On Tue, Jul 08, 2003 at 12:16:36PM -0700, Major Variola (ret) wrote: > Authentication is "Something you have / know / are."
[..] > A picture glued into the card could be forged, but a > smartcard (with more data area than a magstripe) > could include a picture of the account holder, > so a thief has no idea what to look like. But the vendor can > check the encrypted smartcard face to the face on the phone > or webcam. For high-value remote transactions, where you > pay someone to check faces, this might be viable in a few years. > In a few years after that, machines might be able to check faces > more cheaply, as reliably. > > The live face-check with embedded digital photos is already standard > practice > on high-security building-entry cards (and passports?), > with the guard comparing the card-embedded face to the one before him. > Ubiquitous cameras will bring that face-check to remote transactions, > reducing cost due to lower fraud. > > Thoughts? How does it allow the merchant to view the picture while preventing the thief from doing so? Saying "it's encrypted" is, at best, sweeping a very large problem under a small rug. Who holds the key? How does the card or the user authenticate a real merchant vs. a thief posing as a merchant? Those are the hard problems. No one in biometrics has yet been able to solve them in a general way. Eric
