Slashdot Mirror
The Universal Card
retro128 writes "Wired News is carrying a story about a new product from Chameleon Network that's supposed to replace all of your credit/debit/customer cards. It can read the information off of the magnetic strips of credit/debit cards, scan the barcode off of customer loyalty cards, and even memorize the RFID signals of devices like the Mobil SpeedPass. All of this information is stored in a device called the Pocket Vault, and is unlocked with the user's fingerprint. If you wish to use a magnetic strip card, you select the card from the touch screen and put a Chameleon card, which looks like and can be run in standard readers like a credit card, in the Pocket Vault. The Chameleon card will then assume the identity of the card you selected, but only for 10 minutes. In this way, if the card is lost or stolen, nobody can use it. In the case of RFID, you just hold the Pocket Vault up to the RFID scanner for a reading. For barcode-based cards, the barcode will appear on the screen and can be scanned by a standard barcode reader. Chameleon Network says this technology will be available in early 2005 and is expected to cost under $200."
Seriously, seems cumbersome and delicate. Can I sit on one of these? You don't want me sitting on your lap (for various reasons) but my credit cards can handle it.
200 bucks for you to know everything about me?
How about YOU pay ME.
I have been pwned because my
This just seems too complicated. I enjoy the simplicity of looking in my wallet, and having only a glance of the card I want, pull it out and use it, no need to select any menus or buttons on it, just pull it out, insert, replace.
Help Brendan pay off his student loans
Excellent, this will make it so much easier for people to track down my details!
Any company that has a hyperlink marked "Investor Information" above-the-fold (shown without a need to scroll down on a typical 800x600 setup) is automatically a bit suspect.
I fear that Slashdot's logo is now going to get added to their brag-about-press-coverage page. For the record, the "Boston's WB in the Morning" program they brag about was canceled in 2002.
I'm not suggesting that this company's technology doesn't exist, but their product is pure vaporware and they have lists of good reasons why a merchant, bank, or large company should partner with them, but they can't name any merchant, bank, or large companies who have agreed to partner with them. At least they have a patent appilcation pending.
So I can grab any card I get my hands on for even a second (as a waiter or working at a gas station for example), run it through this toy and it saves the mag strip info to its internal memory. After getting several hundred (or when I max out the devices memory) I and my friends can then go on a HUGE shopping spree using stolen credit cards. Conveniently, as soon as I think the credit card companies might realize the first number is being used by an unauthorized person, I just switch to the next one. Sign me up! *sigh*
This sounded cool to me for a few seconds until I thought, what happens when the cashier at the quick-n-go tries to verify your credit card against your license? Stephen
Just what I need, only ONE card to lose, sounds like a royal pain IMO.
While it would be great to have everything on one card... there is a lot more inconvenience to be expected if it is lost. However, the security features may trump that.
At college, I have a meal card and a key card, and as long as I only lose one at a time, I can always either eat or get into my room. If one card served both functions, I would lose food and shelter when I lost it. On the other hand, maybe it would be simpler to only have to keep track of one card and I therefore would not lose it. Who knows.
and your thumb!
It's not quite clear if Visa or Mastercard will allow its member stores to accept Chameleon Cards in place of real plastic cards. Afterall, that card won't be able to mimic the Visa or MS holigram, the color-printed signature strip with code number on it, or the physical impression of the card numbers.
Accepting non-original cards opens up the risk of accepting any card with a magnetic stripe as being a stand-in for the real credit card. It would effectively turn all in-person credit card transaction to being as insecure as a web transaction. There's a reason why web merchants have to pay more for their credit card services, and it's that insecurity.
So, it's near certian that Visa and Mastercard accepting stores will be ordered by the card networks not to accept Chameleon Cards from customers. Game over for this technology... it works in the lab but won't work in the real world.
or verify a signature?
not too good..
every day http://en.wikipedia.org/wiki/Special:Random
One has to wonder... what happens if the ATM eats your card? Then again, if the ATM is likely to eat your card, you probably don't have the cash for this gadget anyways.
Skill is successfully walking a tightrope over Niagara Falls. Intelligence is not trying. -- Anonymous
Sounds dangerous.... one peice card skimmer.
Seems like it would make it easy to steal peoples credit cards, you no longer even have have the original card.
Fun uses: skimming, pick pocketing, "borrowing" your friends / enimies credit card, etc....
I wonder if you can read from one cameleon to another. Complete havok.
I don't know about you, but I'd much rather have it use a password. I think most people would happily give a sufficiently threatening criminal their 4 digit PIN number (or any style of password) without too much of a fuss, but I'd rather avoid giving anyone any incentive whatsoever to leave me short one digit. It would be a very small consolation to cancel my credit cards after such an incident.
That's right, this is the card that Ford Prefect swipes from his new Editor so he can hack into the basement computers with the help of his pet robot and....
If my answers frighten you, stop asking scary questions.
Tm
Support TBI Research: http://www.raisinhope.org
To buy RFID programming devices shipped to Mailboxes Etc. for my fraudulent needs, someone comes out with a nice consumer product that I can re-program to be other people's cards over and over.
Nice.
For customer cards--most will accept a "home phone number". Try XXX-collect in your area code. Remember, /. people are intelligent, and intelligent people conceal identity whenever possible.
-I am an elective eunuch.
I don't know about other folks, but I've got 3 credit cards, a NYC Metro Card(transit fares), an Employee IS and a drivers license in my wallet.
I wouldn't call that a stack and it's manageable. Never even though of this as being a problem before reading the article.
If someone were to use this gadget, they'd have the 'stack' of cards, AND the gadget to worry about. Right?
Sounds like a waste to me.... Nothing to see here, move along please.
wbs.
Huh?
How am I going to stick that thing into an ATM?
