Pay with Palm - eviltoast

I can only see this going into a very dystopian path. Based on their actions, I don’t trust these companies, their security practices, nor their privacy policies. Why would I give them my biometrics? And my full palm, at that!? Hell no!

  • stevedidwhat_infosec@infosec.pub
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    16
    ·
    1 year ago

    Forget about privacy, this is just fucking dumb

    One point of failure that can’t be replaced if stolen?

    This won’t ever take off, and will most definitely die out quickly in favor of literally any other technique including just embedding an nfc chip and battery to your palm surgically. Which I probably still wouldn’t be thrilled about but

    • 𝕸𝖔𝖘𝖘@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      1 year ago

      I’ve see where you can pay with your fingerprint at some venders. It’s a similar concept, in terms of single point of failure. Regardless, I hope you’re right.

      E: **mostly right. I won’t embed anything in my skin for payments. CC or cash or phone NFC (and I don’t like that one for it’s security implications). That’s it.

    • Melody Fwygon@lemmy.one
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Who needs an NFC chip when you can just place a nail shaped NFC sticker on them and gel paint over them? We don’t need implantables; those could get copied anyways and cause the need for unnecessary surgeries to replace them as well.

      Buy the tags; apply them to your nails and paint them any color you want; pair them to your phone and use appropriate username + password + 2FA + Fingerprint combos to authenticate to your financial institution.

      Lost a nail? No big deal. The tags don’t carry financial data; they just provide a URI to the merchant; which can ping your phone/smartwatch and ensure that you are:

      • Present at the location.
      • Not too far away from pay terminal.
      • Have not signaled to your devices you are under duress. (Spoken keyword and/or excessively stressed biosigns)
      • Have not blocked spending by tap.