Slashdot Mirror
Contactless Credit Cards
An anonymous reader writes "According to his article in EETimes, Visa and Philips are teaming up to introduce a so-called "contactless credit card". Basically it'll work like the proximity cards many of us use for access to our places of work or apartments. You won't need to physically swipe it, simply waving it over a reader is good enough."
I like the convenience idea of it. The magnetic strip in my credit cards are usually destroyed/useless before the card even expires. Between rubbing against other credit cards, contact with the leather, and/or body sweat highly used cards are usually replaced before they ?expire?.
Where?s the security? I often wonder why the heck credit card purchases don?t require a PIN at the very least. Yeah, we?re all high tech and thumb prints and/or eye scans would be cool, but I?m all for having to know and enter a PIN on each and every purchase.
I tend to go for EFT payment whenever possible as I do have to enter a PIN. Shoulder surfing or a corrupt security camera guy is always a problem. I?m smart enough to remember a purchase PIN and a ATM/Cash type transaction PIN too. I suppose insurance costs and ?shrink? just isn?t too expensive yet?
I?d be impressed if there was a thumb reader built into each plastic card I waived around buying all my shit.
Mobile gas anyone?
They won't know where to send the bill!
Let's see. A crowded line at an amusement park... I'm sure I could pick up 100 credit card numbers an hour with my wiz-bang pocket card reader. "Excuse me sir... I didn't mean to bump into you..."
The nice thing from a security standpoint is that the credit card companies have it in their own best interest to make sure people feel confident using these new technologies. While a single cardholder could be at risk to lose a few thousand dollars, these companies have billions riding on these transactions. When it comes to secure computing, this is one industry that actually keeps it on the front burner...
Stop by my site where I write about ERP systems & more
Shielded wallets/credit card holders. Someone call ThinkGeek.
This sounds an awful lot like SpeedPass, which is at least 5 years old. Any idea what the difference is?
so THAT's why the Jedi Hand Wave works.
"These are not the droids you're looking for"
(handwave, subtle ka-ching! sound)
"These are not the droids I'm looking for.. move along..."
That's how I pay for gas at Mobil, with their Speedpass. It's a small keychain thing that looks like a black magot:
Well, that was how I paid for gas at Mobil. I cut my Speedpass open, took out the glass cylinder, and put it inside my Nextel i90 cell phone, it fit next to the battery. The Speedpass only lasted a few months before dieing. I haven't tried it again yet...
It was cool when it worked though, I just held my cell phone up to the pump to pay for gas.
tbdean
I've been using a contactless credit card for years. I type the number into an HTML form, and my card never comes within the same city as the merchant I'm purchasing something from. For that matter, it sometimes isn't in the same city as I am when I'm making the purchase -- for a couple months last year it was on a different continent.
In fact... let me see here... no, I still haven't gotten around to signing the back.
Tarsnap: Online backups for the truly paranoid
Read the article. Plenty of subtle reference to rights management and content control. Buy a DVD with this viper and have to wave it next to your DVD player to get it to play.
"Eve of Destruction", it's not just for old hippies anymore...
You say you are smart enough to remember a purchase PIN and a ATM/Cash type transaction PIN, yet you also claim to be buying shit?
Most, if not all, of the smart people I know never, ever 'buy' shit....they seem to find a way where people continously give them shit, sometimes for no apparent reason. Now I know some would argue that this may well be a gift, but I've watched this happen, over and over, and I'm here to tell you, it seems like it doesn't matter what they do or what they say, someone will eventually give them shit. Really! I am not kidding! It's true!!
If you are having to pay for shit, may I suggest a crash course in shit 'taking'...you can sign up for one online I believe..perhaps right here, if you ask nice.
I had the pleasure of seeing a prototype credit card that had that feature. It was geared toward online purchases and basically worked like this:
The button is an excellent idea because you save transmitter life, although I'm sure there's a power supply that can live the life of a credit card. It also controls when the info is sent out. I wouldn't mind throwing a PIN on there either. Hell, I don't even have a credit card, just a check card, so I'm fine with PINs
Damn I like ordered lists!
It's not a new concept. We already practice it here at Slashdot - we don't even have to read the article, we just get near the story and start spouting off comments.
You know, back when you could still afford to go out for dinner (DQ doesn't count), how the waitperson would bring the bill on a little plastic tray and lay it on the table....and you'd simply drop your c'card onto the bill...and then someone would take the tray and bill and c'card and....oh, wait, I get it...
Hello, I'm Dwayne, I'll be your card waver this evening.
These cards better have a small range (two feet max) or I don't see how you will manage to perserve the time-honored tradition of the grocery store line.
"Did you swipe your card?"
"Not yet."
"That's funny, because your total has already been paid!"
My concern would be that unscrupulous individuals would use portable readers to get your card number. It would be a form of pick-pocketing that wouldn't actually require any contact or much risk of getting caught.
Hopefully, the cards would use some sort of challenge/response system, rather than a fixed number that could be replayed to a terminal. Still, there are bound to be vulnerabilities, and we'll probably be reading about them in a couple of years.