It wasn't insanely exciting to look at. It was rather dull in fact. It was smaller and a little thicker than a credit card and semi-transparent. If you held it up to the light you could see a lot of holographically encoded information and images buried pseudo-inches deep beneath its surface.
It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant-a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.
Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.
Ford pocketed it.
DRM 'manages access' in the same way that a prison 'manages freedom'
Instead of stealing one or two cards (since I don't carry all my credit cards with me at one time)
A thief can now just steal my vault and get access to not only my credit cards, but get discounts at my grocery store!
I gotta go with the last line... It sounds cool, but it's just more hassle to actually use come purchase time.
"Honey, this was a lovely dinner of sushi, are you sure this isn't too expensive"
"No problem, I'm just going to pay with my pocket vault... and...uh"
"What's wrong?"
"I've got soy sauce on the fingerprint scanner and now it won't authenticate me and give me my credit card!"
"Don't you have cash?"
"I don't use cash because I have the pocket vault! AUUGGGHH THE BATTERY WENT DEAD!"
Here is the original universal card.
wbs.
Huh?
He wasn't saying it would be easy for thieves to steal the universal cards themselves; it would be easy to actually store stolen cards (be it credit cards, debit cards... whatever) into memory very easily and efficiently! He makes an excellent point and I think it's rather scary. A thief would only need the card for a second, and they would have card in their little database.
Let me list the reasons why
1) Cumbersome
2) Breakable
3) All eggs in one basket
4) A lost/stolen card is replaced by the credit card company. Who replaces that lost/stolen $200 computer?
5) What do you do when the batteries run out
6) What happens when the OS crashes and the information is wiped out?
So many reasons...
This is without a doubt the best thieves's tool!
... ) card, and pasting it on a cardboard card, and write your name and number up on the front. And then TRY to use it in any shop. I am sure they'll just ask for some other card.
The only thing that could be done to prevent this is to make it hold only a small number of each type of card. Like only 10 Credit Cards. Still, its pretty much simplyfies the "printing" of stolen cards.
OTOH, i wonder if this will ever work. CC companies must back this up to work, i mean try taking the mag strip off your AmEx (or visa, or
I've checked the Drudge Report, CNN, the AP, Reuters, ABC, MSNBC, and Google news. Can't find a mention of it anywhere. Now here's the real question... Dead or alive, would Stephen King use these universal devices? Do the undead worry about the security of their credit and debit cards? What are the implications of RFID in relation to space aliens? If you're demonically possessed, can the demon use this device in your stead? Inquiring minds don't really want to know...
If the Pocket Vault (should it ever make it to market) is ever lost, one should not use any backup to restore its values to another unit as the company suggests the consumer make. What they should to is to contact the issuer of every card stored on it and inform the issuer that the card has been compromised. The issuers will then instantly revoke the lost numbers making them worthless, and send out new cards right away.
That'd be the secure way to do things. Any computer backup of this device's contents is a really scary thing... it serves no useful function but is such a dangerous thing in the wrong hands.
Then how do you let a friend borrow your card?
That gives me lots of confidence in the security of Speedpass cards. I predict wonderful "learning experiences" as RFID reading/duplicating technology moves down to individuals. Of course, legal threats are already being used to try to keep that genie in the bottle. (Previous story on Slashdot about nasty letters to people who bought smartcard readers for legitimate reasons.) Sure, that'll work...
One line blog. I hear that they're called Twitters now.
No a theif can cut any card they want - the initial investment will only be $200!
Well, it looks neat. But it also looks like a really good tool for theives.
Kewl as hell though, for $200 bucks I'd probably buy one... or two... or three... ahh hell gimme the lot of 'em!
You TOTALLY missed the point.
The parent was saying to use the RECORDER to steal the card numbers using it to record the customer's card (as you would your own cards) and then sending it to the Chamaleon card to use it in shops.
Just imagine what you could do with the RFID cards. Just walking in a mall recording off other people's cards, or cars !!!
And the irony is that you can even steal the info off these Chamaleon cards.
This seems like a step in the wrong direction commercially. I see the future as evolving to cellphones that do everything. Your car detects your cellphone bluetooth signal and unlocks. You have a java app on the cellphone to turn on the hvac system on your way out of work.
You rock up to the local supermarket - they rfid scan your goods and your cellphone pops up with a query "Confirm payment of $76.36 to SuperMarkEt?". Click yes and they're paid.
Cellphones already have fully featured web browsers, mp3 players, accept memory cards - etc etc. As much as we love to hate them - phones will probably end up being the all in one digital tool we can't imagine doing without.
SharedID - Single Sign On and Identity Server for web applications.
The Chamelon Card system uses a fingerprint reader to secure the data vault. Fingerprint readers can be defeated using a simple hack involving common household items. I refer interested readers to the following article: http://www.schneier.com/crypto-gram-0205.html.
I really like this idea, and I'd hope they could add a feature for remembering passwords too (though I know those exist already) but the use of a fingerprint worries me. Fingerprint scanners are easy enough to defeat as it is, and if it's only going to be one person using it again and again, it may get even easier. Hopefully they'll work out something to mitigate this before they bring it to market. In any event, this would certainly deter the casual wallet thief. Once I'm out of school and have a decently paying job, I imagine the convenience of ditching all my cards and having functionally limitless capacity for them might merit a $200 purchase.
WARNING: there is a trojan on your
How much memory does one of these devices have?
64k? 128? 1 meg? 2 meg? 128 meg?
Hmmm....a better question would be, does it support relational databases that store gigs of information, and hook upto a PC?
Candy-Coated Knowledge
1.) tuck universal card under super-wide "fashion" watch band or stylish non-metallic bracelet
2.) Shake hands with your rich boss who has a speedpass watch
3.) Smile as your card copies his speedpass
3 1/2.) ?????
