The Biometric Wallet
One of the most notorious ATM scams in Japan started at a posh golf club in the green hills of Gunma prefecture. In 2004 a ring of thieves that included a club employee installed tiny cameras in the club’s locker room to record members typing in their four-digit locker codes. Then, while the golfers were out on the links, the thieves opened the lockers and used “skimming” devices to copy data off the magnetic stripes on club members’ bank cards.
The crooks transferred the data onto the mag stripes of blank cards. Then they started testing those cards in ATMs, checking to see how many of the golfers had used the same four-digit number for both their locker codes and their bank personal identification numbers (PINs). The answer: plenty. By the time the police arrested seven members of the gang in January 2005, the crooks had stolen more than 300 million yen (nearly US $4 million) from more than 300 victims.
In an orderly society like Japan, the busting of an ATM-theft ring was big news. And the 2005 golf-club case was one of 801 instances of ATM crime that year—an astounding jump from just 90 in 2003. Shocked by such a rise, the Japanese government demanded that banks find ways to combat ATM fraud and ordered them to compensate victims from their own coffers. The banks turned to the country’s high-tech firms for help, and both Hitachi and Fujitsu came forward. The answer, they said, was already in their hands.
Put one of your hands in front of a bright light and you’ll see a web of blue veins snaking up across your palm and into your fingers. That delicate lattice of branching blood vessels is unique to you, just like the striations in your irises or the swirls of skin on your fingertips. Hitachi and Fujitsu have been working for years to commercialize technologies that identify people by their vein configurations.
Now, thanks to their biometric systems, about 80 000 ATMs in Japan are as close to being theft proof as it’s currently possible to make them. They’ve worked so well that the technology is now rolling out worldwide: Major banks in Brazil, Poland, and Turkey have recently integrated Hitachi and Fujitsu’s vein scanners into their ATMs, with more to come. In Europe, ATM theft from skimming and other fraud added up to €23 million in the second half of 2010, according to the European ATM Security Team. In the United States, where the simple and relatively insecure mag-stripe card still predominates, ATM fraud and theft is generally assumed to be a far larger problem. Exact figures for global losses are impossible to come by, but Robert Siciliano, an identity theft and fraud expert with the security company McAfee, says that at least $1 billion is lost every year.
Eliminating ATM theft would be impressive enough, but backers of biometrics have grander plans. A few banks are doing away with PINs, while one bold bank in Japan is preparing to let its customers ditch their bank cards. These advances are pushing us toward researchers’ most ambitious and futuristic visions, where you’d be able to buy a candy bar or a shirt from a shop just by flashing your hand at a sensor. Such a scheme is still sci-fi for now, and the technical challenges of such a biometric-pay system would dwarf those of ATM-card authorization. But the fact that engineers are starting to tackle those challenges is yet another sign that we’re approaching another milestone in human culture: a new level of abstraction in the centuries-old virtualization of money.
Ranks of squat gray ATMs fill a sixth-floor testing room in the Bank of Kyoto’s central operations building. To get into this sanctum, visitors must swipe their temporary security badges at no fewer than six gates, and they’re allowed to take in nothing but a pencil and paper. Here the bank’s technologists test new applications and security software for their more than 1000 ATMs in and around Kyoto prefecture.
Yuji Kitayama, a managing executive officer of the Bank of Kyoto, ushers his visitors toward the ATMs, which are outfitted with Hitachi’s finger-vein scanners. To cope with the ATM fraud epidemic, Kitayama says, Japanese banks all began moving from magnetic-stripe bank cards to “smart cards” with embedded microchips. But the Bank of Kyoto wanted additional security to protect its customers, and its reputation—hence the finger-vein readers.
It’s not the showiest technology, but that’s a plus. The biometric unit is easily integrated into the machine, and customers don’t have to radically change their behavior. After you insert your bank card, you get a screen prompt to place your finger in a plastic notch built into the ATM. Near-infrared light shines from both sides of the notch, and a camera below records the resulting image of the veins in your finger, which is compared to your registered template. If it’s a match, the screen displays a confirmation within one second and you can type in your PIN and continue with the transaction. The Bank of Kyoto began the biometric program in 2005, and so far about one-third of its 3 million customers have enrolled in it.
