Contactless Credit Cards

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Wednesday May 28, 2003 @04:51PM from the don't-crowd-me-in-line dept.

An anonymous reader writes "According to his article in EETimes, Visa and Philips are teaming up to introduce a so-called "contactless credit card". Basically it'll work like the proximity cards many of us use for access to our places of work or apartments. You won't need to physically swipe it, simply waving it over a reader is good enough."

23 of 414 comments (clear)

Min score:

Reason:

Sort:

Good and badGood and badGood and Bad by krray · 2003-05-28 16:51 · Score: 5, Insightful

I like the convenience idea of it. The magnetic strip in my credit cards are usually destroyed/useless before the card even expires. Between rubbing against other credit cards, contact with the leather, and/or body sweat highly used cards are usually replaced before they ?expire?.

Where?s the security? I often wonder why the heck credit card purchases don?t require a PIN at the very least. Yeah, we?re all high tech and thumb prints and/or eye scans would be cool, but I?m all for having to know and enter a PIN on each and every purchase.

I tend to go for EFT payment whenever possible as I do have to enter a PIN. Shoulder surfing or a corrupt security camera guy is always a problem. I?m smart enough to remember a purchase PIN and a ATM/Cash type transaction PIN too. I suppose insurance costs and ?shrink? just isn?t too expensive yet?

I?d be impressed if there was a thumb reader built into each plastic card I waived around buying all my shit.

Mobile gas anyone?
1. Re:Good and badGood and badGood and Bad by the_bahua · 2003-05-28 16:55 · Score: 5, Insightful
  
  I would be interested to know how they would be able to stop "contactless thieves" in this case. It seems to me that scanners would become available for people to walk around zapping people's funds away from them. One nice thing about the tried and true swipecards is that to charge them, it's very much a physical action.
  
  At the very least, the signature process should be retained.
2. Re:Good and badGood and badGood and Bad by pirodude · 2003-05-28 17:19 · Score: 3, Insightful
  
  It's fairly easy and a part of all smartcards on the market today. Not only is the reader able to verify the card, but the card is able to verify the reader.
  
  How I see it working would be, 1 central authority (CA like we know it for SSL certs) issuing certificates to all of the readers on the market (there still needs to be a way to expire the certs incase one gets stolen, put out of service). The cards will contain the corresponding certificate for the CA so it can properly validate any certificates the CA signs. When
3. Re:Good and badGood and badGood and Bad by teknokracy · 2003-05-28 17:30 · Score: 5, Insightful
  
  And then it comes down to the point where you have the fact that the card could just as easily be stolen. No amount of encryption would protect a card from that.
4. Re:Good and badGood and badGood and Bad by KrispyKringle · 2003-05-28 18:42 · Score: 3, Insightful
  
  "Skimmers" are pretty common as is. If we had a more complex system to defeat them involving some sort of PKI you have two issues.
  First, this would be hardware based and it'd be fairly likely that someone out there would sell a legit signed reader to a theif or a theif would get one somehow. Unlike the CA analogy, where this only effects people if the fake store manages to steal the real store's private key as well and the weak point of trust is still a legitimate store, here, we are looking at a stolen card reader and suddenly the weak point in the chain is not just a shopkeeper or retailer, but any random theif who manages to walk by you on the street.
  Second, how would this infrastructure work in conjunction with CC# purchases where there is no physical transaction, i.e. online purchases? I suppose you could only implement it for proximity card purchases, some sort of built in smart-card feature as you said, but I don't even see it as providing that much security. As I said, one stolen reader and someone can charge you whatever they like.
  The best solution I can come up with, now that I think about it, is to have all the proximity-broadcast information encrypted with a public key for VISA or whoever, and only VISA can decrypt it. That way, even a stolen reader is useless, all someone can do is charge for purchases, and then the money paid from the CC company is traceable anyway. There is no way for the theif to actually gain the CC details. No need for any other sort of security; you could give this information out to everyone on the planet and have it still be totally secure.
5. Re:Good and badGood and badGood and Bad by nmg196 · 2003-05-28 21:09 · Score: 2, Insightful
  
  > Physical, hardly.
  > Have you ever purchased anything online?
  