4.) Profit
~~ the h0rse has spoken ~~
I thought about that too, but my name is different on some of my cards so this would not be practical.
Its Last name, First name in some. First Last in others. First Initial Last in yet others, etc. I have one card where my last name is misspelled (its ok phonetically).
Also now that i think about it, this needs some kind of text entry too, cos it would need to store the CVV to be displayed on screen at purchase time.
*CVV is the 4 digit number middle right in AmEx cards, or 3 digit at the end of the CC number on the back in some Visas and MCs. Its used to verify that the card is physically present at purchase time, as this number is not in the mag strip (i can't figure out exactly how, as it could have been hand copyied by the thief too, but its used for this)
Here's something VERY IMPORTANT that all people should know about credit/debit/magnetic cards.
There area plenty of card scanners that rip everything off the card, and fit snuggly into the palm of your hand. Much smaller then this device. So the waited picks up the card, and while walking to swipe your card, also swipes it along his palm(hand not pda).
That's why I highly suggest cash, and only using ATM's at locations you trust.
There is a huge level of parinoia you should be into about how and where you use your credit cards. Personally I feel safer using my card online versus most stores where I can't seem my card for more then a minute. With online connections, it is very hard to sniff all packets, then decode the information, and hopefully very hard to break into a computer to grab the DB/cache w/ that information, (although everyone is weakest at then ends, generally...)
So basically what I'm saying is, this device is not a new concept, it just allows for quicker setup and return. If someone swipes your card (through a reader) and you get the card back w/o knowing it, you won't tell the bank to cancel it. That won't happen until you start recieving 2k charges for something.
What if my Chameleon Card is lost or stolen? With conventional plastic, I can call the issuer, report the card lost/stolen, and have a replacement sent within a couple of days for free (be wary of those companies that would charge you for this service). What is my recourse with Chameleon? Ponying up another $200? Also, what if I destroyed my original cards when transferring their data to the Chameleon device? Is there an online backup somewhere? Or am I shit out of luck?
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
Right...
I think it would be much easier to start with a simpler problem: digital cash. I would love to have a card that can hold up to about $100 that is anonymous and which I could use for bus fare, parking meters, road tolls, or small purchases like meals. This would be a natural for on-line purchases of paid content (iTunes, archived news stories).
By being anonymous, my privacy would be protected (at least in theory). It would also be completely unconnected to my credit cards and bank accounts, so it could never be used to steal more than $100 from me.
This is not a trivial problem -- it has some of the same problems as voting (anonymity & non-repudiation).
I think this is already being done in Europe. If only the US would catch up.
Hey, slick, it can memorize a SpeedPass code. Gee, what could posiably go wrong with this?
Now we gotta wrap our speed pass in tin foil too!
I'm an American. I love this country and the freedoms that we used to have.
One Card to rule them all, one Card to find them
One Card to bring them all and in the darkness bind them
In the Land of Cameleon Network where the Shadows lie.
-Valen
Uhm, I have a European bank account and a smart card that goes with it. Suffice it to say, those little chips to nothing more than Visa Electron. It's for digital cash. Nothing more. Nice try, though.
Chameleon Network says this technology will be available in early 2005 and is expected to cost under $200.
And will track your every move.
Oh my god, this card totally invades my privacy. Soon, it will be required to do ANYthing at all in our society. The mark of the beast is here! Where's my tinfoil hat?
Hey, didn't John Connor already have one of these? His would even crack PINs and stuff too!
Try the 'yuo aer teh dumm dumm cowboy wiff teh guns' angle next time, it's more affective.
Dumb fucking Euro bigot.
The only thing I don't like about this device is that it must be implanted in your right hand or forehead.
Linux: Free if your time is worthless.
I was just wondering : what about those cards that don't have a magnetic track or a bar code. I mean those secure items that are chip-based cards. How could this device "fake" them as they are the only sure way to keep personal information at this time.
...)
I know that regarding security nothing is sure. But at least it is the surest I know (except if you carry a 800 kg vault in your pocket
According to the article, you can just restore from an online or local database, which has to be the stupidest feature of this gadget. If something goes wrong, being able to restore from database won't save you in the middle of a restaurant or at a mechanic in the middle of nowhere. Even with this carry-all, you would still need to carry at least one real credit card with you at all times.
Then there's the security for their online database, which just screams "hack me!"....
Didn't know it was technically possible alread.
Never really tried to find out...
Maybe if I was SCO I would be suing them for stealing my (undisclosed) idea.
Was also thinking as an ID, you could instruct it how much info to disclose:
.
.
a> only age
b> also name
c> blood type
d> also phone #
e> also address
z> also social security #
Lurking in the desert
wow now all i need to do is sift through your trash everyweek unntill i can find a creditcard nunmber (on a statment-reciept or somethign). now that i have that information i can easily create a virtuAL card and goto town for 10 minutes. i think they outlawed or at least trac the other card reader/writer machines. of course this could already be done, but now it is just easier and faster.
but does it come with a tin foil hat?
...
Joe: Ok, I have a good one, you're at a restaurant and you hand the server the gizmo. he thinks it looks suspicious and calls the police. That could be a problem.
Darl: Hang on there Joe, we'll look at it in a subsequent session. Today we're working on the website!
Yeah, what did you mean by "suspect?" Are EMC or IBM guilty of producing vaporware? Is NewsCorp not far-reaching enough for you? Granted, not all of these are the most ethical companies in the world... but just an example.
Why oh why does every new technology have to spy on its users? The last sentence of the second paragraph seems to say you can opt out, but it sounds very weasely to me (what is not included in "this profile information"?) From http://www.chameleonnetwork.com/faq_general.htm A: Convenience and security in that order. Of course, there are many other reasons consumers will want to own the Pocket Vault. For example, if PV owners choose to, they can receive discounts and other promotions from retailers and media issuers, and have those available "in their wallets" at the touch of a button. To the extent a Pocket Vault Holder "opts in" to certain marketing offerings (there are 4 levels of 'opt in'), CNI may have access, not to the individual account numbers, but to the fact that a particular consumer has and makes use of a certain type of wallet media. If the consumer does not opt in, Chameleon Network will not even have access to this profile information.
