• United States



World View | The Mark of the Beast Is Located in Aisle Six, Adjacent to Frozen Foods

Jul 08, 20084 mins

CISO Paul Raines ponders biometrics, religion and privacy in a Dutch grocery store

I grew up in a fundamentalist Baptist church in a rural southern town. I have since moved on to drastically different positions both physically and spiritually, but I was reminded of those roots during a recent visit to–of all places–a grocery store in Holland. The national grocery chain, Albert Heijn recently decided to test a new method of checking out customers. Under a pilot program called Tip2Pay, store customers can pay for their groceries at the checkout counter by simply scanning their fingerprint. (See —sorry, the press announcement is in Dutch, but there’s an accompanying photo.)

As a security professional, I immediately recognised that the store was utilising biometric technology to authenticate frequent customers who had pre-registered their contact and payment details with the grocery chain and who had given their consent for the store to debit their bank account after proper authentication. From a customer service perspective it made perfect sense. I could go to the grocery store on the weekend without having to take my wallet or pocket book. That’s very important to a nation that uses bicycles to travel—the less I have to carry the better.

However, remembering back to the days of fire-and-brimstone sermons in the heart of the Bible Belt, I immediately knew how this would be viewed in that community. You see, fundamentalists take what is written in the Bible literally and in the book of Revelation it is written:

“He (the Anti-Christ) also forced everyone, small and great, rich and poor, free and slave, to receive a mark on his right hand or on his forehead, so that no one could buy or sell unless he had the mark, which is the name of the beast or the number of his name.” Revelation 13:16-17 (NIV)

Hmmm, does a fingerprint qualify as a mark on the hand? Really doesn’t matter because with the fundamentalist crowd would see it as the camel’s nose-under-the-tent, the foot-in-the-door, the first step on the slippery slope to Hades and it must be nipped in the bud. Nipped, I tell you. Nipped-in-the-bud, period.

A second group opposing the introduction of fingerprint scanning are privacy advocates. They would say that fingerprints are too intrusive. If the local grocery store has your fingerprint, what are they doing with it? Are they selling it to interested third parties? Sharing it with the government? If someone has a copy of your fingerprint, does that mean that you could be framed for a crime that you didn’t commit? It seems like it would be pretty easy to fabricate your fingerprints at the scene of a crime and thus make it appear that you had been there.

Even if Albert Heijn is sincere and diligent in protecting the information and are sharing your fingerprint with no one else, there are still no guarantees. Suppose their database got hacked? Or suppose they were like the U.S. telecommunications companies who, when asked (coerced?) by the government, acquiesced in illegally spying on Americans? That happened and it’s likely that those companies will face no legal action from having done so. If it happened with telecommunications companies and phone lines it could just as easily happen with grocery store chains and fingerprint scans.

These two groups, the religious fundamentalists and the privacy advocates, make unlikely political bedfellows. Yet, as the saying goes, the enemy of my enemy is my friend. So, they may yet make common cause against this system.

The Netherlands has a strong privacy advocate group and there is the Data Protection Act which governs how corporations use private citizen data. There is also a Bible Belt in the Netherlands, although the Christian population in the Netherlands is considerably smaller as a percentage of the overall population, has less influence in politics, and is less fundamentalist in nature than are their American counterparts.

The program is currently in a pilot phase and will stay that way for six months. After that time it will be evaluated and, if successful, it will be deployed on a nationwide basis. Who knows? If it succeeds in grocery stores, it may be introduced to other vertical markets. If it succeeds in The Netherlands, it may be introduced in other countries.

This new payment system may be quietly flying under the radar screen for now because it is only being deployed in one grocery store. However, if and when it goes national it will attract everyone’s attention—including the two aforementioned groups. When that happens Albert Heijn had better be ready for the questions and the hostility that will inevitably follow. ##

Paul Raines is CISO at a nonprofit organization in the Netherlands.


Paul Raines is the Chief Information Security Officer for the United Nations Development Programme. In that capacity he is responsible for the information security and disaster recovery planning for the Organisation’s 177 locations around the world. Previously, he worked for the Organisation for the Prohibition of Chemical Weapons (OPCW) and, like all current and former members of the organization, shared in the 2013 Nobel Peace Prize. Prior to working for the United Nations he was the Chief Information Security Officer for Bloomberg LP and the Federal Reserve Bank of New York. He is a graduate of the United States Air Force Academy and Harvard’s Kennedy School of Government. For relaxation he enjoys opera, Shakespeare, French wine and sometimes just sitting in a cafe with an espresso and croissant reading a good book on Roman history.

The opinions expressed in this blog are those of Paul Raines and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author