There is little doubt that the merging of computer technology with credit and debit cards (see: Plastic Money) to create smart cards was one of the most significant steps on the road to the Mark of the Beast. There is, however, another important technology that has been developed during the same time frame that is also being combined with smart cards and it may prove to be the key to making secure transactions possible in a cashless society. Biometrics is the science of uniquely identifying humans through their physical characteristics, traits, or mannerisms. It is the invention of biometric identification that actually makes the advent of the Mark even more plausible within the very near future.
Since the inception of credit cards, debit cards, and smart cards, there has been an acute need to find a way of securing the cashless system against fraud. The use of Personal Identification Numbers (PINs) or passwords has been one of the main security features of the ATM and POS network since its inception; however, it is not the only way or even the best way to operate a secure smart card system. No matter how “smart” a card may become with advanced microprocessors and clever software algorithms, a dishonest person with a stolen card and the right PIN can still make use of it to fraudulently purchase goods and services. Since people have been known to even write their secret number on their ATM cards or on a separate piece of paper left in their wallets, all the technology in the world could not safeguard against such security breaches. In addition, in a cashless society muggers could just steal their victim’s card and demand the correct PIN on the threat of personal harm.
One report found that even with a strong move toward smart card technology in the U.K. nearly 20% of the population has experienced credit or debit card fraud (Burns, S. and Weir, G., Trends in Smartcard Fraud, 2008). To commit fraud, scammers have used counterfeit cards, skimming techniques, interception and theft of new cards from mail deliveries, stolen (or lost) cards, and the use of stolen account numbers and names to make transactions where a card need not be present (i.e., Internet purchases). The fundamental problem is that the international electronic funds transfer (EFT) system still operates with insecure points all along its infrastructure and can be easily taken advantage of by criminals. Smart card technology certainly helps to reduce the incidence of fraud, but it does not completely eliminate it.
In addition, the latest contactless smart cards that use radio frequency identification (RFID) or near-field communication (NFC) to link to a POS reader are vulnerable to remote intercepts of this data transfer by nearby scanners (Greenberg, A. Hacker’s Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets, Forbes online, 1/12/2012). In fact, it has been demonstrated that a thief can “pickpocket” the data directly from of a contactless smart card in a nearby person’s purse or wallet by using nothing more than several hundred dollars worth of scanning equipment readily available from the Internet. Silently capturing card data from random people on the street in this way could provide a thief with enough digital information to make thousands of dollars in fraudulent purchases without anyone suspecting the theft. Clearly, smart cards represent another level of security issues that must be solved to make the cashless society safe from being compromised.
There is one way, however, to eliminate almost all chances of theft or fraud in cashless buying and selling even when using contactless smart cards. Since a smart card has the memory and processing ability to function as a stand-alone computer, the answer to external security breaches may be to have the card itself contain an identifying mark unique to its owner which cannot be stolen. What kind of code would be so secure that a thief could not steal it? Early in the development of smart card technology, Robert McIvor predicted,
“It is not inconceivable that within a few years smart cards will be able to store digitized versions of their owners’ signatures, retina prints or fingerprints; personalized smart cards could be used as highly secure keys, allowing access to telephone networks, corporate data banks and secure buildings” (Scientific American, Nov, 1985, p. 152).
Smart cards are now able to store digitized versions of physical characteristics that are unique to each card owner. When a card is used, a digital version of the biometric identifier contained within the card is compared to a new scan of the person attempting to use the card. If the two biometric data sets match, then the person is validated to use the card. If the new scan doesn’t match the card’s data, then the system will refuse to activate the card for a purchase or for secure access. Thus, with the use of biometric identifiers the true owner of the smart card can be absolutely correlated with the person trying to use it. Only the real owner of the card is able to make it function. With this type of biometric validation, a card cannot be used by a criminal with a counterfeit or stolen card, because only the owner has the correct biometric characteristics that match the digital data found within the card.
The benefits of smart card use in combination with biometric identification should not be underestimated. The science of biometrics is going to make the cashless society a reality in the next few years. In fact, Purdue University researchers that are studying iris and fingerprint biometrics along with face and voice recognition say that passwords are about to become a thing of the past (Conroy, M., Nov. 12, 2013, Star Tribune, Minneapolis, MN; http://www.startribune.com/lifestyle/231529151.html). People often amass dozens or even hundreds of passwords that they have to remember and keep secure. When using biometrics for identity confirmation there is no longer a need for recalling password codes or PINs. To log onto a computer or to access a POS terminal or a network, all that is needed is the appropriate scanner to verify a person’s personal biometric identity. A biometric smart card along with a fingerprint reader attached to a POS cash register can allow an employee to sign in to the system almost immediately, while preventing anyone else from doing so without the appropriate biometric information.