Kitayama explains that once the bank decided to add a biometric system, it methodically compared the possible technologies in terms of security, accuracy, and ease of use. Besides vein readers, other options included fingerprint scanners and voice, face, and iris recognition. A fingerprint reader might have seemed like the obvious choice: The technology is very mature, and fingerprint scanners are cheap and simple to use. The problem is that they’re not secure enough. “Fingerprints are easy to fake,” says Kitayama. The techniques for lifting prints from surfaces are known even to armchair detectives, and sophisticated crooks can make copies of a print in silicone or rubber.
And if all else fails, hardened criminals have been known to snatch the real fingerprint along with the finger. In a notorious case in Malaysia several years ago, a gang of thieves sliced off a man’s finger in order to steal his Mercedes, which used a fingerprint-recognition system for ignition. Such a possibility could make it difficult to get customers on board. “The bank doesn’t want to create a dangerous situation for customers,” as Kitayama delicately puts it.
Voice- and face-recognition technologies are cheap and easy to use, but nowhere near ready for prime time: A head cold or bad lighting can destroy their accuracy. With iris recognition, a camera examines the intricate microstructures in that part of the eye. Such systems are fairly secure and extremely accurate, but they require users to carefully position their heads and keep their eyes open. This authentication process is also too slow for busy bank customers who want to get cash and get on with the day, Kitayama says.
Vein readers, on the other hand, are fast and accurate. “Finger veins are also very difficult to steal,” Kitayama points out. Even if a thief were to hack off your hand to fool a vein scanner, he’d have to keep all the blood inside your severed appendage to make it work.
Both Hitachi's and Fujitsu’s systems operate on the same basic principles. The blood flowing through your circulatory system contains the protein hemoglobin, which carries oxygen from the lungs and deposits it in tissues throughout the body. The blood that returns to the heart through the veins contains deoxygenated hemoglobin, which absorbs light in the near-infrared part of the spectrum. The rest of the tissues of the hand, however, allow the infrared light to pass through. So shining near-infrared light on a hand creates an image with shadowy lines where the veins absorb the light.
The two companies’ systems differ in the part of the hand they shine light on—Hitachi picked the fingers, while Fujitsu chose the palm. They also use different lighting methods, with Hitachi transmitting light through the fingers and picking up the resulting image on the other side. Fujitsu bounces light off the palm and uses a sensor to record the light that the veins don’t absorb, which is scattered through the palm.
At Hitachi, this technology originated in the company’s medical-imaging research labs. It then caught the interest of Hitachi’s financial services division, where analysts thought it could be useful for banking. But the images produced by the medical team’s cameras weren’t distinct enough to reliably identify individuals, so the challenge finally landed in Hitachi’s image processing group. Could they turn this research into a useful product?
At the verdant campus of the Hitachi Central Research Laboratory, on the outskirts of Tokyo, biometric chief researcher Akio Nagasaka illustrates the challenge. He projects an image, faintly mottled, of a ghostly gray finger laced with veins on a screen. “The distribution of brightness on the images tends to be uneven,” he says, pointing to thicker parts of the finger that create areas of darker gray. “Typical image-filtering methods are not enough to extract vein patterns,” he says.
Nagasaka is cagey about how his team solved the problem—this is proprietary technology, after all. But the journal articles that he and his colleagues have published suggest that they didn’t use the method typically used in fingerprint analysis, which compares tiny, distinct features in the print pattern (they’re actually called “minutiae”). Instead, to cope with the ghostly, grayscale image, the Hitachi team devised a line-tracking method [PDF], in which a software program scans the digital image for dark spots and then tries to follow them, pixel by pixel, to see if they form lines. When the program has done that enough times, it yields a pattern of veins.
The team has worked to miniaturize the optical system with a CMOS sensor that collects the image; the next-generation sensor they’re working on is 15 millimeters long by 10 mm wide, about the size of a woman’s thumbnail. The other breakthrough that made the technology commercially viable, Nagasaka says, was the construction of an open-top unit that shines the light on both sides of the finger, with the CMOS sensor below the finger. The banks viewed this module as more user friendly: “You see where you’re putting your finger, and you know there’s no chewing gum in there,” explains Nagasaka.
Besides cleanliness, another serious concern was privacy. Surveys showed that customers didn’t like the idea of a bank holding their biometric identifiers in a database. Also, if hackers ever infiltrated that database, the biometric experiment would be over for good for those customers whose accounts were compromised—they couldn’t be issued a new set of veins. So Hitachi devised a system called match-on-card, in which the customer’s bank card stores the biometric template, and the image taken by the sensor in the ATM is matched to the one on that card. Fujitsu uses a similar system, so customers’ biometric information never leaves their control. If the card is stolen, even the most sophisticated hackers would have trouble accessing the biometric data. That’s because the cards are configured only to accept incoming data from the ATM’s sensor, not to transmit data to an external machine.
