Slashdot Mirror
What About "Smart" Credit Cards?
Platypii writes "After seeing many ads on TV and around the Internet for the "smart" credit cards (both major companies now have them I believe), I became curious about them. The Visa website was rather vague about it, and only proclaimed dreams of merging all your cards -- of whatever type -- into one. Anyone know the technical details of these cards? The privacy aspects?"
As far as I can tell, these "smart cards" do nothing at all. Keep in mind that reader hardware is needed for the little embedded chips, and until such hardware becomes ubiquitous no one can do anything with any data that someone bothered to put on there. My university actually tried doing this exact thing with its student ID cards for a couple years, and the only use it could find for it was as a rechargeable stored value system. They dropped it because it wasn't all that useful and it raised the cost of the cards from like $7 to $20 to replace. I guess that these cards might be a good way to use small amounts of electronic money, but considering one is already doing just that -- it's a credit card, remember? -- I don't see the point. I guess people could store basic commonly-needed information like a health insurance policy number on them, but again, unless access technology is widely available this is just a gimmick.
Anyone know the technical details of these cards? The privacy aspects?
Simple answer: More convience = less privacy = less security (for most cases)
What I find really interesting is the credit card one-time deals (don't know a link to information, if anybody does, please help out) but the gist of it was that: you'd sign up with a credit card with, say, Visa. Then when you're about to buy something on the internet you get a temporary credit card number from Visa that only has a certain amount available on its balance.
Security-wise it's great, since if anybody gets that number, no big deal, since they can't use it. Privacy-wise it wouldn't be hard to make it not require any personal details. (Since it's a temporary number issued on deman, it's almost safe to assume it's not stolen (possibly ask for a name or something like that))
I worked for a major valley computer company in 2000, and we had evaluated American Express's Blue as a possible companion to some of the ecommerce solutions we had wanted to develop.
Blue, and everything else I've seen since then aren't real solutions, they're just gimmicks. They need to support real SmartCards which offer strong encryption onboard and payment approval. The half-assed crap that they're pushing now is next to useless. The only benefit that I can see of Blue and its ilk is that they might have the opportunity to make SmartCard readers ubiquitous. From there, they could maybe begin to support SmartCards with the features that I mentioned above.
Why are you letting these clowns ruin our country?
I have 2 smartcards in my wallet right now; an American Express Blue, and a Fusion. When I first hooked up the reader, I dreamed of being able to go to thinkgeek.com, hit checkout, put my card in, type my pin, and then having my goodies a few days later. Unfortunately, the support is just not there. With American Express, you use their software and it gives you a list of supported online stores, none of which interest me. The fusion is the same exact way. Both use VERY similar software that runs in the system tray of a Windows computer and launches your little magic cart when it detects a card. Bah...who cares?
Also, one of the main reasons I got them was that both where giving away free card readers which look pretty cool. They're gemstar (I think) and are the same ones that are supported by Win2k for authentication. Not a bad deal, I bet they retail for about $30 a peice. The card reader was also able to tell me a bit of info about the smart card used in my Dish Network reciever. Cool geek toy...nothing more. Next Cue Cat perhaps?
I did see some cool uses such as an electronic card punch that would stay on the card, i.e., you by 9 cups of coffee, you get the 10th free, the card keeps track instead of using a paper punch or other similar device. Alas, this was only a flash demo of what it could do, but I have yet to see any real world examples.
I noticed the widespread use of these cards last time I was in France. I guess the reason they caught on so well over there was that the way the cards are set up, they are somehow self-authenticating, that is there is no need to call a central database, at least not at the time of purchase. This was an important feature in Europe where super-expensive telephone hookups made it prohibitively expensive for the average business to authorise credit cards over the phone every time one was used.
We use them at my university for stored value as well. They were going to drop them from our IDs a few years ago, but the introduction of SunRay network appliances all over here and the hot-desking that goes with them guaranteed they'll stick around a while longer.
Although I think the coolest application I've seen is the card I can store all of my PCR programs on for our Thermal Cycler in the lab. Tres convenient!
--J
I have a standard non-smart Providian Visa Gold card and I've had no problems with it ever. The toll-free number on the back of the card gives you some automated information with the chance to hold for a real, live operator. The on-line account information is useful and you can make quick wire payments from your bank account. I started out with a $1000 limit but I had just turned 18 and had no credit history. Giving me a bigger limit would've been silly. Now I have a $1600 limit (after having the card about 6 months) and it's as painless to use as ever.
Like I said, my card isn't the smart variety, but it's a Providian card and I've never had any trouble with it. In fact I'd recommend Providian.
Just my $0.02. Sorry it's offtopic.
In France, there's a ubiquitous system which requires you to type your code for every purchase you do with it. AFAIK, nobody ever complained about it, considering you can't use a stolen French card anywhere in France. If it's combined with a Visa card, you can still use it outside the country where there's no direct way to check its validity.