The most common uses for biometrics today have been government and national security applications to confirm identity and allow access to restricted areas or networks. With the recent commercialization of reliable scanners for hands, fingerprints, and iris characteristics, the application areas are expanding to include finance, healthcare, and computers and smart phones. At a conference in February of 2014, the U.S. Institute of Defense & Government Advancement (IDGA) is expanding the focus of biometric applications to include representatives from these additional industries (see 7th Annual Biometrics for Government and National Security). The field of biometrics is growing rapidly now that commercial applications are finally becoming a reality.
Though the market for biometric systems is just beginning to take off, authentication through biometric identifiers has actually been used to confirm human identities for a long time. The human brain uses an advanced form of biometrics to recognize faces and physical characteristics of people, which are innate processes used every day to identify family, friends, and acquaintances. Perhaps the earliest use of biometrics in society was in the observation during the mid-1800s that each person’s fingerprints were unique and could be used to reliably identify people. Fingerprint technology thus became a major forensic identification technique used by law enforcement and governments to associate criminal activity with the correct perpetrators. Modern biometrics has developed methods to accurately recognize through computer technology and scanners not only fingerprints, but facial recognition, hand scanning (including palm prints and hand geometry measurements), eye scanning (including iris recognition and retinal scans), voice recognition, walk and gait characteristics, and body geometry, among others.
The science of biometric identification has matured during the last twenty years to now become commercially viable, and many companies have entered into this field to produce sensors and readers to scan human characteristics. The ability to confirm identity through biometric characteristics provides smart card users with the absolute validation necessary to participate in secure transactions and obtain access to secure areas. Biometrics thus can be used as an identity validation to enter through secure access points, obtain rights to use public transportation, sign on to restricted computer networks, cast votes in elections, and positively identify anyone for any purpose.
The advantage of using smart cards along with biometric identification is that the digital biometric information contained within the card is encrypted and need not be shared with any other entity or database. The biometric data is placed within the card at the time the owner obtains a new card and it cannot be cloned or stolen. This maintains the secure nature of keeping the reference biometric absolutely secret so that a fraudulent use of the card cannot take place. Only when the owner of the card also submits his or her actual physical person to a new biometric scan can the data contained within the card be compared to the fresh scan. During this process, the card does not share the encrypted biometric within it, but only reports whether the new physical scan matches the card’s data. If it matches then an individual’s true identity is confirmed. Without this match no one can use the card.
In 2011, the U.S. Office of Management and Budget (OMB) issued a mandate for all Federal departments to implement Personal Identification Validation (PIV) smart cards to access government computers and networks. This action is to comply with the Federal Information Security Act (FISMA), which became law in 2009. It moves the U.S. government toward full application of smart cards for identity and access control. The goal is to have at least a 95% compliance rate throughout the U.S. government by the end of 2014. NASA is putting PIV cards into operation in two phases and they expect that all desktop and laptop users will utilize smart card-based access by December of that year. NASA’s Ames Research Center issued an internal memo that said that the PIV smart cards will have two major benefits: 1) they will uniquely identify a user as the person who has authorized access to a particular computer or network and 2) they will improve NASA’s overall “security posture” by making it more difficult to exploit and gain access than with the use of passwords.
The White House has even started an initiative called the National Strategy for Trusted Identities in Cyberspace (NSTIC) that could soon lead to a requirement for everyone to have smart card IDs for Internet access. In a white paper brief published in June of 2013, the Smart Card Alliance says, “approximately 12 million Americans have been affected by identity theft of some kind in the past 2 years”. Because of this threat from online identity thieves and hackers, the Alliance advocates that individuals should have to prove “that they are who they say they are” to use the Internet. The Smart Card Alliance and the Obama Administration now want to create what they call an “environment of trusted identities” within the Internet infrastructure. This scheme would become the basis for a new “identity ecosystem” that would allow governments, financial institutions, and corporations to know who you are the moment you sign onto the World Wide Web. The NSTIC would provide each person with an official identity to log onto the Internet with a smart card every time your browser is launched. According to the NSTIC white paper and some accompanying presentations on the NIST web site, the system would create by January 1, 2016, a “secure, interoperable, privacy-enhancing credential” to authenticate users online (read more).