When I visited Hong Kong in 2001, I bought a subway pass with this technology.
If you buy more than about $10 US of subway services, you have the option to get a smart card. My whole stay that card left my wallet only once (to return it for a refund). Othere than that when I used the subway, I would just set my wallet on top of the read. It was so conveneient.
Even better, lots of vendors (such as convenience stores) let you pay using your subway credit.
I guess there are more security concerns when using this with a real credit card, but it seems like it should have happened in this country sooner.
http://yetanotherpoliticalrant.blogspot.com
I can see Amazon patenting 0-click technology with this...
- Danny
Other than the magnetic strip not wearing out, what's the advantage?
When I lived in Hong Kong there was a smart card (not Credit Card) called Octopus. Basically, you buy the smart-card, you add cash funds to it, and then you can use it to ride the train system.
It was incredibly convenient, not to have to buy tickets, and much greater throughput than ticket machines. You just walked through the gate and swiped your wallet over the reader.
Anyways, it wasn't long before they figured out the advantage of converting the vending machines in the station over to Octopus. No cash to collect, just fill it up with product and collect the money from the Octopus administrators, less administrative fee.
I can tell you from experience, it beats the hell out of coins, changing money, messing about with cash, fumbling about with change. Just swipe your card and get your product. Faster, easier and much more effecient.
Best of all, the cards were anonymous, which means the govt couldn't track you via the card. Disadvantage of course is that if the card was lost or stolen, there was no recovery. I guess for that reason the maximum you could put on the card was HK$500.
To me this was the first step towards an anonymous cashless society, which despite the Orwellian protests of the tin-foilers, is IMO, A Good Thing(tm). Money spreads disease, has an administrative cost, is vunerable to forgery. If we can have all the advantages of cash, including anonymity, then I say, let's get rid of cash.
>>
I am the director, and this is my movie
Most of the proximity cards are powered by the RF field that is used to interrogate it.
Still , a button would be nice. Even just a 'squeeze point' (eg squeeze the card whilst waving over reader) would be handy.
Then we could also have the obligatory "Squeeze the last cent out of my card jokes"
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
Reading some of the comments here about the security of these cards, and it makes me worry somewhat.
I used to sysadmin for a shell account company, and we saw huge amounts of credit card fraud, mostly from kids looking to run bots on IRC, or just because they collected shell accounts.
One thing I came away with from that experience was the definite feeling that Credit card companies don't seem to think it is in their interest to stop credit card fraud.
After all, if the owner of a card is frauded, the bill goes on their card, and interest is accrued. If the owner of the card isn't diligent, its possible they might just automatically pay the card off, without even realise they have been a victim of card fraud.
Certainly, the credit card companies don't seem to go after the fraudsters as much as they should. One of my friends on Dalnet used to regularly give the full details of people that she had discovered doing carding. One kid was so blatant, he put up a web page, with pictures of him holding up all the crap he had bought with stolen card numbers.
He was 12, and his mother didn't care in the slightest he was stealing. And neither did the credit card companies. The police were interested though, but he didn't have much repercussions - just a couple of weeks in a counselling center for kids.
Anyway, I digress.
Proximity cards are a great ieda. It means I can just wave my wallet near the scanner to pay for an item.
But, if this is not couple with some new form of identification currently not in use with credit cards (a pin number would suffice, or something biometric such as a thumb-print), then I fear that fraud will just increase.
People will get a hold of the scanners, and set up their iPod to capture the card numbers of anyone in proximit to it, and just walk up behind people, snapping up numbers.
Maybe I'm just getting paranoid.
The EE Times article focuses on the technology is a bit light on details of what the card actually does, so I'm not sure if it is a stored-value card (like Octopus) or actually operates like a credit card. I would be surprised if it's the latter because of concerns about theft etc.
The place where I used to work had these key fobs which worked like that. I thought it'd be cool that we just had to walk next to the door and it'd open it.
Not.
Even when directly contacting the sensor with the key fob in my pocket it didn't activate it. It had to be held infront of the device, almost touching it.
Whatever the range they say, I'm sure you're not going to be able to sniff out the RF signal by just sitting next to someone unless you have some expensive equipment.
Waves AmEx These aren't the droids you're looking for...
Obiwan was a bribe merchant!
They do make contactless micro-processor smart cards. Schlumberger makes one, two, three, different versions.
From their site:
High-speed contactless operations are completed in less than 100 milliseconds and at distances of up to 10 cm from the reader. Security between different applications is ensured by two 48-bit diversified keys and specific access conditions per sector. Security is further reinforced by replay attack protection and a three-pass handshake, which manages the mutual authentication between the card and the reader. In addition, the Easyflex FastOS 2.0 fast anticollision algorithm allows more than one card to be processed by the reader at the same time.
Easyflex FastOS 2.0 communicates on the 13.56 MHz carrier frequency in compliance with the current ISO 14443-Type A standard and implements the standard Mifare protocol, allowing it to be used with the vast majority of contactless card systems.