  Yes, I seem to recall needing to physically see my card to do it and enter the numbers on a keyboard. The site did not simply sense the card in my wallet from a pop-up window and start charging things to it.
  
  > All I need is your number, name and expiry and I can charge
  > your account all I want.
  
  And how will you get those without seeing something with my card details on it (like my card)?
  
  The argument here is that just walking past something/someone carrying a proximity reader could steal all the details off your card and possibly start using it unless it's also combined with some kind of compulsory PIN.
  
  Nick...
6. Re:Good and badGood and badGood and Bad by thelexx · 2003-05-29 00:52 · Score: 4, Insightful
  
  Card in pocket, it is far from "just as easy" to take it from me as it would be to pass a wand over my butt without me noticing.
  
  --
  "Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
Anyone taking bets... by Verteiron · 2003-05-28 16:53 · Score: 2, Insightful

... on how long it takes before someone cracks/hacks whatever security these things have and begins making megabucks by planting remote cardreaders in places like mall store entrances?

How long will it be? Say, to the nearest hour or so?

--
End of lesson. You may press the button.
1. Re:Anyone taking bets... by RodgerDodger · 2003-05-28 16:58 · Score: 2, Insightful
  
  I would hope that it would require more than simply waving it around. At the least, I would like to see, say, a button on the card you have to press at the same time.
  
  Otherwise, as you say, someone will come up with something to read them for sufficent distance to go through clothing, your wallet, etc, without you knowing. Sure, the range (according to the article) is only 20 cms, but even that's too far for my peace of mind.
  
  --
  "Software is too expensive to build cheaply"
Go for it by TopShelf · 2003-05-28 16:54 · Score: 4, Insightful

The nice thing from a security standpoint is that the credit card companies have it in their own best interest to make sure people feel confident using these new technologies. While a single cardholder could be at risk to lose a few thousand dollars, these companies have billions riding on these transactions. When it comes to secure computing, this is one industry that actually keeps it on the front burner...

--
Stop by my site where I write about ERP systems & more
1. Re:Go for it by Talez · 2003-05-28 20:57 · Score: 2, Insightful
  
  Maybe it's just me, but I would trust a driver's license MORE than a signature with nothing to compare it too.
  
  You mean all this time I couldn't compare the signature on the receipt to the signature on the back of the card?
  
  Holy shit... I must be responsible for millions in credit card fraud alone.
2. Re:Go for it by mrscorpio · 2003-05-29 01:26 · Score: 2, Insightful
  
  I'm sorry, but the "check ID" thing in the signature is so stupid (I used to work retail so I had many incidents and much idle time for this thought to occur). All someone has to do, if they steal your credit card, is to make a fake ID with their picture and your name on it. Fake ID's are much easier to obtain than signatures are to copy, and cleaning the signatures off and replacing them doesn't really work very well anymore...and if it did, they could just wipe off "check ID" and write your name in their handwriting anyway.
  
  Do you see your folly now?
  
  Chris
Sounds an awful lot like SpeedPass by Otterley · 2003-05-28 16:58 · Score: 4, Insightful

This sounds an awful lot like SpeedPass, which is at least 5 years old. Any idea what the difference is?
BAD IDEA by Anonymous Coward · 2003-05-28 17:03 · Score: 1, Insightful

Just think of the ways this can be abused...suppose there was some hot chick who wanted to rip you off. She could build a really small card scanner and hide it in her hand. Then she'd come up to some guy and start rubbing his ass and all, and the dude would be like "COOL!!". But then she would charge $10,000 to his account!!!

So this is obviously not a good idea unless you are a hot chick who wants to rip people off. Or if you work at Six Flags Magic Mountain you can maybe hide a scanner inside those metal detector things that they pat you down with. That would work too.
Absolute Fascist Control by HotNeedleOfInquiry · 2003-05-28 17:04 · Score: 4, Insightful

Read the article. Plenty of subtle reference to rights management and content control. Buy a DVD with this viper and have to wave it next to your DVD player to get it to play.

