No system is perfect, of course, including the one we propose. Any biometric system is prone to two basic types of errors: a false positive and a false negative. In a false positive, the system incorrectly declares a successful match between, in our case, the fingerprint of an impostor and that of the legitimate cardholder—in other words, a thief manages to pass himself off as you and gains access to your accounts. In the case of a false negative, on the other hand, the system fails to make a match between your fingerprint and your stored template—the system doesn’t recognize you and therefore denies you access to your own account.

According to a 2003 National Institute of Standards and Technology report, a stand-alone fingerprint system might achieve a 1 percent false-positive rate and a corresponding false-negative rate of 0.1 percent. So if such a system were used in conjunction with the existing means used to secure credit cards (such as PINs and signatures), the system’s security could be 100 times as effective, while at the same time incorrectly rejecting just one more transaction per every 1000 than are rejected today. We think that credit card users will tolerate this slight additional inconvenience in exchange for far more effective security.

How much they will pay for that additional peace of mind is unknown. But certainly, it need not be expensive. Costs are declining for all of the major smart-card components, including flash memory, microprocessors, communications chips, and fingerprint sensors. Indeed, the basic physical card already exists, albeit in the form of a keychain fob from Privaris Inc., in Fairfax, Va. The company’s wireless dongle has all the hardware components mentioned here, and it is likely that sufficient sales volume could cut the retail price of the device from $200 to $20 in a couple of years. The dongle uses fingerprint-based user authentication to release data, such as an access code, needed to perform a transaction. The fingerprint is sensed, stored, and processed only on the device and is never released, so as to protect the user’s privacy. It would be possible to cut costs further by harnessing the mass-market biometric sensors and computing power available in today’s cellphones and programming them with data-matching software and digital certificates.

A version of the system designed to protect Internet shoppers might be even easier to implement, and less expensive, too. When mulling the costs and benefits of biometric credit cards, card issuers might well decide to first deploy biometric authentication systems for Internet transactions, which is where ID thieves cause them the most pain. A number of approaches could work, but here’s a simple one that adapts some of the basic concepts from our proposed smart-card system.

To begin with, you’d need a PC equipped with a biometric sensing device such as a fingerprint sensor, a camera for iris scans, or a microphone for taking a voice signature. Next, you’d need to enroll in your credit card company’s secure e-commerce system. You would first download and install a biometric credit card protocol plug-in for your Web browser. The plug-in, certified by the credit card company, would enable the computer to identify its sensor peripherals so that biometric information registered during the enrollment process could be traced back to specific sensors on a specific PC. After the sensor scanned your fingerprints, you would have to answer some of the old authentication questions—such as your Social Security number, mother’s maiden name, or PIN. Once the system authenticated you, the biometric information would be officially certified as valid by the credit card company and stored as an encrypted template on your PC’s hard drive.

During your initial purchase after enrollment, perhaps buying a nice shirt from your favorite online retailer, you would go through a conventional authentication procedure that would prompt you to touch your PC’s finger scanner. The credit card protocol plug-in would then function as a matcher and would compare the live biometric scan with the encrypted, certified template on the hard drive. If there were a match, your PC would send a certified digital signature to the credit card company, which would release funds to the retailer, and your shirt would be on its way. Accepting the charge for the shirt on the next bill by paying for it would confirm to the card issuer that you are the person who enrolled the fingerprints stored on the PC. From then on, each time you made an online purchase, you would touch the fingerprint sensor, the plug-in would confirm your identity, and your PC would send the digital signature to your credit card company, authorizing it to release funds to the vendor.

If someone else tried to use his fingerprints on your machine, the plug-in would recognize that the live scan didn’t match the stored template and would reject the attempted purchase. If someone stole your credit card number, enrolled her own fingerprints on her own PC, and went on an online shopping spree, you would dispute the charges on your next bill and the credit card issuer would have to investigate.