From about a year ago: this article says France has a system like what I want. It's not clear from thaat article whether you can use it for all of the purchases I mentioned, but it's a start.
The local university has a vending stripe on all the student ID cards, which acts as a store of value. Could I grab one of these babies, find a lost card, put some money on it, then effectively copy it repeatedly with this device to get all the free soda, snacks, and photocopies I like?
The World Wide Web is dying. Soon, we shall have only the Internet.
Why dont we have a micro chip implanted on our fore finger whicg would contain all the information???
Hellraider - Looting taken to extremes
That's $200 you're whipping out in front of everyone. So easy to lose, and so tempting to steal (even if they can't get the data in it).
Here's what would make more sense: All credit/debit cards require the reader to verify and register the purchase. Instead you open up a meta-account with a debit card that you register ALL your cards and bank accounts with, and then use just that card, allowing the meta-account to distribute your money for maximum savings or returns. Since interest is compounded daily, paying/investing daily could save/make you a fair chunk of change. Hell, just make it a free government service and make it your driver's license or id, so you don't have to carry anything extra.
Oh, and if you lose it you're not out $200.
---If you can't trust a nerd, who can you trust?
I wonder how many credit cards you needed to carry in the first place in order to actually save space by using their device...
- It's expensive. Too expensive for a trinket that might be lost/damaged in everyday life. Credit card lost? No biggie - you just cancel it, request new one. At worst you pay few bucks fee for replacement card.
:) - logos and all. And if you expect chameleon cards to be allowed to display those logos, think again. Not to mention that a chameleon card would either have to display gazillion different logos (fishy, wouldn't pass in most stores without tons of education and approval of credit card companies), or you'd need a custom card for every card you have - in which case the whole toy is useless.
- Lose this trinket, and you just gave *every damn card/id thingy ya had* to a thief. Yeah yeah its fingerprint keyed. So what? The data is inside and everything is ultimately hackable.
- It can obiviously be used to swipe magnetic strip data off other people's cards you may be able to handle. As a bonus if it can 'dupe' smartcards, Visa & co wont be happy - they just spent gazillions in moving every (insecure) magnetic card to ones with chip inside. I think their timetable is something like by end of 2005 every Visa card is a smartcard. I'd expect credit card companies to sue the pants off this company for unauthorized reverse engineering of their security features against duplication in the cards. DMCA will be used to pwn these guys. (And if it does *not* dupe smartcards, it will be useless in couple of years when every card becomes one)
- Big credit card companies will just tell to the retailers not to accept anything except Genunie Visa(r) Card(tm)
- Huge hassles with most clerks refusing the cards 'swiped on' with this trinket even without guidance from credit card companies - "that's not a visa card, are you trying to fool me with some thieves tool with copied card data?". The education required to train every damn minimum wage clerk in the world to identify and accept this thingy in place of a real card would be astronomical - EVEN if the card companies would go along with it.
Dot.com boom coming back? This company is beyond loony to even attempt to develop something this stupid.
You have to show ID in amny cases, (though computers don't care) so wouldn't using someone else's info look a bit suspicious. "Yes I'm Jane Doe!" "uh sir..." It seems there still that barrier no?
Get me a meat pie floater!
Does it mean I am going to loose all my money, my health insurance .. etc. if my dog chews away my finger?
I better keep my fingers off this...
The netherlands has chipknip (free translation: chipwallet)
/ netherla nds.pdf
See this pdf for a nice english description about.
http://www.protonworld.com/downloads/pdfs
It isnt such a succes as they planned. But it is used pretty much and most stores accept chip payments.
There where some rumors about security leaks do. Chipknip is integrated with your bankcard so not anonymous
200GB/2TB $7.95 Coupon: SAVE90DOLLAR
That device sounds like the device mentioned in 'Do andriods dream electric sheep?' by Douglas Adams. Don't know if anybody recalls it but it was the end all, do all solution for identity verification. The name of the device escapes me at this moment.
From the website:
Unpublished, Chief Technology Officer
They don't have one? Reading the FAQ section, this VC looks phishy by the second....
For the record, I had this idea about 5 years ago.
Only in my case it was simply an electronic card that stored or emulated all your other cards simply so that you didnt have to have your wallet stuffed with so many damn cards all the time.
In my case, I figured the big card companies wouldnt go for it because they loose the advertising. their name brand card is suddenly a generic card in appearance that doesnt stand out from other cards in the wallet.
And for the record, no, i didnt try to patent it or develope it.
George Bush + Linux = "I will not let information get in the way of the fight against Windows"
And since this thing losses its information after a minute or two of being out of the mothership. So how exactly are you supposed to run a tab at a bar without having to be completly dorky and saying something like "can I have my card back for a minute I need to finger print auth it again".
My idea at the time, was to have a card, ONE card, that contained the "personalities" of your other cards (Bank, ATM, credit card, shopping club card, etc.) on the same card.
For example, you walk up to the counter, tap a button that "sets" the card as your credit card, and are prompted for a pin code. You enter it with the little keypad on the card (the older SecureID cards did this, and were wafer-thin). Then you are prompted to "verify" the pin you enter, by pushing your thumb onto a spot on the card, "unlocking" the personality. Now you can slide/swipe the card and use it as a normal credit card.
You walk over the ATM machine, and decide you want some cash. Tap the "ATM" button on the card, enter the pin, push your thumb onto the pad, unlock the card, and slide it into the ATM machine. It is now an ATM card.
