Slashdot Mirror
Contactless Credit Cards
An anonymous reader writes "According to his article in EETimes, Visa and Philips are teaming up to introduce a so-called "contactless credit card". Basically it'll work like the proximity cards many of us use for access to our places of work or apartments. You won't need to physically swipe it, simply waving it over a reader is good enough."
Let's see. A crowded line at an amusement park... I'm sure I could pick up 100 credit card numbers an hour with my wiz-bang pocket card reader. "Excuse me sir... I didn't mean to bump into you..."
Other than the magnetic strip not wearing out, what's the advantage? Unless its short-range enough that passers-by can't steal your money, you'll still have to present it to a reader (the article mentions 20cm) Or perhaps they mean it can't be swiped (as in stolen.) It could mean the end of shoplifting though, just use the security scanners to read the RF tags in what has been taken and then take the money straight off the card. (Actually, that could be a great way to shop: pick things off the shelf, walk out and pay without having any queues at the checkout. Where's my patent lawyer?)
Don't go to a brothel if you want to buy broth
That's how I pay for gas at Mobil, with their Speedpass. It's a small keychain thing that looks like a black magot:
Well, that was how I paid for gas at Mobil. I cut my Speedpass open, took out the glass cylinder, and put it inside my Nextel i90 cell phone, it fit next to the battery. The Speedpass only lasted a few months before dieing. I haven't tried it again yet...
It was cool when it worked though, I just held my cell phone up to the pump to pay for gas.
tbdean
Hell, there's even a simpler problem: If I have more than one credit card which one will it "charge?" Or will it charge both?
Not to be a twit, but I heard about this sort of "keep it in your pocket" magnetic technology being deployed already. Around February of this year, one of my English students in Tokyo, who worked for Sony/Ericsson, told me his company's "secret" new cell phone in development would have this mag card tech built in. It would replace the "Suica Card" existing tech, which is just a card you mash against the reader while keeping it in your wallet. The phone was due to hit the shelves in 6 months, which would be this August. Only in Japan, of course, which means it should be out in America around August 2005.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
These kinds of cards do not usually have any kind of power source. They rely on a alternating current magnetic field that the reader gives off. This magnetic field energizes the coil that is built into the card. This coil supplies power to the circuitry on the card which causes the card to send its ID via some kind of rf signal. There are no "smarts in the card itself. The card just sends its ID and a computer behind the scenes uses that ID info to open the door or pay the bill.
For those concerned about portable readers consider that a reader would have to send out a powering magnetic field and then capture the ID of the card. My guess is that all kinds of security could be built into these cards. The most obvious kind would be the use of an ID that contained a constantly changing code like the secure IDs many of us use to access various secured dialup and network devices. The only drawback is you would need some kind of contained power source in the card to power the secure ID ciruitry as it has to be constantly powered so it does not lose sychronization with the host system. My guess is the reader could still supply power for the RF signal while the secure ID part used a small lithium cell.
That way the ID would not only have to be correct but the security code would only be good for about 3 minutes. That would make these things fairly secure, probably moreso than a card and a PIN as the PIN can be noted via cameras and the quicksighted.
Physical theft of the card would be a problem but that would not be anything new to get used to.
dzimmerm
Jumping to correct solutions slowly is better than jumping to incorrect solutions quickly.
When I visited Hong Kong in 2001, I bought a subway pass with this technology.
If you buy more than about $10 US of subway services, you have the option to get a smart card. My whole stay that card left my wallet only once (to return it for a refund). Othere than that when I used the subway, I would just set my wallet on top of the read. It was so conveneient.
Even better, lots of vendors (such as convenience stores) let you pay using your subway credit.
I guess there are more security concerns when using this with a real credit card, but it seems like it should have happened in this country sooner.
http://yetanotherpoliticalrant.blogspot.com
to charge them, it's very much a physical action.
Physical, hardly.
Have you ever purchased anything online?
All I need is your number, name and expiry and I can charge your account all I want.
Credit card accounts are inherently very insecure. Prosecution is the only thing stopping (even more) massive fraud.
Leave it to those narrow-minded visionaries at VISA and Royal Phillips to come up with an even more insecure method of deploying consumer credit card information... via RF (wireless) technology.
If you think credit card fraud is rampant now, wait until card thieves get hold of a portable RF reader and begin walking down crowded streets...
Hey, that's fine with me. This gives me enough lead time to come out with a copper-lined wallet that prevents RF credit card theft. In fact, I'm racing to the patent office now!
My point is that the current credit card authentication system is so insecure that it doesn't really matter what the physical card is made of. The only thing that keeps massive fraud from occurring is the paper trail. It is easier to trace the money and prosecute that it is to secure the system. Securing the system would inconvenience the user and that is something that visa would never want. It is much easier to prosecute.
That being said we may see this attitude change in the future as online credit card databases allow fraud on a much larger scale.
For the record I can get a large number of credit cards (probably yours too) fairly easily:
Receipts carelessly tossed in a garbage can outside of certain stores (yes, many of them do print your full name, card number and exp. Date)
Hacking insecure online servers (many have 1000s of cards in plain text or weakly encrypted)
Grab your mail
Look in your recycling box
Look at your card over your shoulder
Hidden cameras, crooked cashiers/waiters etc
Set up a fake online store selling a few products very cheaply.
Set up a cheap porn site. (ala the Eros Island scam)
etc
I think the point is that proximity scanning is (slightly) easier than swiping -- especially since swiping isn't always straight-forward in my experience. (i.e., Clerk swipes card. Pause. Clerk swipes card. Pause. Clerk swipes card. Pause. Clerk enters number manually.) It might be nice to have the reading of a card number not be dependent on 1) the supple wrist of the user, 2) the condition of the card, 3) the speed and direction of the swiping motion . . . the list goes on and on.
Also, the wear and tear on the cards might actually be reduced enough to make them last more than a few months . . .
I used to work for Sears. I did this. One guy comes up, tried to buy something, I think a faucet, and gave me an unsigned credit card. I asked him for ID, he gave it to me, complaining, and I handed back the ID and the card, and asked him to sign it. He refused, started yelling, and walked out.
Mind you, the card quite clearly states 'not valid until signed'. And this wasn't an isolated incident, either.
That is why stores don't check signatures very well. Customers don't want the security it provides.
I'm not shy, I'm stalking my prey