--
"Eve of Destruction", it's not just for old hippies anymore...
First movers advantage and contentions? by toybuilder · 2003-05-28 17:32 · Score: 2, Insightful

So, if Visa is the first mover, do they essentially "own" the wallet because the lazy consumer wouldn't want to bother pulling out a different card?

And what happens if there are multiple cards that are contactless? Do I have to pick one out? What's the point of this, then?

My building uses contactless badges. Ironically, we have a badge for the building and another for the garage. I can't keep both cards in the wallet because they interfere with each other.

Finally, is Phillips proposing to make cars run off the card? Wow. Imagine starting your car just by sitting down...
Stopping fraud? by chrome · 2003-05-28 18:22 · Score: 4, Insightful

Reading some of the comments here about the security of these cards, and it makes me worry somewhat.

I used to sysadmin for a shell account company, and we saw huge amounts of credit card fraud, mostly from kids looking to run bots on IRC, or just because they collected shell accounts.

One thing I came away with from that experience was the definite feeling that Credit card companies don't seem to think it is in their interest to stop credit card fraud.

After all, if the owner of a card is frauded, the bill goes on their card, and interest is accrued. If the owner of the card isn't diligent, its possible they might just automatically pay the card off, without even realise they have been a victim of card fraud.

Certainly, the credit card companies don't seem to go after the fraudsters as much as they should. One of my friends on Dalnet used to regularly give the full details of people that she had discovered doing carding. One kid was so blatant, he put up a web page, with pictures of him holding up all the crap he had bought with stolen card numbers.

He was 12, and his mother didn't care in the slightest he was stealing. And neither did the credit card companies. The police were interested though, but he didn't have much repercussions - just a couple of weeks in a counselling center for kids.

Anyway, I digress.

Proximity cards are a great ieda. It means I can just wave my wallet near the scanner to pay for an item.

But, if this is not couple with some new form of identification currently not in use with credit cards (a pin number would suffice, or something biometric such as a thumb-print), then I fear that fraud will just increase.

People will get a hold of the scanners, and set up their iPod to capture the card numbers of anyone in proximit to it, and just walk up behind people, snapping up numbers.

Maybe I'm just getting paranoid.
Signature on credit cards? by millwall · 2003-05-28 20:07 · Score: 2, Insightful

I've asked many people this but no one can give me a decent answer...

What kind of security check is it to write your signature after using your credit card?

I mean the signature is on the back of the card!

It's like having the password to your computer written on a piece of paper stuck to your monitor...
Isn't that how the SpeedPass works? by 192939495969798999 · 2003-05-28 23:20 · Score: 2, Insightful

I think that's how SpeedPass works. It's really a faster way to buy things, but seems incredibly unsafe. If someone swipes that thing, you're done!

--
stuff |
I see a problem by Anonymous Coward · 2003-05-29 00:21 · Score: 1, Insightful

Now someone can pick your wallet just by walking by.

Oops. Bumped into you. My bad. = Credit card info stolen with a portable reader.
Re:the Bush card by Eccles · 2003-05-29 02:25 · Score: 3, Insightful

Hey, dummy. It is Democrats who want to spend, spend, spend. ...which is why the last two presidents to submit balanced budgets were Clinton and Johnson, and Carter's deficits were ~1/5 the average deficit Reagan submitted.

Democrats want to spend, so do Republicans. The Democrats are just more honest about it.

--
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Pros & Cons by Anonym1ty · 2003-05-29 03:48 · Score: 2, Insightful

Pro: My card won't wear out before it expires 6 years from now

Con: Now I can have my number stolen without comming into physical contact with the theif
--This could be a pro if you consider it could make getting robbed a whole lot safer .

--
See the Pictures of the Flood of '08
Did anyone RTFA? by jhines0042 · 2003-05-29 05:05 · Score: 2, Insightful

Looks to me like just a speedier way to suck money out of your bank account and charge you for the service to boot!

I don't know about everyone else but I go running scared when I see things like (paraphrased) "...standard method of allowing consumers to purchase content in their home..."

I can see it now.... "please wave your contactless credit card to watch this channel"....

--
42 - So long and thanks for all the fish.