envisioning a crappy future where you&#x27;ll end up with fraudulent charges on your credit card (via your Apple account) that you can&#x27;t contest because the credit card company will say &quot;Hey-- your fingerprint was used to authenticate this charge. Therefore you did it.&quot; I don&#x27;t think that line of thinking is too cynical.<p>No quantity of assurances from Apple about how the fingerprint reader will be &quot;firewalled&quot; from third-party access will convince me. If the hardware and software were opened up for third-party analysis I might be convinced, but I really don&#x27;t think that&#x27;s going to happen.<p>This fingerprint reader amounts to a complex hardware and software system with a lot of moving parts. It <i>will</i> have exploitable bugs and <i>will</i> be hacked. I think it will ultimately used to defraud, too. Thinking about the mass harvest of fingerprint data from the public by an attacker (like, say, the NSA) also gives me the willies. Will it be possible for an attacker to steal fingerprint data and use it to compromise other biometric authentication systems? Will it be possible to use stolen fingerprint data to plant your fingerprints at a crime scene? How do you recover from the theft of biometric data? Are you issued a new thumb?<p>To be clear: I <i>hate</i> the current system of &quot;secret numbers&quot; embossed on plastic cards and encoded on magnetic stripes as a way of authenticating payments. At least, though, the plastic cards aren&#x27;t battery-powered general purpose computers with radios attached to them. Bad as little bits of plastic and &quot;secret numbers&quot; are, my credit cards themselves can&#x27;t betray me. A phone (or other sufficiently complex computer system) acting as my payment token most certainly could (and will).<p>As an aside: I don&#x27;t have any RFID-chipped credit cards, nor will I. When I end up having no choice in the matter I&#x27;ll microwave the cards before using them.

I think security via fingerprint may be a mistake. What happens if someone gets a copy of your fingerprint, what do you do for security at that point? get a new fingerprint? The NFC Ring is a better idea than fingerprint security. i think the idea will fall short of good security quickly. This is all speculation, and I am by no means an expert on security.

That&#x27;s a pretty smart argument, must say I agree and it&#x27;s along the lines of a train of thought I had afterwards. It&#x27;s all about friction, and how they can minimise it, take the iTunes Store for example and how people used it. We know they sell a lot of music through it, most likely to people who pirated because who wants to buy a CD and rip it, and make sure it has the right tags and art when it&#x27;s there for a reasonable price. They decreased the friction and it paid off. They did it again with the App Store, and created an ecosystem that allowed a cottage industry for indie developers that only vaguely existed 8 years ago.<p>Apple excels at reducing friction for users to achieve what they want to achieve, I wouldn&#x27;t be surprised if they had this in mind even more so than improving security.

Fingerprints aren&#x27;t changeable and they&#x27;re not really secrets. Security fail. They are good for things like tracking convicts or parolees or DRM shackled users which are usage scenario were you don&#x27;t want people to be able to change their identifier but that&#x27;s about it. Also there&#x27;s no distinction between the identity and a password. It&#x27;s the same mistake made with SSNs.

I don&#x27;t know why people think Apple will i) add NFC support to iPhone or ii) enter the payments space.<p>- iBeacons are much more versatile than NFC and Apple owns and drives the specification.<p>- CC processing is a ultra-low margin business and there are other more lucrative markets they should address before considering payments.

I doubt that will happen because PIN&#x2F;card number is more secure, if somebody stole your PIN or card you can just get a new one, but once somebody stole your fingerprint data - you pretty much are a target for fraud to the rest of your life.

I can&#x27;t believe it took this long and it was left to Apple to &quot;innovate&quot; on this. Adding a fingerprint scanner to every keyboard and mouse has been a no-brainer for at least a decade. The scanners cost $10! And adding them to smartphone and tablets should have happened from the get go. We&#x27;re talking orders of magnitude in simplification of security. And its dead obvious. So what the hell took so long? And why does it take Apple to finally do it?

Keep in mind this fingerprint scanner is only shipping on ONE of the two devices announced today. For this to be the payments&#x2F;security game-changer the OP is suggesting, it has to be widely available to the public, which Apple opted out of by not including it on the &quot;value&quot; iPhone 5c.<p>Until every mobile device Apple ships has this built in, I think this falls a bit more in the category of a novelty... at least for the foreseeable future.

Not just that, I can&#x27;t wait to see what else Apple has in mind for this thing. I&#x27;ve been waiting for the day where my phone&#x2F;mobile device is the thing that logs me into Facebook, Google, et. al., and not a stupid password that&#x27;s auto-generated anyway. It&#x27;s really hard to crack your password when you don&#x27;t have one! And who&#x27;s going to &quot;hack&quot; my fingerprint??

I can type my password quicker than I can get a fingerprint reader to work. I dont get it really. I dont want one password for every site on the internet - which is what a fingerprint would be.<p>I had a fingerprint reader on my last leptop and it was a novelty. Apple inventing stuff that has already been invented since the mp3 player - but unfortunately getting massive amounts oof uptake.

will Android platforms move to similar technology or find an easier way through NFC to make mobile payment security relevant

I wonder, are there some kind of hashes for fingerprints or one should store the whole fingerprint in order to reliably match it with another one?

No.