Slashdot Mirror

← Back to Stories (view on slashdot.org)

What About "Smart" Credit Cards?

Posted by Hemos on from the anything-known dept.

Platypii writes "After seeing many ads on TV and around the Internet for the "smart" credit cards (both major companies now have them I believe), I became curious about them. The Visa website was rather vague about it, and only proclaimed dreams of merging all your cards -- of whatever type -- into one. Anyone know the technical details of these cards? The privacy aspects?"

6 of 333 comments (clear)

  1. It's a gimmick by Logic+Bomb · · Score: 3, Interesting

    As far as I can tell, these "smart cards" do nothing at all. Keep in mind that reader hardware is needed for the little embedded chips, and until such hardware becomes ubiquitous no one can do anything with any data that someone bothered to put on there. My university actually tried doing this exact thing with its student ID cards for a couple years, and the only use it could find for it was as a rechargeable stored value system. They dropped it because it wasn't all that useful and it raised the cost of the cards from like $7 to $20 to replace. I guess that these cards might be a good way to use small amounts of electronic money, but considering one is already doing just that -- it's a credit card, remember? -- I don't see the point. I guess people could store basic commonly-needed information like a health insurance policy number on them, but again, unless access technology is widely available this is just a gimmick.

  2. my opinion by unformed · · Score: 4, Interesting

    Anyone know the technical details of these cards? The privacy aspects?

    Simple answer: More convience = less privacy = less security (for most cases)

    What I find really interesting is the credit card one-time deals (don't know a link to information, if anybody does, please help out) but the gist of it was that: you'd sign up with a credit card with, say, Visa. Then when you're about to buy something on the internet you get a temporary credit card number from Visa that only has a certain amount available on its balance.

    Security-wise it's great, since if anybody gets that number, no big deal, since they can't use it. Privacy-wise it wouldn't be hard to make it not require any personal details. (Since it's a temporary number issued on deman, it's almost safe to assume it's not stolen (possibly ask for a name or something like that))

  3. Real solutions aren't here yet by osgeek · · Score: 4, Interesting

    I worked for a major valley computer company in 2000, and we had evaluated American Express's Blue as a possible companion to some of the ecommerce solutions we had wanted to develop.

    Blue, and everything else I've seen since then aren't real solutions, they're just gimmicks. They need to support real SmartCards which offer strong encryption onboard and payment approval. The half-assed crap that they're pushing now is next to useless. The only benefit that I can see of Blue and its ilk is that they might have the opportunity to make SmartCard readers ubiquitous. From there, they could maybe begin to support SmartCards with the features that I mentioned above.

    --
    Why are you letting these clowns ruin our country?
  4. Use of SmartCards in Europe... by Anonymous Coward · · Score: 4, Interesting

    I noticed the widespread use of these cards last time I was in France. I guess the reason they caught on so well over there was that the way the cards are set up, they are somehow self-authenticating, that is there is no need to call a central database, at least not at the time of purchase. This was an important feature in Europe where super-expensive telephone hookups made it prohibitively expensive for the average business to authorise credit cards over the phone every time one was used.

    We use them at my university for stored value as well. They were going to drop them from our IDs a few years ago, but the introduction of SunRay network appliances all over here and the hot-desking that goes with them guaranteed they'll stick around a while longer.

    Although I think the coolest application I've seen is the card I can store all of my PCR programs on for our Thermal Cycler in the lab. Tres convenient!

    --J

  5. Re:Europe's had it for 15 years! by gorf · · Score: 3, Interesting

    In France, there's a ubiquitous system which requires you to type your code for every purchase you do with it. AFAIK, nobody ever complained about it, considering you can't use a stolen French card anywhere in France. If it's combined with a Visa card, you can still use it outside the country where there's no direct way to check its validity.

    As far as I understand it, the French system has been cracked, although to what extent I'm not sure (see Bruce Schneier's Secrets and Lies, he mentions it).

    Apparantely the first guy who figured it out went to the card company, who asked him to prove it, which he did by buying a metro ticket. They then had him arrested, and forced him to sign an NDA to avoid prosecution.

    Then someone else independently cracked it, and posted it anonymously from a cybercafe (in Paris, IIRC)

    Smart cards are fine, but they need to use proper encryption, complete with completely open standards. I won't trust them until then. I know that companies expect fraud and absorb the costs, but you still need to be able to prove that you didn't make the purchase. Without a need for the vendor to produce a signature, this could be difficult.

  6. Smart Cards by Naikrovek · · Score: 4, Interesting

    Smart cards are pretty cool. They have great security, are standards-based, and are quite cheap when you think about all they do.

    Most smart cards (JavaCards or OpenCards) support encryption, wired or wireless interfaces, and a bit of space on the card itself for a program of your own. www.basiccard.com offers a neat little set of cards you can program in basic, if you're just getting started. (the program on the computer can be written in any language). www.gemplus.com has cards you can program in Java, but these are much more expensive.

    Each card has an onboard computer which you can program to do your bidding, from anything to securely storing cash (that only the correct program, or card reader can adjust, if you like), identity checking (imagine an ID card with your picture, signature, left thumbprint on the surface of the card, and stored securely inside the card - now there's an ID), and tons of other things that haven't been thought of yet.

    You can use them as phone cards, tiny cash cards (swipe your card in front of a soda machine, push Pepsi, drink, repeat)

    There are tons of cool things you can do with a tiny computer embedded in a card. Its more than just memory storage, its an entire cpu that you could use for a new TIS authentication scheme, or a new payphone card, or a key for your encrypted files. You could walk by a local ESPN store, swipe your card, then on your Palm later check out all the scores and player stats for the last week. Look, smartcards are great or evil, depending on how creative you are, but the potential for some very cool things is definately there.