Will we ever get to a day when we can ditch our bank cards, credit cards, debit cards, store-loyalty cards, PINs, drivers’ licenses, and even money itself—when our vein patterns can be our de facto wallets? Such a move would revolutionize commerce and be fantastically convenient for consumers. Researchers contacted for this story generally furrowed their brows and said such a day is far away. Nevertheless, work now being done at Fujitsu Laboratories looks an awful lot like the first step toward that distant future.
At the lab’s Kawasaki headquarters, biometrics research manager Takashi Shinzaki pulls out a boxy device a little larger than a hand. He holds his hand over a notch in the device while pressing three fingers to a green, glowing plate; this allows a tiny sensor in the notch to collect his palm-vein data, while sensors in the plate simultaneously collect three fingerprints. Fujitsu unveiled this “multimodal” system last year.
Such a complicated system isn’t necessary at the ATMs that currently use vein biometrics. Those systems rely on one-to-one matching, where the data from the sensor is compared only to the one template stored on the user’s bank card. That’s a relatively easy challenge—the system is just verifying that you are who you say you are. But if you want to do away with bank cards and PINs or use biometrics at the grocery store, you need a system that can compare a customer’s data to the templates for everyone enrolled in the program. This is known as one-to-many matching, and it’s a much harder challenge. Here, the system has to quickly and accurately acquire your biometric data and then—having no idea who you are—zero in on the one matching template in a database containing millions of possibilities. And it has to do that in a second or two.
Fujitsu has made impressive progress of late. At Fujitsu Labs, Shinzaki’s software program sorts through the 5 million templates that are stored for testing and correctly identifies him in 1.34 seconds. “We’re working on a system for 10 million people now,” he says proudly.
Shinzaki explains how the system gets such quick results: It merges the data from each of his three fingerprints with his palm-vein data and discards all the templates that show a big dissimilarity to any of the fingerprints or the palm data. “With this preselection process we quickly narrowed down from 5 million to 10 000 possibilities,” he says. Then a slower, more accurate matching program carefully compares Shinzaki’s data to the remaining templates to identify him. This process relies heavily on parallel processing, with the matching tasks portioned out among seven servers at Fujitsu Labs.
Technology isn’t the only challenge here. Banks and customers both need a lot of reassurance before they’ll agree to entrust their money and biometric details to a futuristic system. All the banks that have adopted biometric systems currently use one-to-one matching; a few intrepid banks, in Turkey and Brazil, have gone so far as to do away with PIN codes. But now one Japanese bank is preparing to take the final leap into a brave world of card-free money withdrawals. In September, the Ogaki Kyoritsu Bank will introduce an ATM system that uses Fujitsu’s technology. Customers who enroll will have no ATM card; instead they’ll use birth date, palm, and a PIN to access their accounts. In exchange for this convenience, customers have to give up some privacy, because the absence of a bank card means that all those customer templates will be stored in a central database.
Such systems may gradually become more common, the researchers say. At Fujitsu, Shinzaki notes that Japan’s triple disaster of 2011—earthquake, tsunami, and nuclear accident—displaced more than 300 000 people, many of whom ran out of their homes in terror for their lives. “Many people lost their cash cards, and they had no identification,” Shinzaki says. “If there was a bank service without ID that used only biometric data, the bank could have continued to provide access for their customers.”
The Japanese banks did help their customers, Shinzaki adds, even those who could show no identification. “Many banks provided up to 100 000 yen,” he says. But in the chaotic aftermath of the disaster, a few unscrupulous people went to the banks and managed to get money they weren’t entitled to. A vein-only ID system would have quickly sent those scam artists packing.
If the wider adoption of biometrics depends on convincing banks, this kind of protection against scam artists may be the best selling point. And with Fujitsu and Hitachi both striving to offer faster and more reliable matching, the Japanese may become the first people in the world to let their wallets be part of them, their own flesh and blood.
This article originally appeared in print as “Blood and Money.”
One of the most notorious ATM scamsRanks of squat gray ATMs Both Hitachi's and Fujitsu’s systems Will we ever get to a day