At 12:58 AM 4/8/96 +0000, you wrote:

This comes from the FTC Privacy List, and is somewhat relevant.... (The the "Crypto" in the title isn't, oddly...).

Some thoughts... (er, questions): 1. What are the implications for log-on systems that rely on recognition of faces (supposedly impossible for hackers to describe and exploit)?

Does anybody know how well these systems work? If I don't shave over the weekend will my computer know who I am Monday morning? Is my credit card going to have my face digitized and encoded onto the mag stipe for comparision with a video camera image at the time of sale?

2. Legal implications for witnesses?

I think many eyewitness accounts are already taken with a grain of salt, at least as far as picking a suspect. Certainly in court the lawyers say whatever makes their case look better.

------- Forwarded Message Follows ------- Date: Sun, 7 Apr 1996 08:24:18 -0700 From: taxhaven@ix.netcom.com (Adam Starchild ) Subject: British Study Claims That Photo Credit Cards Don't Work To: privacy@ftc.gov

"Crypto-ID" Cards Not Effective

Recent studies into the effectiveness of photo credit cards have cast doubt over their ability to cut fraud. Dr. Richard Kemp, of the Department of Psychology at Westminster University, London, organized an experiment involving a London supermarket to test the cards in "the real world."

Most if not all credit card issuing banks use some form of fraud detection software. The next generation of these products will be analyzing transaction data from the card clearing banks in real time to stop fraudulent transactions before they are complete. Expect to see more "may I see your ID" questions as these systems flag transactions as possible fraud. I have had a credit card with my photo on it for several years, I can't ever remember a sales person who seemed at all interested in comparing the photo to me.

The supermarket was staffed by six people who were all warned to be on the look out for fraudulent credit cards. Dr. Kemp arranged for 44 of his students to pose as shoppers and test the staffs' ability to spot photo-card misuse. Each student was armed with four cards. One showed the student as they were, one showed the student wearing make-up, one showed an individual who vaguely resembled the student and the last card depicted someone who looked nothing like the bearer. People usually recognize photographs of individuals based on a familiarity of the subject. A photograph captures only one angle and expression out of thousands of different combinations. People will recognize photographs of family, friends and well known individuals easily. But how easy is it to accurately compare a photograph with the face of a perfect stranger? At a recent conference, Dr. Kemp said that matching a photo to a stranger's face was "too difficult." He also said that in a non- experimental situation, such as a supermarket, the incidence of fraud detection would be even lower. The results of Dr. Kemp's supermarket experiment proved very interesting. In all, the majority of fraudulent cards were accepted. Amazingly, 35 per cent of the cards bearing a photograph of someone completely different from the student were accepted. A massive 64 per cent of cards bearing a similar individual were also accepted. Another factor which seems to further prove Dr. Kemp's point is that 14 per cent of cards bearing a true likeness of the student were rejected. A few British banks are already offering customers the opportunity to have their photograph etched onto their cards. They claim a reduction in fraud has resulted from this. Dr. Kemp's findings would seem to contradict this belief. Dr. Nicky Towell, one of Dr. Kemp's researchers, said "There is a widely held assumption that photo credit cards are a cheap and effective way of stopping fraud. But this is not the case." No one can tell how well photo credit cards will catch on. But with the majority of people carrying at least one, if not more cards of some sort, how long will it be before photos become compulsory? The government knows that the introduction of ID cards is a political hot potato, but how many people would notice if they turned the cards we already have into crypto-ID cards?

Reprinted from The Mouse Monitor, The International Journal of Bureau-Rat Control, a periodical published by Scope International for its customers. Scope International is on the Worldwide Web at http://www.britnet.co.uk/Scope/

Posted by Adam Starchild The Offshore Entrepreneur at http://www.au.com/offshore

The privacy list is run automatically by the Majordomo list manager. Send a "help" command to majordomo@ftc.gov for assistance.

Rob.

--- Send a blank message with the subject "send pgp-key" to <WlkngOwl@unix.asb.com> for a copy of my PGP key.

dwl@hnc.com David Loysen 619-546-8877 x245