Are your veins going to replace your PIN at the ATM?

Filed Under: Featured

ATM image courtesy of ShutterstockATM access has traditionally been about you inserting your bank card and then entering your PIN - but that may be about to change.

Cash machines being rolled out in Poland are using a different form of identity verification developed by Japanese electronics company, Hitachi.

The new cash points, set to appear in 2,000 locations around the country, take a new approach to biometrics.

The infrared scanner on one of these new machines will literally get under your skin as it scans the veins inside your finger. The light from the scanner is partially absorbed by haemoglobin in the veins and returns a unique pattern which can then be matched to an existing profile.

Hitachi spokesman, Pete Jones, talking about the use of veins as a means of identification, said:

They are a physiological feature that is established in the mother's womb. As the person grows, they remain the same. Even if someone becomes very overweight, all that happens is that the pattern scales up. We have been researching this technology for 15 years and found it to be very stable.

Such technology looks to be gaining in popularity, having already been installed in several countries.

Isbank, Turkey's largest commercial bank, had 3,400 Hitachi units installed by 2012 and Ogaki Kyoritsu Bank Ltd have employed a comparable system since September of the same year.

A similar technology has also been devised for shops in America.

Developed by Fujitsu, Biyo allows customers to pay for goods by placing their hand over a scanner which reads the veins under the skin of their palm.

The accuracy of vein identification appears to be extremely high with Biyo claiming:

The acceptance rate for a scanned palm vein pattern is 99.99992%.

The company also employs two factor authentication, a feature that would appear to be lacking from the use of the technology within the ATM framework:

We use your phone number as a second factor of authentication to make sure that your data is safe. Think of your phone number as your username, and your palm as the password. You won’t have to worry about people creeping over your shoulders to steal your payment information.

Despite the lack of two-factor authentication, cash machine users needn't worry about the consequences of having their fingers cut off by criminals looking to access their bank accounts – Biyo helpfully points out that one limitation of such scanners is the requirement of blood flow through the particular veins that are being scanned (so it would still be advisable to pay attention to who is behind you at the cash point).

Even so, such technology does not represent a silver bullet in terms of eradicating all types of ATM fraud.

We should not forget that cash dispensing machines are, at their heart, computers, so enterprising individuals and criminal organisations alike will always being looking for new ways to hack them.

Naked Security readers with good memories will remember the late Barnaby Jack and his demonstration of 'jackpotting' at Blackhat Las Vegas in 2010 which highlighted how an ATM could be remotely manipulated into dispensing a given amount of money.

And earlier this month the Daily Mail reported how Maxwell Parsons created a program that allowed him and his gang to circumvent card limits and reverse ATM and Chip-and-PIN payments.

Image of ATM courtesy of Shutterstock.

, , , , , , ,

You might like

7 Responses to Are your veins going to replace your PIN at the ATM?

  1. Ben T · 468 days ago

    How long until we hear the story about someone defrauding banks using severed fingers?

    • Paul Ducklin · 468 days ago

      As mentioned above, it seems that blood circulation is required to make the technology work.

      • Steve · 468 days ago

        Unfortunately, the sort of thug that would sever digits for a cash advance is not likely to keep up with Naked Security.

        • Paul Ducklin · 467 days ago

          Crooks tend to know what works and what doesn't, though. Surely a thug who would be willing to cut off your finger in the hope of doing one withdrawal would instead simply compel (impel?) you to withdraw the cash yourself and hand it over...along with your card and PIN, perhaps?

  2. Sizzle Bizzle · 467 days ago

    What about if you used your big toe?

  3. Ed · 467 days ago

    What I wonder about is whether a cut or scar could affect the reading, so as not to match the original scan.

    • Paul Ducklin · 466 days ago

      Don't veins rearrange themselves to sort out blood flow problems, especially after injuries? If one gets blocked or damaged, another one takes over the load, or something vaguely like that?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Lee Munson is the founder of Security FAQs, a social media manager with BH Consulting and a blogger with a huge passion for information security.