CFR 21.11 has all the details on how to make this meet government guidelines for security and authorization. Basically to ensure something is "secure", and to meet their criteria for biometrics, you have to meet 2 out of 3 of the criteria:
Using my design, described above, you can meet all three of these criteria:
The technology is there, or very close to it, we just have to find a way to miniaturize the components a bit more (make the cards flexible, so they can be put in a wallet), and make it low-cost, so it isn't prohibitive to own one.
While yes, providing biometric verification for usage of this device might frighten and worry some, I believe it far outweights the damage done when you lose a credit card. I would imagine that your fingerprint wouldn't leave the device "I could be wrong; I have not read any white papers on this particular device". Others in the above have commented on the lack of holographic verification and printed numbers, but I believe credit card companies would liken to this quicker due to the fact it would be harder to have fraudulent activities. In the end, this would bring their fraud expenditures down I believe IMHO. On the flipside though, a significant disadvantage to this is whenever you replace physical money with computerized money, the possibility of hacking becomes a serious threat i.e. Paypal and other online payment methods. I believe it will take a while for them to ensure customers this is secure; certainly the credit card companies will not endorse a device that is not reasonably secure; it would be against their best wishes. Until those concerns are met, I don't think we'll be seeing this technology for a while.
I did'nt think you could present a barcode on an emissive display and expect it to scan.
barcode scanners illuminate with their own (laser) light, and so, scanning the display of a barcode should not work.
Am I missing something?
For the record I had this idea many years ago. It was called money.
What kind of English is this ?
Surely (don't call me Shirley) this shoud be "from"
Americans are so dumb, no wonder they get reamed.
The technology to do this already exists. The EMV specifications already allow for multi-application cards. This could already be done for payments but is not.
Visa and Mastercard don't make use of it for the simple reason of branding - you can't promote your brand with a generic looking card. In this day and age, company branding is more important than user convenience.
In SOVIET RUSSIA you know everything about credit cards.
In CAPITALIST AMERICA the credit cards know everything about YOU!
Sorry, the technology to do much of this already exists. EMV allows for multi-application smart cards, but doesn't have the fingerprint technology and such.
It's so beautiful and complete and modern. Too bad I'm dislexic and it turns weird.
I wrote about something similar in Japan, a cashless prepaid card connected with Sony's online payment system, Sega's arcades, AM/PM stores, and DoCoMo cellular phones.
nfg.2y.net games archive
An astonishing network to be sure!
$200 bucks... can I put that on my visa?
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
When I was a kid, my parents would tell me about this, and even then.. I thought they were crazy. Now, religious or not.. it's coming to that.
Well, Visa and Mastercard are moving over to smart credit cards - with the embedded ICC - so the Chameleon Card will not only have to produce the right magnetic strip, but also the right applications to the ICC... and you can't just stick a smart card into a reader and duplicate it. BTW, anybody else notice that the team members of Chameleon contain more than one Unpublished name... so if some of the people behind it don't want their name public, what faith can you put in their product.
You know, all this sounds wonderful, but I do not believe they will be able to implement a system this complex and maintain reliability. For chrissakes, the majority of the world is still being crippled by a simple little fucking email attatchment.
boycott slashdot February 10th - 17th check out: altSlashdot.org
This'll be great if it takes up less space in my wallet than a half dozen cards. Otherwise, I'll wait for a future, slimmer, version.
Seriously, though, this could be a great idea. Three credit cards, a driver's license, three insurance cards (dental, medical, and auto)... plus a bunch of other cards I don't carry because I rarely use them (voter's registration card, etc) and are therefore at perpetual risk of being lost; this thing has a lot of potential.
The owner is in control of the information on the device, and it appears actually safer than carrying regular credit cards since it can't be used by thieves (assuming it also proves to be secure). My only questions center around the RFID tag, but they could be easily satisfied.
Fantstic, now all I have to do is copy/steal one card and con one number out of you and your life is MINE
Hell, just make it a free government service
Free? Free to who? There are no such thing as "free" government services. They cost tax $. My tax $. Maybe I don't want to pay for your personal convenience. Maybe the guy next door doesn't care to pay for it either.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
Plus, can I sit on it?
I do security
So now, when you're mugged for your wallet, they'll cut off a finger or two also. Just great!
There are an amazing number of posts talking about what a bad idea this device is because it could easily be used to copy credit cards and so on.
The problem is not with this device! The problem is with your credit cards, speedpass, etc.! If they are that easy to copy, something is wrong with them. This is exactly what "security through obscurity" means. If your speedpass doesn't use encryption and can be copied just by listening in on the radio waves it sends out every time you use it, it's badly designed! If your credit card can be used to make a purchase based entirely on the easily-copied magnetic stripe, it's badly designed! Don't go after people who make card copiers, go after credit card companies who don't put smart chips in their cards and require PINs.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Or is this just an open invite for an even more high-tech form of identity theft.
Who do you want to be today?
o)
I can see how this would be a convenient way to steal credit card info -- especially coupled with a card printer like you see at Sam's Club. Even the name, "Chameleon", implies some level of shadiness.
This could be defeated with a silent partner. The thief could use a trusted friend's thumb print to access the device.
If the thief were caught, all he would have to do was not to divulge the identity of the person with the fingerprint, and both would go free.
If the thief was careful to wipe off the partner's fingerprints after every access, the investigators would have no way to find which one of his acquaintances the partner might be even if the partner had a criminal record. In fact, the thief could even claim that he could not understand why the device did not work the way it used to before he was arrested.
This is unless, of course, there was a backdoor in the software as another poster suggested. This also assumes that a fingerprint is not required for every transaction executed by the device.
All data is speech. All speech is Free.
Ever been to a shopping mall?
All data is speech. All speech is Free.