As far as I understand it, the French system has been cracked, although to what extent I'm not sure (see Bruce Schneier's Secrets and Lies, he mentions it).
Apparantely the first guy who figured it out went to the card company, who asked him to prove it, which he did by buying a metro ticket. They then had him arrested, and forced him to sign an NDA to avoid prosecution.
Then someone else independently cracked it, and posted it anonymously from a cybercafe (in Paris, IIRC)
Smart cards are fine, but they need to use proper encryption, complete with completely open standards. I won't trust them until then. I know that companies expect fraud and absorb the costs, but you still need to be able to prove that you didn't make the purchase. Without a need for the vendor to produce a signature, this could be difficult.
Smart cards are pretty cool. They have great security, are standards-based, and are quite cheap when you think about all they do.
Most smart cards (JavaCards or OpenCards) support encryption, wired or wireless interfaces, and a bit of space on the card itself for a program of your own. www.basiccard.com offers a neat little set of cards you can program in basic, if you're just getting started. (the program on the computer can be written in any language). www.gemplus.com has cards you can program in Java, but these are much more expensive.
Each card has an onboard computer which you can program to do your bidding, from anything to securely storing cash (that only the correct program, or card reader can adjust, if you like), identity checking (imagine an ID card with your picture, signature, left thumbprint on the surface of the card, and stored securely inside the card - now there's an ID), and tons of other things that haven't been thought of yet.
You can use them as phone cards, tiny cash cards (swipe your card in front of a soda machine, push Pepsi, drink, repeat)
There are tons of cool things you can do with a tiny computer embedded in a card. Its more than just memory storage, its an entire cpu that you could use for a new TIS authentication scheme, or a new payphone card, or a key for your encrypted files. You could walk by a local ESPN store, swipe your card, then on your Palm later check out all the scores and player stats for the last week. Look, smartcards are great or evil, depending on how creative you are, but the potential for some very cool things is definately there.
In Canada, the most popular form of payment these days is Interac (aka. the ATM card.)* It's accepted almost everywhere. Interac is the name of the network that connects all of the bank machines (ATMs) in this country -- the banks just extended the existing network by putting terminals in retail outlets. The card takes funds directly from your bank account, meaning you don't have to worry about bills or high interest rates -- as long as you've got the cash. Like the cards in France, you need to enter your PIN number before completing a purchase. It's just like withdrawing money from a bank machine, except instead of giving you cash, the funds are transferred directly to the merchant's account.
The bank, naturally, takes a service charge from each transaction. As a result, some retailers don't allow Interac purchases below a certain limit (usually $5.) But it's pretty rare these days to go to a place that doesn't take the card. A few years ago, I was passing through the U.S., and almost ran into trouble when I tried paying for lunch at McDonald's with my bank card. The cashier just gave me a funny look. (Fortunately, I had a bit of cash on me at the time.) That shows how much we take it for granted.
(*) According to a study that was conducted about a year ago, 21% use credit cards as their primary method of payment, 35% use cash, and 42% use Interac. People aged 18-24 were at 61% in favour of Interac.
Here's what I know about smart cards .... I worked for a company called ECP, they are developing programs based on smart cards. The only ones that benefit from this cards are Visa and Amex. They are smarter because they keep track of everything on the micro processor that is on the card .... It holds upto 1K worth of information. The merchants will have to replace their current terminals if they want to accept this cards without having to pay for "manual processing fees" which could add upto $ 0.75 per transaction. This fees will apply once Visa, MC, & Amex decide to remove the magnetic strip on the back of the credit cards. Credit card companies are just reinventing the wheel, and making a bundle of money in the process. The information kept on the cards could be gathered and sold to the highest bidders. smart cards have in place in europe for a long time now ....... the possibilities are endless..... they claim to improve security, but there's nothing on this new technology that would stop a stolen credit card from being used the same way that today's stolen cards are used .....
Here's a website for a project using smart card technology in the US. http://www.smartcardproject.org/
Ok, I'm not sure if this is the one you talk about, but here in Sherbrooke, Quebec, Canada, we just finished a one year test-drive of a smart card mastercard call Mondex. In fact, Mondex is the name of the whole system, but the cards are said to have a "mondex chip". I dont consider this a credit card really, but more an electronic wallet. You can put no more than 500$ (that was in cdn dollars btw) on the card, for security reason, and then you can spend it just as with a credit card. It is better than interact (also called ATM cards) because the system doesn't need to call a central office by phone. everything is done local. And also, when you say they hope to put everything in one card, that's because since it is a chip, they put it on a regular ATM card so it can do both. You could also put it on a credit card.
As I learn more and more, I realize I don't know much.