As Fingopay is a new secure payments and authentication system using unique VeinID technology, we do realise that you may have a few questions about how everything works.
Below are answers to some of the most frequent questions about Fingopay.
If you can’t find an answer to your question, get in touch with us on 0203 189 1460 or email firstname.lastname@example.org
No – the system uses the unique structure of the veins in your fingers. These veins can only be acquired with our scanners and used with our system.
The only possibility of a match is when “the same finger on the same hand of the same person” is scanned.
Yes – the system allows you to remove yourself completely.
The Scanner is designed to accommodate a significant proportion of the human finger.
There is an infrared light in the hood of the scanner and this shines through your finger so that a camera in the base can record the finger vein.
Finger veins are stable over time, they are more unique than human iris, and can identify you in moments using our small scanner,. You don’t leave finger veins around like finger or palm prints and they cannot be obtained without your direct consent and involvement in our secure registration and enrolment process.
All the information that you give us is encrypted for use. We separate each aspect of your data so that there is no single place where your data can be compromised. Even if each component of our system was “fork lifted” from our secure data centres, they could not be used so your data would be safe and protected.
If the damage to your finger is deep and permanent, you would be able to enrol another finger or re-enrol the damaged finger. Our system works with wet, dirty or surface level damage or cuts and scrapes because it “sees” inside your skin.
This process assures that our system acquires the very small variations in your finger veins caused by heartbeat and micro movements. We use three scans to ensure we have acquired a usable encrypted finger vein scan, and a fourth to verify that our system will recognise you every time and in every circumstance.
No – your finger vein cannot be stolen since it is never available in our systems in a form that could be ever used by anyone else. It is protected by a chain of in-depth security measures starting with our patented scanner, a unique cryptographic representation of the scan itself that prevents duplication and/or replay of scans, changing keys encryption at each stage and overall end-to-end encrypted pathways, being the latest specifications for the financial services industry.
We believe that you own the personal information that you give us. We need only minimal information about you for registration and enrolment. Our system uses coded representations of data to make the associations with payment cards and other stored values.
The French, German, Japanese and Polish governments have determined that our specific biometric identification system protects personal privacy by using a biometric that cannot be obtained without your knowledge (unlike finger prints, face, walking gate or palm prints). Futhermore, where a print of an external or service visible biometric is used, these governments have identified that there is an association with Law Enforcement and the stigma associated with crime. The French and German governments have decided that they won’t allow finger print identification to be used outside of law enforcement.
We never transmit or store any payment card information in our systems. We use encrypted representations called Tokenised Card-on-File. We comply with the Payment Card Industry Data Security Standard, and use only PCI approved and proven systems to process and make payments.
No – uniquely we have patented “liveness detection” methods that ensure that our systems cannot be spoofed with a fake finger.
No – our unique patented system detects a number of human characteristics during the scanning process that ensure that only live fingers can ever be used.
No – Finger Veins are unique even among biological twins.
No – our system has security measures which protect integrity from end-to-end, from scan to match. Our system is also unique in that it is online and rolling crypto key pairs are exchanged between the scanner and a host PC. This means that only a connected and online PC host can be used. Scanners to host PC connections are both secure and mutually locked together by a pair of cryptographic keys that assure that only matched scanners and host PCs can ever be used. You can be assured that your finger veins are fully protected from someone stealing your finger vein using USB.
No – our system assures that lost or duplicate transactions are not possible as each transaction has a unique reference that ensures it can be made only once. We call this sequence protection. We also send you transaction confirmations immediately.
No – a photo will not defeat our anti-spoofing and live-ness detection.
In future you will be able to enrol all of your fingers and assign things to each of them. Today we ask you to register your right index finger.
No – our system holds key elements of data in tokenised and encrypted form in separate secure compartments, some with our PCI Partners in military grade secure environments. We protect you from compromise by never having all the details needed by thieves in one place.
We have developed a “duress” process that assures your personal safety first. We will release details soon.
Yes – We have developed an “in-case-of-emergency” ICE system that can be used to assist in identifying you even if you are unconscious, and identifying yourself when you have no other means (but your finger) to do so. We will release details soon.
To make sure two devices are locked together and can exchange data securely between themselves, a key pair is shared to create a unique cryptographically protected link between two defined devices. In our case the scanner and the PC host.
This technology was first used at Festival No 6 at Portmeirion in Wales. This venue was chosen specifically as a challenging environment in which to test our services. It was very successful and we have continued to refine our service since
Our claims have been validated by Universities and Laboratories in Japan, mathematical institutes in Poland and Germany, and government privacy bodies in France and Turkey.
Various uses of similar technologies have been used for example 80,000 ATMs in Japan use a slightly different and limited cut down version. However, over more than 3 years we have developed a “match-on-cloud” solution that can benefit everyone with a convenient, fast, safe and simple means to travel safely in a digital world
Yes – you can even wear thin gloves or sticky plasters. We don’t suggest that very dirty fingers are used since these will foul the scanner.
The surfaces that are actually touched are very small. You never actually touch the scanning area itself so just the very tip and a small area of the base of your finger ever touch the scanner. There are no dirt traps in these areas and the scanners can be simply wiped clean. We think that our system is more hygienic than Pin Entry Devices, ATM Key Pads and is much easier to keep that way.
Simply by using your personal login, and enrolling your chosen finger. You can even enrol the same finger again if you wish as this will update our system with a new and different finger vein template for future matching.
Simply by using your personal login, entering your card details and linking these to your finger. This information is never held by us, and is used by our PCI partners to generate a secure token that represents your card for us to call when you want to make a payment.
Simply by using your personal login and selecting “Change” or “Remove/Delete” a card. Similarly, you can do the same for your finger.
Your finger vein is never stored anywhere. What we do is create a “Finger Vein Template” (FVT). This is an encoded representation of the scanned finger vein. We then encrypt and encapsulate this FVT in a way so that only our system in the cloud can perform a match. We store only an encoded representation of your finger vein and never the scan itself so you are protected from possible replay and relay attempts to compromise you.
The finger vein scan image is itself extremely hard to acquire. We use a proprietary method to do this. Once acquired, the scan image is instantaneously encoded and encrypted into an FVT so that scan images themselves are never transmitted, used or stored in a matching database. This also means that you can remove and re-enrol the same finger, but create a new FVT for matching when you do. It’s useful to do this whenever you get issued a new payment card in order to assure continued use of any biometric as we age. We suggest re-enrolment of fingers every three years.