Could be a nice under $200 Linux PDA... could be sweet.
-=Redir
I mean, ever been to a department store?
All data is speech. All speech is Free.
Talk all the trash you want. That does not change the fact that smart cards are uniquely identifiable like credit cards and therefore lack the most important aspect of cash: anonymity. If you like telemarketing calls and spam and do not believe in privacy, credit cards and/or smart cards are for you. Either one can be used to profile you, and neither is equivalent to cash.
As an aside, if I remember correctly, French people boycotted Eurodisney just because it was from the US, so is your post not a bit of the pot calling the kettle black?
All data is speech. All speech is Free.
This actually is what I was thinking... for the less advanced thief (read: on crack or something) what's to stop them from literally chopping off your finger?
They unlock the card while they walk to the register with your SEVERED thumb and buy whatever they want.
You, in the meantime, are rushing to the hospital, not cancelling your credit cards.
Scary.
Credit card thieves dont physically steal the card anymore. Most often they have their own card reader like this device and they will swipe your card an extra time under the table and pretend it didnt go through the first time.
A week or two later they make a fake card with your magnetic stripe and usually go on a 5000 dollar (the usual single day limit on most cards) spending spree and then fence the goods. The consumer discovers 5000 dollars on his card, usually from stuff purchased when he was in another state, at work, on the international space station, etc and calls the bank up. They issue a new card and reimburse the money.
This happened to me, and not ONCE did my card leave my wallet.
The only real solution to credit card thievery is to have intelligent software that tracks the spending habits of the legitimate user and requires extra verification before allowing out-of-the-ordinary purchases. Like if someone normally buys nothing but gas and groceriers with a credit card and suddenly buys 3000 dollars worth of stereo equipment 200 miles from where they live.... red flag!
"Jonnie Public"
"Johnathan Public"
"J. Q. Public"
"Johnathan Quincy Public"
If all this should have a reason, we would be the last to know.
Thats a new one to me, mind you I think I've tried to scan a barcode displayed on an lcd, i know I have tried crt's
... nice idea though ... but RFID is the way to go with that, cuz then you market not only the rfid tag, but also a reader which is then connected to aback end network of various vendors such as visa etc. (think of interac in canada - bank cards only) ... now think of an rfid terminal connected to an interac like network, and then just a rotary disc with 7 or 8 different rfid chips that can be read ... use the chip... shazaam! ... this idea patent pending, copyright soop 2004
*shrug* don't think that'll work
spin the dial
This CHECK ID thing is not the be-all end-all that everyone seems to think it is. It still leaves the signature off the card, which is a critical element to making the match.
Best thing to do (and I don't do this) is sign the card, and on the right side of the white stripe in big sharpie ink, put CHECK ID. That provides the best security but only if the noodges actually check your ID, which they're supposed do anyway, but more than 90% don't.
sev
but have you considered the following argument: shut up.
This reminds me of a line from 5th Element:
"Korben Dallas MultiPass!"
What do you think of this?
You get a single card that can store all your info, and a card reader at home. You slip the card in before you head out and unlock all the elements of it using the card reader and some kind of authentication thing like a public key (I like codes that thieves will not expect you to know off the top of your head, like a 4-digit PIN--that's dangerous...but can you see a crook saying, "Give me your Universal Card and your public key"?). You could say, unlock all my credit and debit until 8pm tonight, and leave the Visa and Mastercard unlocked until 10pm.
You have to choose a default credit account that stays on all the time, but if you make too many purchases with it while the rest of the card is locked, the credit card company calls you and lets you know. That's it. They don't shut it off, they don't even have to have a live person call you. They just call you and say, "Someone's charging on your locked card, is it you?"
Of course, if you prefer the credit company to be liable, then you have to allow them to shut it off if purchases don't match your typical buying profile whether it's locked or unlocked. If you want the freedom to never have your card shut off, then you agree to pay the charges.
I don't see the point of keeping things the way they are. I don't know about you guys, but I keep all my credit cards right next to each other, so if I ever get mugged, I'm going to lose them all anyway, along with my ID. So I say stick 'em all on the same piece of plastic so I only have to track one thing. And you have to admit, it's definitely more secure than cash any way you cut it. Someone gets your cash, and what recourse do you have?
sev
but have you considered the following argument: shut up.
In the UK at least if you dont have a real signature on your signature strip then they will most likely refuse the transaction.
I know someone who on some occasions had the write the words "check id" to the upper right of her signature because people interpreted it as part of her sig.
Stores REALLY need to start reading the smart chips on cards. I've got 4 or 5 cards with those, but since moving to the USA they haven't been checked once.
I checked the first google link, it has a chart with all the different kinds of cards.
Under "Annual Fee", it lists "$3.95 Per Month".
Another one has "No Annual Fee"... just a "Monthly Maintenance Fee" that's only spelled out in the Terms & Conditions.
First a card, then an implant. Companies are already talking about this.
Implantable chips will inevitably become a reality, however premature implementation into our society WILL BE ABSOLUETLY HORRIFYING! The technology will inevitably be abused! Do you want every detail of your life scrutinized by the government?
Even more frightening are the potential abuses of nano-technology. Think of RFID chips. Now think about inhalable or edible RFID chips. Now think about nanobots belonging to the government or any interested party crawling around in your bloodstream towards your brain. Prety creepy, isn't it?
Cold hard cash is the only way to protect one's privacy. Even this is becoming difficult with the new levels of cooperation between banks, bussinesses and Ashcoft's increasingly Hyper-Orwellian post911 federal government.
The US government through NASA will be installing brain scanners at airports...remember Blade Runner and that crazy test they gave you to see if you're a replicant? Very soon you will be experiencing something similar before boarding a plane...if this does not disturb you than you are a naive idiot.....
