Fingerprint scanning may be required in buying smart phones by year’s end

[webfact]

Fingerprint scanning may be required in buying smart phones by year’s end



BANGKOK: -- To ensure better security in the use of the so-called PromptPay electronic money transfer system through smart phones, the Bank of Thailand and the National Broadcasting and Telecommunications Commission have agreed to introduce fingerprint scanning for smart phone buyers probably by year's end.

Pre-paid and post-paid phone users who want to apply for “Prompt Pay service” will be required to have their fingerprints scanned the next time they buy a smart phone at yearend. The fingerprints will be kept in the data-bank for reference.

So when an electronic transfer is made by a phone user, the databank can check that the user is real and the transaction is approved electronically.

BoT governor Veerathai Santiprapob explained that the PromptPay is a closed electronic money transfer system unlike the normal online money transfer which is vulnerable to hacking. He asked members of the public to have faith in the system’s security.

Source: http://englishnews.thaipbs.or.th/169239-2/


-- Thai PBS 2016-06-20

[ezzra]

why are they so interested in knowing who's the owners of a phone if the police dose nothing to

solve and bring about crimes of know owners of a mobile phone?

several months ago a close friend have supplied the police with 2 phone numbers of gang of scammers

who scammed him out of a bundle of cash, till date, those numbers are still in use and continuing

to try to scam people, and when asked why no progress in the case, the police captain claimed he can't

make out the complaint's hand writing written by his subordinate... go figure.....

[djjamie]

Good initiative. In fact they are looking at using face recognition in the near future to not only unlock the phone, but to make purchases as well.

Can either move with the technology or resist it complain and finish up like that grumpy old man that lives up the road. I for one embrace technology and look forward to these new initiatives.

[Somtamnication]

5 years from now I will walk into a 7-11 and buy a Mars bar; not before scanning my fingerprint.

[jamesbrock]

Completely unnecessary, yet understandable, overreach by the Junta.

There is absolutely zero technical need for anyone to store the biometric data from any smartphone. Using this "requirement" as a reason for mass biometric collection is spurious at best, but probably won't be questioned, and, indeed, may even be cheered...

While the biometrics of touch ID are not completely 100% secure, having every smartphone owner's biometrics unnecessarily on file—especially with the Thai Government record of data security—would be like the government storing everybody's PIN.

Technology, in the rest of the world, has enabled many innovative uses for the fingerprint scanner on smartphones, such as secure online banking, Apple Pay, Samsung Pay, etc., but none—i.e. not one—require the fingerprint itself to be stored outside the smartphone itself.

[shirtless]

This is getting like big brother but on steroids, why all the paranoia .

[impulse]

5 years from now I will walk into a 7-11 and buy a Mars bar; not before scanning my fingerprint.

Or maybe buy a 7/11 bar on Mars when Bangkok's underwater?

[Strangebrew]

What if you want a smart phone but don't want prompt pay app? I for one never use my smart phone to pay for anything nor do I use credit cards especially in LOS. Also only use the safest ATM's around Citibank's because it is inside of bank hard to rig it there.

Edited June 20, 2016 by Strangebrew

[Winniedapu]

Thailand and IT initiatives do not co-exist well. I may be wrong, but when I read this puff piece, I had visions of one God-Almighty c0ck-up after another, with nobody being responsible and no mistakes ever being made.

And as for fingerprints being kept securely... well the junta will naturally want access... for their own purposes. And anyone else? Doubtless that could be arranged - for the right price.

Winnie

Edited June 20, 2016 by Winniedapu

[thesetat2013]

This does seem a bit extreme and unnecessary for security. It seems more like someone is trying to fingerprint the whole nation instead. Especially since the BOt is run by the gov. This is kind of like inserting chips into your arm to identify yourself.

One thing is for certain. The BIB will not have problems teaching down criminals using fingerprints if this happens. Certainly a judge would approve a warrant to release the banks biometric data if requested by the judicial system or military. Or a certain article could be used to force this information to be given to them. Scary times are ahead if this becomes mandatory. One side note. All phones now have to be registered with your name and all phones companies are using upgrades in their bandwidth to force people to buy smartphones. So should this fingerprinting come about, everyone who owns a phone will be effected

[taony]

They will print out copies of the scans and keep them in piles on the floor of the ministry. Then when there is a major crime , the clowns in brown will pretend they were able to get some prints from the scene and dive into the pile to find someone to take the fall.

[canuckamuck]

If I buy a phone online, how will they get my prints?

[williamgeorgeallen]

they said 'may' which means that it wont.

[Syduan]

Completely unnecessary, yet understandable, overreach by the Junta.

There is absolutely zero technical need for anyone to store the biometric data from any smartphone. Using this "requirement" as a reason for mass biometric collection is spurious at best, but probably won't be questioned, and, indeed, may even be cheered...

While the biometrics of touch ID are not completely 100% secure, having every smartphone owner's biometrics unnecessarily on file—especially with the Thai Government record of data security—would be like the government storing everybody's PIN.

Technology, in the rest of the world, has enabled many innovative uses for the fingerprint scanner on smartphones, such as secure online banking, Apple Pay, Samsung Pay, etc., but none—i.e. not one—require the fingerprint itself to be stored outside the smartphone itself.

All a part of the NWO agenda and it's going to get a lot worse.

[klauskunkel]

If I understand this correctly, then the BoT and NBTC want my fingerprints in their databases in case I would like to make a financial transaction via smart phone. They promise to use my stored fingerprints only to check the legitimacy of the transaction and ask to believe their good intentions.

Uh huh...

Well, now I might be inclined to doing so, if they set up a dynamic escrow account in my name with an amount 10 times my net worth, then maybe I'll give it some more thought.

