Current credit card authentication systems validate anyone—including impostors—who can reproduce the exclusive possessions or knowledge of legitimate cardholders. Presenting a physical card at a cash register proves only that you have a credit card in your possession, not that you are who the card says you are. Similarly, passwords or PINs do not authenticate your identity but rather your knowledge. Most passwords or PINs can be guessed with just a little information: an address, license plate number, birth date, or pet’s name. Patient thieves can and do take pieces of information gleaned from the Internet or from mail found in the trash and eventually associate enough bits to bring a victim to financial grief.

Besides trawling the Internet and diving into dumpsters for personal data, thieves exploit people through various cons known collectively as social engineering. A smooth-talking grifter can sometimes get a customer service representative to part with a PIN or reveal other things about an account, such as a mailing address or a phone number. The bank makes it easier for thieves if its authentication protocol is riddled with exceptions. For instance, if you don’t know the PIN, you might be able to provide a mailing address, mother’s maiden name, phone number, or Social Security number to get access to—or at least information about—a particular account. Sometimes those bits of data can be harvested from other sources.

Furthermore, customer service representatives and their managers can usually override authentication procedures when they deem it necessary. A caffeine-addled agent working a double shift may be only too eager to use her override privileges to let you—or your would-be doppelgänger—make a purchase.

To ensure truly secure credit card transactions, we need to minimize this kind of human intervention in the authentication process. Such a major transition will come at a cost that credit card companies have so far declined to pay. They are particularly worried about the cost of transmitting and receiving biometric information between point-of-sale terminals and the credit card payment system. They also fret that some customers, anxious about having their biometric information floating around cyberspace, might not adopt the cards. To address these concerns, we offer an outline for a self-contained smart-card system that we believe could be implemented within the next few years.

Here’s how it would work. When activating your new card, you would load an image of your fingerprint onto the card. To do this, you would press your finger against a sensor in the card—a silicon chip containing an array of microcapacitor plates. (In large quantities, these fingerprint-sensing chips cost only about $5 each.) The surface of the skin serves as a second layer of plates for each microcapacitor, and the air gap acts as the dielectric medium. A small electrical charge is created between the finger surface and the capacitor plates in the chip. The magnitude of the charge depends on the distance between the skin surface and the plates. Because the ridges in the fingerprint pattern are closer to the silicon chip than the valleys, ridges and valleys result in different capacitance values across the matrix of plates. The capacitance values of different plates are measured and converted into pixel intensities to form a digital image of the fingerprint [see diagram, “Fingerprint Matching”].