Fingerprint Scanning

This section describes fingerprint scanning. Fingerprint scanning provides greater security by verifying an employee’s identify. You can use an external USB fingerprint reader with the following devices to scan fingerprints:

• Oracle MICROS Tablet E-Series

• Oracle MICROS Workstation 6 Series

• Oracle MICROS Workstation 5a

• Oracle MICROS PC Workstation 2015

• A PC running a Simphony client that is attached to the PC with a USB connection

You can require employees to scan fingerprints when performing the following operations:

• Signing in to a workstation

• Clocking in and out

• Authorizing privileged operations

Privileged employees can perform the following actions:

• Enroll themselves and other employees’ fingerprints in Simphony

• Register up to ten different fingers (in the event that employee digits become incapacitated (cut, removed, or bandaged))

At registration, the employee places a finger on the fingerprint reader. The reader scans the fingerprint and captures its characteristics (an array of pixels) as Fingerprint Image Data (FID). The reader then extracts fingerprint features as Fingerprint Minutiae Data (FMD) and creates a data record that is stored in database tables in the cloud and in the POS clients where the employee signs in. At sign-in, the reader captures fingerprint data and then uses FMD records to search the local database for a match. If a match is found, the action is performed (such as sign-in). The system does not store pictures, photographs, or images of the fingerprint. There is no way to reconstruct the fingerprint using the stored data.

Auditors can determine whether an employee performed an authorization using a fingerprint reader, manual entry, or magnetic card swipe.

Simphony does not store the fingerprint image. Simphony uses only a mathematical identification of the image. The data stored is similar to a hash of the fingerprint and cannot be used to reconstruct the fingerprint. Collecting or enrolling employee fingerprints is a privileged operation, typically requiring manager authorization. The data is protected at rest and in transit within the Simphony application using the same approaches that all sensitive data is protected. When an employee is deleted from the system, the stored fingerprint data for that employee is also deleted. This applies to all storage at the enterprise and on premise. In current versions, the timing of when an employee is deleted from the system is determined by when a privileged user manually deletes the employee record in EMC.

Biometric data is stored in the Employee table for the Enterprise database, CAPS database, and Datastore database. The following queries can be used to demonstrate that no fingerprint data is present:

• To show the count of employees with any biometric data:

  SELECT 
      count(*) AS "EMPLOYEES WITH BIOMETRIC DATA" 
  FROM 
      EMPLOYEE 
  WHERE 
      fingerprinttemplate1 IS NOT NULL or fingerprinttemplate2 IS NOT NULL or fingerprinttemplate3 IS NOT NULL or 
      fingerprintnewtemplate1 IS NOT NULL or fingerprintnewtemplate2 IS NOT NULL or fingerprintnewtemplate3 IS NOT NULL;
  

• To show employee and fingerprint columns:

  select FIRSTNAME, LASTNAME, FINGERPRINTTEMPLATE1, FINGERPRINTTEMPLATE2, FINGERPRINTTEMPLATE3, FINGERPRINTNEWTEMPLATE1, FINGERPRINTNEWTEMPLATE2, FINGERPRINTNEWTEMPLATE3 from EMPLOYEE;

  Note:

  • Neurotec templates are stored in FINGERPRINTTEMPLATE1, FINGERPRINTTEMPLATE2, FINGERPRINTTEMPLATE3

  • UrU templates are stored in FINGERPRINTNEWTEMPLATE1, FINGERPRINTNEWTEMPLATE2, FINGERPRINTNEWTEMPLATE3