Are Biometric Passports "Good" or "Bad?"
#31
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
While these clearly belong in the credit card forums, this isn't quite accurate.
Chip & PIN is significantly more secure than the mag stripe system. Not sure why you'd argue otherwise.
It's extremely easy to clone a mag strip card; exceedingly difficult (not going to say impossible, but it has yet to be done) to clone/skim a chip card. Add to that that mag stripe cards give over unencrypted data allowing man-in-the-middle attacks whereas data breaches with EMV cards are pointless as they'll only capture a one-time token.
As for asking for ID, that goes against Visa/MC policies, not to mention that if the card is cloned as opposed to stolen (which most fraud is), they'll print a card with a name to match the ID...
Chip & PIN is significantly more secure than the mag stripe system. Not sure why you'd argue otherwise.
It's extremely easy to clone a mag strip card; exceedingly difficult (not going to say impossible, but it has yet to be done) to clone/skim a chip card. Add to that that mag stripe cards give over unencrypted data allowing man-in-the-middle attacks whereas data breaches with EMV cards are pointless as they'll only capture a one-time token.
As for asking for ID, that goes against Visa/MC policies, not to mention that if the card is cloned as opposed to stolen (which most fraud is), they'll print a card with a name to match the ID...
Visa/MC merchant policies in the US are not all the same as those outside the US.
I'm not arguing that Chip+PIN may be relatively less secure than non-chip+PIN cards, but I'm stating that they are not as secure as some may believe them to be and that they create some additional risk for some innocent people.
And biometric passports also create some additional risk for some innocent persons.
Swiped PINs can be a problem. And swiped biometrics can be a problem. In both cases, they have already led to some problems.
Data breaches with EMV cards are not pointless. The swiped card number + swiped PIN can be used to drain some accounts since not all uses of the cards involve reliance upon the chip.
#33
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Additional security measures can create new vulnerabilities and/or heighten existing vulnerabilities. It has nothing to do with tinfoil hat territory except in the heads of those unwilling or unable to consider the applicable facts on how some measures may create or make worse other problems.
#34
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
A future generation of USG-wanted, ICAO-compliant biometric passports are to have RFIDs that are more than just read-only. The push is to require future passports to have electronic read-write storage capacity.
https://www.icao.int/Meetings/mrtd-s...7_Kefauver.pdf
https://www.icao.int/Meetings/mrtd-s...7_Kefauver.pdf
#35
Join Date: Sep 2008
Location: Central Java
Programs: Delta Sky Team
Posts: 21
This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
#36
Join Date: Jul 2011
Location: FRA
Posts: 229
I don't remember giving fingerprints for my US passport.
But, CIS have my fingerprints from when I wasn't a citizen. I wonder if those are destroyed... they ought to be.
I also think DMVs take thumbprints... I don't like those either.
But, CIS have my fingerprints from when I wasn't a citizen. I wonder if those are destroyed... they ought to be.
I also think DMVs take thumbprints... I don't like those either.
#37
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
This document appears to contradict itself. Page 4 boasts of "static" data being secure but the LDS2 proposal promises "update" of photo as well as intrusion of travel patterns and other data that presumably would be used to restrict/override a passenger's use of a visa.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Also, notice how page 6 says "Less reliance on physical document inspection procedures" as if a machine isn't physical. What they mean is less reliance on HUMAN inspectors.
Governments want more automated inspection using biometrics because the CBP-type personnel may be no better at manually matching (or rejecting matches of) people's faces against passport photos than a toddler.
When manual inspection fails, it's not as systematically and time-intensively disruptive as when massive automation, applicable to huge numbers of people, massively fails.
Last edited by GUWonder; Sep 14, 2017 at 2:51 am
#38
FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
#39
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
#40
Join Date: May 2013
Location: New York
Programs: UA Silver, Marriott LTPP, Hertz Five Star
Posts: 1,079
#41
Join Date: Jul 2011
Location: FRA
Posts: 229
Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
#42
FlyerTalk Evangelist
Original Poster
Join Date: Dec 2009
Location: HaMerkaz/Exit 145
Programs: UA, LY, BA, AA
Posts: 13,167
#43
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095
Hmm seems only four states - CA, CO, GA and TX - require fingerprints! I did it in CA. But, it's an old website.
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
https://www.cga.ct.gov/2001/rpt/2001-R-0858.htm
#45
Suspended
Join Date: Jul 2001
Location: Watchlisted by the prejudiced, en route to purgatory
Programs: Just Say No to Fleecing and Blacklisting
Posts: 102,095