Is KFC Now Finger Scannin' Good?

Is the KFC chain now going to have to tell employees that it's Finger Scannin' Good? That's a possibility, given a move announced Tuesday (Sept. 20) by two of its franchisees to abandon password access to POS and switch to a fingerprint biometric authentication system.

The advantages are initially compelling, in that it makes it so much harder for associates to impersonate managers for fraud, whether it's for stealing money directly, manipulating payroll records or letting employees falsely sign in for each other. The problem is that bored, persistent and resourceful KFC employees—armed with almost unlimited access to these biometric devices and potentially lots of free time during slower parts of the day—are quite good at finding security holes. Will it be a piece of Scotch sticky tape that will fool the system? Maybe the system can be fooled into accepting a new—and non-existent—manager? Given that the fingerprints are not being stored (only a numeric representation of the fingerprint's datapoints), could the number be faked instead? All in all, this biometric approach is probably a very good idea. But few things are secure enough to hold up to under-paid, young, bored QSR employees, especially when management will likely be slow to react, preferring to believe that fingerprint biometrics are foolproof.