Society is not ready for this stuff, although there are some very powerful people who will stop at nothing to ensure that your very survival will depend on you and your children's future implantation. Of course it will be voluntary at first, however they will be social pressure to ensure one is an outcast if not in compliance...
Yet even more frightening is the possibility that vaccines will be used as a covert means of introducing self-assembling implants into the population. Why do you think there is so much legislation being introduced to forcefully vaccinate people whenever the government funded terrorists decide to unleash smallpox or some other bioweapon...for more information on forced vaccination and government ownership of your body google 'model emergency powers health act'...
Is it just me, or does it seem a little odd to other people that several of the principals listed on their web page (including the CTO) remain anonymous? Why the heck would anyone do that? Most companies at this stage splash the identities of their principals everywhere. These guys must have some pretty bad skeletons in their closet to hide like this.
Slashdot - News for Herds. Stuff that Splatters.
Found this surfing the web about people with Multiple cards... Sounds kinda cool http://www.justonecard.com
Anyone else notice on the pre-order page... "Why do you want a Pocket Vault?" -- "Coupons/Promotions deliverd(sic) to my wallet." Just what I want: To open my wallet to pay for something, and before I have a chance to select the card I want to use, I'm told about the interest rates on another company's credit card. 200$ for a billboard that helps steal credit cards?
With all the useless crap they are jamming into cellphones, it _seems_ (albeit contingent on solving some of the security issues mentioned here) like this would be a nice feature to put into a cellphone. Nearly everyone has a cellphone these days, certainly the software has evolved enough to be able to support something like this.
The problem I could see, however, is in the physical design of a magnetic stripe protruding and retracting, and how easy that would be to break.
There is very little future in being right when your boss is wrong.
Or just use this "universal card manager."
Have fun: Join D.N.A. (National Dyslexics Association)
Why are people so intent on using debit or credit cards?Every time you use it you are charged by the bank or CC company just to utilize what is rightfully yours(well maybe not so much in terms of CC).Cash is still the best, fastest, most economical way to do transactions.It always will be.
You have all posted very valid reasons why this new system would be unsecure, but don't you think Chameleon would have taken some measures to secure this? I have no proof or way of knowing if this is what Chameleon does, but if they're smart, they've done something along these lines: If someone stole your chameleon card, they wouldn't be able to use it without your fingerprint. I assume Chameleon wouldn't let just anyone load any Chameleon card into their pocket vault. I'm sure they assign a single card to each pocket vault/user, and it won't accept cards that do not match the pocket vault's number. So if someone stole your card (account #001) and tried to put it in their pocket vault (account #002), it would deny it because the card isn't account #002. If someone stole your credit card and scanned it into their pocket vault, again I assume each pocket vault would have one user assigned and if it didn't match, it wouldn't accept. For those of you who say "What if a wife wants to use husband's card and vice-versa?", Chameleon probably lets you assign both the wife and the husband's name, so she can use his cards and he can use her cards.
I brainstormed this months ago, and came up with a better version imho. This whole idea needs a ton of work and a small test market to try it out in, but it would provide useful. I think it would be better if customer loyalty cards supported a standard instead of their proprietary format. Kind of like the computer industry sometimes tries and does. Protected AAC anyone?
n c= 2
http://freebirdpat.livejournal.com/131546.html?
If what you are reading sounds funny, or sarcastic, lame, or stupid
it is because it is supposed to be. just laugh
How about all the Jews who make money off of usury pay for this service? After all, protecting against fraud does nothing more than further line their filthy pockets.
We should have a special tax that every Synagogue is forced to pay that funds this service.
Capping all interest rates at 10% would also be a wise move.
You have all posted very valid reasons why this new system would be unsecure, but don't you think Chameleon would have taken some measures to secure this?
I have no proof or way of knowing if this is what Chameleon does, but if they're smart, they've done something along these lines:
If someone stole your chameleon card, they wouldn't be able to use it without your fingerprint.
I assume Chameleon wouldn't let just anyone load any Chameleon card into their pocket vault. I'm sure they assign a single card to each pocket vault/user, and it won't accept cards that do not match the pocket vault's number.
So if someone stole your card (account #001) and tried to put it in their pocket vault (account #002), it would deny it because the card isn't account #002.
If someone stole your credit card and scanned it into their pocket vault, again I assume each pocket vault would have one user assigned and if it didn't match, it wouldn't accept. For those of you who say "What if a wife wants to use husband's card and vice-versa?", Chameleon probably lets you assign both the wife and the husband's name, so she can use his cards and he can use her cards.
You'll also be able to use it to travel to distant worlds at a Farcaster terminal.
Or am I the only one who reads Dan Simmons?
Leeloo: Leeloo Dallas mul-ti-pass. ...
Korben: Yeah.
Leeloo: Mul-ti-pass.
Korben: Yeah, multipass, she knows it's a multipass. Leeloo Dallas. This is my wife.
Leeloo: Mul-ti-pass.
Korben: We're newlyweds. Just met. You know how it is. We bumped into each other, sparks happen
Leeloo: Mul-ti-pass.
Korben: Yeah, she knows it's a multipass. Anyway, we're in love.
If this thing takes off, somebody will figure out how to crack the internal security without destroying the data.
... Or you do the "Demoliton Man" thang and the thief cuts off my thumb while he's picking my pocket.
At that point, once a thief gets this device back to his base o' operations he hacks my vault, downloads the cards to his "Spoof Vault" and makes my data his.
The major banks of Sweden did exactly this like 5 years ago with massive marketing and everything else in their power to make it a success. They even gave away cards preloaded with money.
But very few people wanted to use it. Two months ago the product was declared dead.
Disclaimer: I work for a major credit card processor (and in stories like this, this job apparently means free karma...) but the opinions stated in this post are mine and may or may not also be my employer's. The statements of policy or fact in this post are true in a general sense, and cannot be interpreted as general or appropriate in all situations. So nothing I say here is binding, and when my manager sees this post she'll be happy that I'm covering all my bases. :-)
.)