[chrisinth]

This does seem a bit extreme and unnecessary for security. It seems more like someone is trying to fingerprint the whole nation instead. Especially since the BOt is run by the gov. This is kind of like inserting chips into your arm to identify yourself.

One thing is for certain. The BIB will not have problems teaching down criminals using fingerprints if this happens. Certainly a judge would approve a warrant to release the banks biometric data if requested by the judicial system or military. Or a certain article could be used to force this information to be given to them. Scary times are ahead if this becomes mandatory. One side note. All phones now have to be registered with your name and all phones companies are using upgrades in their bandwidth to force people to buy smartphones. So should this fingerprinting come about, everyone who owns a phone will be effected

At the moment it is only being suggested for people wanting to use the Prompt Pay service. I would imagine that you would be fingerprinted when signing up for the service?.

IMO, it would be impossible to fingerprint everyone buying a new smartphone as there are far too many outlets outside the mobile provider's own shops/offices for purchase. And this includes online orders inside and outside the country.

For something like this (buying of all new phones) to be controlled, purchase of new phones would only be sold from nominated outlets which would warrant a change of law/regulations regarding smartphones. This isn't likely to happen anytime soon.

Controlling a service (Prompt Pay service) would be another story.........................

[clokwise]

This is ridiculous. Once they have my fingerprints, how do I now complete a transaction? The few phones that have fingerprint scanners do not have an API for applications to use them, they can be used only for phone and OS security. Further, if they are simply connecting a fingerprint with a specific phone, which makes no sense but seems to be what they are saying, then what if I lose my phone and a bad guy empties my bank account? That can't be right - so presumably, I'm going to have to go somewhere (bank branch?) to match my fingerprints with those on file before completing my transaction. Back to square one. Why don't they just encourage Apple Pay or "Octopus card" type services instead? These are proven, secure, services, and now private enterprise will develop and carry out the service at no additional cost to the taxpayer.

[ddavidovsky]

Craven new world.

On a sociological level, this is symptomatic of the breakdown of the 'community'. We used to live in small groups and knew little of the those outside the group. Now there are too many people in the game for the comfort of everybody, and with lots of outsiders in the mix (we trust people less if we can't talk to them in our own idiom) we have to lock every door and window and live in a state of perpetual fear. The future is paranoid.

[Morakot]

If I buy a phone online, how will they get my prints?

I think you need to print them out, then take photo of it and post it on Facebook.

[jamesbrock]

The few phones that have fingerprint scanners do not have an API for applications to use them, they can be used only for phone and OS security.

Actually, the Touch ID API was opened up to third-party app developers in the iOS 8.0 SDK back in September 2014. Note that this does not allow the app (nor app devs) to access the stored fingerprint data, rather allows the third-party app to store secure data - such as the username and password you use to access services - in the operating system's encrypted keychain.

Roboform, Dropbox, and ING Direct are three third-party apps that I use, which use the Touch ID for access.

Edit: Forgot to add that Google introduced the same permissions in Android 6.0 (aka Marshmallow) in October 2015.

Edited June 20, 2016 by jamesbrock

[GuestHouse]

What even the ones changing hands in the 'stolen property market'?

[Pib]

So when an electronic transfer is made by a phone user, the databank can check that the user is real and the transaction is approved electronically.

You know the article didn't say you would have to have your fingerprint scanned by your phone when doing such a transfer. It just said they wanted your fingerprint for buying of phone. Maybe just a poorly written article and they left out a part about possibly the payment system app would require a fingerprint scan to process the payment, but then you will need a phone which has a finger print scanner built into the phone which usually only comes with some high end/pricier phones right now.

[jobin]

I like cash. Good thing i'm the 'smart' one, not the device.

[dominique355]

5 years from now I will walk into a 7-11 and buy a Mars bar; not before scanning my fingerprint.

6 years from now you will need DNA analysis and you will remember with nostalgia when money was enough to buy something.

[dominique355]

So when an electronic transfer is made by a phone user, the databank can check that the user is real and the transaction is approved electronically.

You know the article didn't say you would have to have your fingerprint scanned by your phone when doing such a transfer. It just said they wanted your fingerprint for buying of phone. Maybe just a poorly written article and they left out a part about possibly the payment system app would require a fingerprint scan to process the payment, but then you will need a phone which has a finger print scanner built into the phone which usually only comes with some high end/pricier phones right now.

... and the phone will have to generate a file with the fingerprint scan and send it (hopefuly encrypted) to a safe government location where hacking is impossible...

Yeah right!

[Surasak]

Becoming more like a communist state every day. DNA tests next?

[american12bthai]

and with this data china can easily unlock all your iphone. this information is too personal. just imagine the unsecured server it is hosted on and tell me you want this. I have never given the police accurate information. ever. even when they are looking at my ID i tell them a different name if they ask me where im going, i tell them to a brothel. If they ask me where I work, i tell them silom. thais will believe what you say.... NOT WHAT YOU DO. remember that.

[FredNL]

" He asked members of the public to have faith in the system’s security."

Sounds to me as: "Trust me, I am Thai !"

[gandalf12]

Good initiative. In fact they are looking at using face recognition in the near future to not only unlock the phone, but to make purchases as well.

Can either move with the technology or resist it complain and finish up like that grumpy old man that lives up the road. I for one embrace technology and look forward to these new initiatives.

Thailand is way behind the technology when it comes to persons capable of handling it at a technical level. They can't get the online reporting to function properly let alone anything that is technically advanced. They should be using retinal scans not fingerprints

[Srikcir]

BOT and NBTC may have just killed the PromptPay app.