The Bank of America has started testing a Bluetooth-based, biometric customer identification system that uses the short-range wireless technology to transmit and release account information to a bank teller.
Jay Chaudhary, chairman of AirDefense, a wireless security company, said he accidentally discovered the Bank of America Bluetooth-based ID system while queing at a local bank branch last week.
When he booted up his company's Bluewatch detection and sniffing tool, it detected transmissions related to the Touch ID system being tested by Bank of America.
The Touch ID device is "designed to significantly reduce personal identity theft and financial fraud" by allowing customers to use their fingerprints to authorise financial transactions by transmitting identification to a teller.
Customers using Touch ID place a fingertip against a reader at the teller window. A fingerprint sensor in the Touch ID device compares the electronic fingerprint with a fingerprint impression given by the customer when he enrolled in the pilot programme. Once a match occurs, the Touch ID device transmits account information stored in the device to the teller, authorising a transaction.
Bank of America said the Touch ID system "raises the identification security level to a new high and positively secures banking transactions, while at the same time protecting the privacy and legitimacy of our banking customers".
Harvey Radin, a bank spokesman, said all information transmitted by the Touch ID system is encrypted, and he emphasised that the device does not transmit any transaction information. Radin said that about the only information a sniffer could grab would be the serial number of the device.
Although Bank of America is testing the Touch ID system, no decision has been made yet to deploy it nationwide.
Bob Brewin writes for Computerworld