Tommy's Value is a convenience store located at 47 Mt. Auburn Street.
Tommy's Value is a convenience store located at 47 Mt. Auburn Street.

Paying by Cash, Credit, or Finger Vein?

The device, Lux Pay, scans a user’s finger veins, links the associated pattern to their bank account, and wires money from that account to the store’s.
By Saima S. Iqbal

If you snake your way through the narrow aisles of energy bars and sodas at Tommy’s Value, you’ll spot it by the cashier’s monitor: a sleek, white device shaped like a pulse oximeter, the kind a nurse might snap onto your index finger during a check-up. A satiny sticker taped to the desk explains that the device does not, in fact, measure your vitals, but your bank account balance. “Pay with your finger,” the blocky, golden font reads, “and get 10% cash back.”

The store owner, Najeeb Hussain, tells me Harvard students Abdul M. Jamjoom ’19, Matteo A. Carroll ’19, and Vojta T. Drmota ’20 developed the device and pitched it to him last fall. The device, Lux Pay, scans a user’s finger veins, links the associated pattern to their bank account, and wires money from that account to the store’s.

The students claimed that the ten percent discount would boost Tommy’s student clientele. Hussain wasn’t sure it would have a significant effect, but agreed to use the technology “mainly to help the kids with their project.” He believes it has great potential for commercial success given its speed and convenience.

“Maybe they’ll develop it and make some money,” he says, smiling.

Drmota believes Lux is an “innovation” capable of disrupting the “inertia of the [payment processing] system.” Its “end-to-end system” bypasses the traditional intermediaries that communicate between a customer’s bank and a store’s bank, eliminating transaction fees and increasing user rewards.

“For many merchants, those fees are the second highest cost after rent,” he claims, adding that he first conceived of Lux after hearing Hussain lament about them.

El Jefe’s Taqueria also uses Lux. Jon H. Eller, the general manager, decided to adopt the payment system out of a mixture of courtesy and intrigue about savings. “They’re customers, you know, loyal fans, and we like supporting students with anything they’re doing,” he explains. “And with them, the [transaction] fees don’t exist.”

But Lux may not be as appealing to customers as it is to business owners. According to Eller, an average day at El Jefe’s sees about two to three users; Hussain estimates an average day at Tommy’s sees only one to two. The business owners say that while some are excited by the novel technology, many are skeptical about its security.

Bruce Schneier, a security technologist and fellow at Harvard’s Berkman Center for Internet and Society, says that biometric payment services like Lux can pose unique threats to privacy. Since “companies can do whatever they want,” businesses can track users’ purchases for targeted advertisement or harness biometric data for surveillance.

Equally worrisome are external breaches of privacy: businesses that store user data in central servers are especially susceptible to cyberattacks from individuals hoping to commit identity fraud. In such cases, Schneier says, “all you can do is be sad; you can lament.”

Yet Lux may not be as prone to the latter concerns as some of its biometric neighbors.

For its pilot stage, the company is using a Japanese vein scanner that is so secure it is used at A.T.M.s in Japan. According to Drmota, the Lux software provides further government-level security, storing its encrypted data in a separate server. A server breach would thus not reveal a user’s identity but instead a meaningless string of characters.

Drmota says his team chose a vein-identification technology over a fingerprint or face scan to protect user privacy and prevent card fraud. Finger vein patterns are difficult to forge, steal, or track. Furthermore, he notes, unlike fingerprints, they are “not forensically admissible” as evidence in a court of law.

While Eller emphasized how secure the device was, he ultimately places the burden of responsibility on users.

“For us, [Lux Pay] is just like any other credit card company,” says Eller. “We don't care if the credit card companies are keeping ‘X’ number of information from people because that's not [our] business.”

Schneier doubts business owners in Harvard Square will have to choose between privacy and convenience, at least for now. “I think, in this system, Apple Pay and Google Pay will win,” he said.“All the other stuff is noise.”

Drmota, however, has high hopes that Lux’s end-to-end payment gate will distinguish it from competitors. Around 210 Harvard students have registered for the device. By the end of the semester, Drmota plans to expand registration and offer the product at other stores in Harvard Square, such as Berryline, Cambridge Cleaners, and Zinneken’s. After graduation, he aims to bring the product to Boston, New York, and L.A.

While some find the novelty of the device off-putting, Drmota believes trust will build with time.

“When people see their friends use it, and see how well it works, they’ll want to be on board,” he said. “From there, you’ll get a snowball effect.”

— Magazine writer Saima S. Iqbal can be reached at

The Scoop