We're almost definitely not seeing the whole story here. I don't see this as a straight-to-consumer product.
Let's look at it from the straight-to-consumer angle first: the company I work for, First National Merchant Solutions, would almost definitely suspend or close any of our merchants if we found out they were swiping one of these devices through their terminals' card stripe readers. (Assuming present-day Visa and Mastercard regulations.) Mastercard just recently (March 2004) announced revised fraud protection standards to address "Merchant Collusion", where a merchant and a customer are acting in collusion to present a transaction for the intent of fraud.
(Offtopic: there are currently no Visa or Mastercard mandates requiring or encouraging smartcard readers on merchant terminals. The current "push" is compliance with customer account number truncation, so only the last four digits of the customer card number (and not the expiration date) is visible on customer sales receipts. When Visa and Mastercard want to motivate people they do it with policy or with money, and we haven't seen either of those incentives from them yet. Smartcard-capable terminals, at least in our product line, cost $40 - $100 more than their non-Smartcard-capable counterparts, and merchants see neither a monetary benefit (in the form of lower per-transaction fees) nor a risk benefit (in the form of more protection from chargebacks or fraud) for accepting smartcards. We aren't even deploying actual smartcard readers in our terminals yet. I think we process about 15% of all of the Visa/Mastercard transactions in the US by volume (dollar amount), so we would know
Now let's look at it with the pure-speculation viewpoint of considering a possible future product. This would be recognized and sanctioned by Visa/Mastercard. What would a product like this offer over conventional magnetic-stripe-read cards? Better customer identity verification -- in specific situations and with certain security procedures in place, it's possible for this technology to give Visa and Mastercard better confirmation that the person who owns the account really is the person who is attempting that sale.
Let's think about the business case for that, though. Considering that I've never even actually held a smartcard-equipped credit card in my hands, nor do we have any smartcard-equipped terminals actually deployed, I have NO expertise to offer on smartcards.
New technology is driven by fraud, and fraud prevention. (Sometimes by transaction cost, but the technology cost of transactions is pretty cheap already.) Who bears most of the cost when fraud is committed? Ignoring issuing-bank-side fraud (where someone signs up for a card with a fake identity, or where they run up their credit limit, send in a rubber check, run up their credit limit again, and then file bankruptcy or skip town)... most of the merchant's risk of loss is due either to identify-related fraud (where a customer presents a card they don't own), fulfillment-related fraud (where a customer receives goods or services and then claims they never received them or received something flawed), employee-related fraud (self-explanatory), or a technical problem explained simply by merchant error (sometimes "ooh what does this button do" crap which would deserve to be on SysadminCo if it weren't confidential and finance-related).
New tech does nothing for fulfillment-related fraud or technical stuff. I think it actually increas
muggers with pruning sheers, ouch.
If you want to steal a card, you have to ask for the code (still better than to be asked for your thumb, btw).
This touches on what has been troubling me. If a fingerprint is needed to access card data, then it won't be long before people start losing thumbs and money... at least the former.
"where words meet intent, lies rhetoric's lament"
what do we do about all the cut off fingers that will be laying around?
What's to stop me from stealing our hand (ala Demolition Man) and uising your finger prints?
If there were only certain locations to add cards into the chameleon, then you could keep the stealing to a min. until of course someone cracks the machine.
I doubt it will emulate the "Modulare Merkmal", a special analog signal some German banks put on the magnetic strip of their ATM Cards ("EC-Karten").
The "Ident-i-Eeze" card!!!
From Mostly Harmless:
It was an Ident-I-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different way in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone . . . Just look at cash machines for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant -- a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had and about their recorded preferences for tablecloth colors. And that was just to get a bit of cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missle treaty, or pay an entire restaurant bill, things could get really trying.
Hence the Ident-I-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and it therefore represented technology's greatest triumph to date over both itself and plain common sense.
What a handy way to organize the 10,000 credit card numbers I just haxx0red off of the new Slashdot pay-site.
It seems to me that forgers are their target market. The vault is the perfect device. In ANY scenario this thing is great for forging. The scenario that Chameleon will like the best, of course, is when you give the clerk a Chameleon card, then she swipes it through a "Vault" right before swiping it through the register. Chameleon made money off both of you!!
But, more realistically, the fact that Financial Institutions have to sign up with Chameleon makes me believe that the company is more insidious than this. Chances are that the Chameleon cards are tagged as copies, and that the scan carries the deprecation, so they are not suitable for enVaultment. The result will be that if you use original cards instead of Chameleons, you will be open for the easy forging provided by the Vault, but if you use Chameleons, you will be safe. In effect, people will be forced to use the system to reclaim the marginal safety they had before the system existed.
Very cool...
(I always root for Dr. Evil.)
I was offered a job at a startup company that wanted to do this exact thing about 2-3 years ago. I said I'd take on some consulting for them but wasn't ready to commit full-time. After meeting with MC/Visa and AmEx, this was exactly the problem. Not only did it completely remove every piece of security they had, but it also ruined all branding they'd established over the past billion years.
In other words they said (which I expected): "So, you want us to open ourselves up to unprecedented levels of fraud, lose all of our branding, and get exactly what in return?"
I don't even like the concept of having to futz with fingerprint recognition when it's easier to just pull the card I want. It's ok though. This isn't the future of transactions. All we need is one major banking shake-up and we'd be able to use our debit-cards as a near-costless transaction medium. Wouldn't it be grand?
Check it out
It is also a part of many credit cardholder agreements. So if the thief signs the card, the signatures match the fraudulent purchases, and they recover the card, then you a liable for the purchases.
Ross Winn "not just another ugly face..."