Account Security

What happens if I cut my finger?

If the damage to your finger is deep and permanent, you would be able to enrol another finger or re-enrol the damaged finger. Our system works with wet, dirty or surface level damage or cuts and scrapes because it “sees” inside your skin.

Can I cancel and remove myself and my data from your system?

Yes – the system allows you to remove yourself completely.

Is my data safe and protected?

All the information that you give us is encrypted for use. We separate each aspect of your data so that there is no single place where your data can be compromised. Even if each component of our system was “fork lifted” from our secure data centres, they could not be used so your data would be safe and protected.

Why do I have to have my finger scanned four times to enrol?

This process assures that our system acquires the very small variations in your finger veins caused by heartbeat and micro movements. We use three scans to ensure we have acquired a usable encrypted finger vein scan, and a fourth to verify that our system will recognise you every time and in every circumstance.

Can someone steal my finger vein?

No – your finger vein cannot be stolen since it is never available in our systems in a form that could be ever used by anyone else. It is protected by a chain of in-depth security measures starting with our patented scanner, a unique cryptographic representation of the scan itself that prevents duplication and/or replay of scans, changing keys encryption at each stage and overall end-to-end encrypted pathways, being the latest specifications for the financial services industry.

How do you protect my Privacy?

We believe that you own the personal information that you give us. We need only minimal information about you for registration and enrolment. Our system uses coded representations of data to make the associations with payment cards and other stored values.

The French, German, Japanese and Polish governments have determined that our specific biometric identification system protects personal privacy by using a biometric that cannot be obtained without your knowledge (unlike finger prints, face, walking gate or palm prints). Futhermore, where a print of an external or service visible biometric is used, these governments have identified that there is an association with Law Enforcement and the stigma associated with crime. The French and German governments have decided that they won’t allow finger print identification to be used outside of law enforcement.

How are my payment card details stored and protected?

We never transmit or store any payment card information in our systems. We use encrypted representations called Tokenised Card-on-File. We comply with the Payment Card Industry Data Security Standard, and use only PCI approved and proven systems to process and make payments.

Could someone get my Finger Vein by connecting the USB to another computer?

No – our system has security measures which protect integrity from end-to-end, from scan to match. Our system is also unique in that it is online and rolling crypto key pairs are exchanged between the scanner and a host PC. This means that only a connected and online PC host can be used. Scanners to host PC connections are both secure and mutually locked together by a pair of cryptographic keys that assure that only matched scanners and host PCs can ever be used. You can be assured that your finger veins are fully protected from someone stealing your finger vein using USB.

Is there a possibility that I could pay twice or lose a payment made by finger?

No – our system assures that lost or duplicate transactions are not possible as each transaction has a unique reference that ensures it can be made only once. We call this sequence protection. We also send you transaction confirmations immediately.

Should I enrol all my fingers to the system in case I need to use them, or I want to sync different things to different fingers?

In future you will be able to enrol all of your fingers and assign things to each of them. Today we ask you to register your right index finger.

If someone steals data from your system, does that mean they have everything they need to take my money?

No – our system holds key elements of data in tokenised and encrypted form in separate secure compartments, some with our PCI Partners in military grade secure environments. We protect you from compromise by never having all the details needed by thieves in one place.

What happens if I am under duress and being forced to make a payment?

We have developed a “duress” process that assures your personal safety first. We will release details soon.

How do I change my enrolled finger?

Simply by using your personal login, and enrolling your chosen finger. You can even enrol the same finger again if you wish as this will update our system with a new and different finger vein template for future matching.

How do I add a Payment Card to my finger?

Simply by using your personal login and selecting “Change” or “Remove/Delete” a card. Similarly, you can do the same for your finger.

Where is my finger vein stored?

Your finger vein is never stored anywhere. What we do is create a “Finger Vein Template” (FVT). This is an encoded representation of the scanned finger vein. We then encrypt and encapsulate this FVT in a way so that only our system in the cloud can perform a match. We  store only an encoded representation of your finger vein and never the scan itself so you are protected from possible replay and relay attempts to compromise you.

What is done to protect my finger vein when matching it against my enrolled FVT?

The finger vein scan image is itself extremely hard to acquire. We use a proprietary method to do this. Once acquired, the scan image is instantaneously encoded and encrypted into an FVT so that scan images themselves are never transmitted, used or stored in a matching database. This also means that you can remove and re-enrol the same finger, but create a new FVT for matching when you do. It’s useful to do this whenever you get issued a new payment card in order  to assure continued use of any biometric as we age. We suggest re-enrolment of fingers every three years.

Technology

Is this Finger Print?

No – the system uses the unique structure of the veins in your fingers. These veins can only be acquired with our scanners and used with our system.

How Accurate is it?

The only possibility of a match is when “the same finger on the same hand of the same person” is scanned.

Why do I have to put my finger inside the scanner?

The Scanner is designed to accommodate a significant proportion of the human finger.

There is an infrared light in the hood of the scanner and this shines through your finger so that a camera in the base can record the finger vein.

How does it compare with other methods of biometric authentication?

Finger veins are stable over time, they are more unique than human iris, and can identify you in moments using our small scanner,. You don’t leave finger veins around like finger or palm prints and they cannot be obtained without your direct consent and involvement in our secure registration and enrolment process.

What is a “rolling key pair”?

To make sure two devices are locked together and can exchange data securely between themselves, a key pair is shared to create a unique cryptographically protected link between two defined devices. In our case the scanner and the PC host.

Where has this technology been used before?

This technology was first used at Festival No 6 at Portmeirion in Wales. This venue was chosen specifically as a challenging environment in which to test our services. It was very successful and we have continued to refine our service since.

Where have your claims about finger vein been independently validated?

Our claims have been validated by Universities and Laboratories in Japan, mathematical institutes in Poland and Germany, and government privacy bodies in France and Turkey.

Has it been tested in the “real world” of wet and dirty fingers and hands?

Yes – you can even wear thin gloves or sticky plasters. We don’t suggest that very dirty fingers are used since these will foul the scanner.

Why haven’t I heard of this before?

Various uses of similar technologies have been used for example 80,000 ATMs in Japan use a slightly different and limited cut down version. However, over more than 3 years we have developed a “match-on-cloud” solution that can benefit everyone with a convenient, fast, safe and simple means to travel safely in a digital world.

Miscellaneous

Can I make a fake finger and use this?

No – uniquely we have patented “liveness detection” methods that ensure that our systems cannot be spoofed with a fake finger.

Can I severe a finger and place this in the scanner to fool it?

No – our unique patented system detects a number of human characteristics during the scanning process that ensure that only live fingers can ever be used.

Will my twin sister be able to use my Payment Card?

No – Finger Veins are unique even among biological twins.

What happens if I have been found unconscious or become lost without any form of identification, can your system help me?

Yes – We have developed an “in-case-of-emergency” ICE system that can be used to assist in identifying you even if you are unconscious, and identifying yourself when you have no other means (but your finger) to do so. We will release details soon.

It does not seem very hygienic to touch the scanner when you pay and enrol after other people have used it?

The surfaces that are actually touched are very small. You never actually touch the scanning area itself so just the very tip and a small area of the base of your finger ever touch the scanner. There are no dirt traps in these areas and the scanners can be simply wiped clean. We think that our system is more hygienic than Pin Entry Devices, ATM Key Pads and is much easier to keep that way.