According to Greg Cannon (VP for Standards and Architecture) at Cross Match Technologies) the proliferation of biometric scanners is poised to take off quickly in the U.S. In an article in USA Today (Implications of the Coming Biometric Wave), Cannon was quoted as saying that biometric scanning devices are already widely used in law enforcement, defense, and civil applications. “For us, it is about educating the market on the broader applications of biometrics and how they can enhance our daily lives”, he said. With the increased use and availability of smart phones and tablets with built-in high resolution cameras, the incorporation of biometric scanners takes nothing more than downloading an app that makes use of them to digitally scan the appropriate biometric location on a person’s body.
In the same USA Today article, Shahar Belkin (CTO) at FST21 said,
“Biometrics can now be delivered in real-time and with a reasonable price. The ability to use only one identification method that you can never lose or forget is a motivating factor. Fraud is creating a need for more security and ease of identification.”
Recently, a new consortium of corporations has formed an alliance to create uniform standards for permitting any device capable of biometric scanning to securely access any account online without revealing the biometric details to the network or to a computer. The digital biometric identifier stays securely within the smart card or smart device so it can’t be stolen, but using standard protocols, the processor communicates to the network whether the owner’s identity has been validated or not. The FIDO alliance is made up of companies such as Google, MasterCard, Lenovo, and PayPal that have an interest in furthering secure identity authentication through the use of biometrics. This system, they hope, will eliminate the problem of fraud and create a global system of electronic access as well as Internet buying and selling with no more need for cash of any kind.
Think of the potential of biometric smart cards in cashless EFT operations. Instead of having to remember a PIN or a password, which everyone seems to forget (or else they write them down where someone else may easily steal them), the card itself will be able to verify its owner’s identity through their unique biometric features. For instance, within the chip’s Read Only Memory (ROM), a digitized fingerprint or iris pattern might reside. When a person attempts to purchase something with the smart card, he or she will have to first insert it in a reader (or hold it near a device) which can measure these parameters. At the same time, they will have to place their finger in a special scanner or their eye near an optic scanner. The card will then check the pattern recorded by the scanner with the information stored in the card’s memory. If the two patterns match, the owner of the card is able to make the purchase. If no match is found, then the card is electronically locked from further use. As biometric scanning becomes a part of smart card technology, fraud may become a problem of the past.
Of all the potential modalities that can be used with biometric scanning, among the most mature while also having the highest accuracy and individual uniqueness are fingerprints and iris identifiers. The Smart Card Alliance has recently cited fingerprints and iris biometrics as candidates for a multi-modal identification system for all systems requiring validated identities. Multi-modal means that both technologies would be used side-by-side to validate individual identities. The Alliance reported in a white paper in 2011:
“…multi-modal biometrics can provide a solution for those individuals who are unable to present a suitable biometric sample in one modality. An example would be offering the option to present either a fingerprint or iris for authentication. A person who has poorly defined fingerprint patterns due to age, occupation, or medical condition would be given the choice to enroll and use iris as their biometric modality of choice. If both sensors are present, the user can use whatever modality that they are best suited for. In this situation, there is no fusion of independent biometric measurements” (Smart Card Alliance, Smart Cards and Biometrics, a Physical Access Council White Paper, p. 9, March, 2011).
Biometric identification is quickly becoming standardized on fingerprint and iris scanning as two methods having a high degree of accuracy and also having highly unique patterns which can positively identify any individual. These two biometric modalities are not just coincidental. The Bible predicts that the Mark of the Beast will be placed in the right hand or forehead (Rev. 13:16). As biometric smart cards become standardized with fingerprint and iris scanning identifiers, it is only a small step to eliminate the card altogether in favor of an implanted chip. The location of that chip will logically be near the location of the corresponding biometric scanning area. Thus, for those people who choose to have a fingerprint biometric as confirmation of their identity, they will have the chip implanted in their hand. For those who choose to have an iris scan as their identifier, they will obtain the chip in their forehead. This is incredible! The Empire of the Beast is bringing about the technology to make the Mark of the Beast possible even before the rise of the Antichrist. As the final biometric smart cards are introduced worldwide, how close do you think we are to the coming of Christ?
Next: RFID