Slashdot Mirror
The Universal Card
retro128 writes "Wired News is carrying a story about a new product from Chameleon Network that's supposed to replace all of your credit/debit/customer cards. It can read the information off of the magnetic strips of credit/debit cards, scan the barcode off of customer loyalty cards, and even memorize the RFID signals of devices like the Mobil SpeedPass. All of this information is stored in a device called the Pocket Vault, and is unlocked with the user's fingerprint. If you wish to use a magnetic strip card, you select the card from the touch screen and put a Chameleon card, which looks like and can be run in standard readers like a credit card, in the Pocket Vault. The Chameleon card will then assume the identity of the card you selected, but only for 10 minutes. In this way, if the card is lost or stolen, nobody can use it. In the case of RFID, you just hold the Pocket Vault up to the RFID scanner for a reading. For barcode-based cards, the barcode will appear on the screen and can be scanned by a standard barcode reader. Chameleon Network says this technology will be available in early 2005 and is expected to cost under $200."
That gives me lots of confidence in the security of Speedpass cards. I predict wonderful "learning experiences" as RFID reading/duplicating technology moves down to individuals. Of course, legal threats are already being used to try to keep that genie in the bottle. (Previous story on Slashdot about nasty letters to people who bought smartcard readers for legitimate reasons.) Sure, that'll work...
One line blog. I hear that they're called Twitters now.
The Chamelon Card system uses a fingerprint reader to secure the data vault. Fingerprint readers can be defeated using a simple hack involving common household items. I refer interested readers to the following article: http://www.schneier.com/crypto-gram-0205.html.
RTFA - It stores all of the information locally. The only one that knows everything about you is you.
It stores all of the information locally. The only one that knows everything about you is you.
Right. You and any card reader you need to use.
If the machine doesn't prompt for the attendant to veryify the physical presense of the orignal card, then the card transaction slips from a card-present transaction to a card-not-present transaction, and a higher fee is due to the credit card issuers or the store has to eat the higher risk of fraud.
A debit card transaction can get by with just the pin and no physical verification... but that also means an even higher merchant fee. This is why Wal-Mart is no longer accepting MasterCard debit cards as debit cards when the card is capable of supporting a credit card transaction, because that's what's cheaper for the store to do.
That's not about the fee, that's for two other reasons:
1: Stores get the money credited for debit transactions immediately. They have to wait for credit card payments. That float is meaningful.
2: A credit card transaction is a lot easier to reverse... simply complain to the credit card company. Even if the complaint is invalid, the store's payment for the transaction is held in escrow until that is declared. (Reversed-by-complaint credit card transactions also carry steep penalty fees on the merchant side... the card issuing bank has to eat all fraudulently presented card cases.)
So, for $3 transactions, the debit card is better than the credit card mode because the store is just willing to eat the loss if the transaction goes fraudulent. For $300 transactions, not so much. Trust me, there's a dollar value somewhere at which point the default behavior will spin around... and you as a consumer never will want to use a debit card so long as you have a credit card in your wallet somewhere that can take the hit without incuring intrest.
Yeah, what did you mean by "suspect?" Are EMC or IBM guilty of producing vaporware? Is NewsCorp not far-reaching enough for you? Granted, not all of these are the most ethical companies in the world... but just an example.
Making him decode the cards has nothing to do with him testifying against himself. If a judge sees probable cause to believe there is evidence stored on the device, he can issue a search warrant requiring the criminal to give access to the device. Its just like taking a breathalyzer or getting a blood test to determine if you have been drinking and driving, you aren't testifying against yourself, but rather being compelled to assist in providing evidence, even if the evidence is being used against you.
From about a year ago: this article says France has a system like what I want. It's not clear from thaat article whether you can use it for all of the purchases I mentioned, but it's a start.
When a non-physical transaction goes frauduent, the credit card companies have to eat it.
Where did you get that idea? The merchant always loses, not the bank. The bank is more than happy to reverse the transaction and collect their chargeback fee.
I take it you aren't including people who live in the UK as Europeans (signatures used, along with magnetic stripes).
This'll be great if it takes up less space in my wallet than a half dozen cards. Otherwise, I'll wait for a future, slimmer, version.
Seriously, though, this could be a great idea. Three credit cards, a driver's license, three insurance cards (dental, medical, and auto)... plus a bunch of other cards I don't carry because I rarely use them (voter's registration card, etc) and are therefore at perpetual risk of being lost; this thing has a lot of potential.
The owner is in control of the information on the device, and it appears actually safer than carrying regular credit cards since it can't be used by thieves (assuming it also proves to be secure). My only questions center around the RFID tag, but they could be easily satisfied.
Plus, can I sit on it?
I do security
that is why NONE of my cards are signed but say in big sharpie ink.. "CHECK MY ID!"
Technically, if you DON'T sign it, it is not valid. I can see your point about putting "CHECK MY ID!", but according to most terms of credit cards, it shouldn't be honored. Now, if you don't sign the card and don't put "CHECK MY ID" on it either, you are just asking for trouble. Let's say a thief gets a hold of an unsigned card without "CHECK MY ID" in the signature box. All the thief has to do is sign your name with his own hand. Viola! The signature will match every time.
But why is the rum gone?
Is it just me, or does it seem a little odd to other people that several of the principals listed on their web page (including the CTO) remain anonymous? Why the heck would anyone do that? Most companies at this stage splash the identities of their principals everywhere. These guys must have some pretty bad skeletons in their closet to hide like this.
Slashdot - News for Herds. Stuff that Splatters.
I pay no charge to use my debit card, because I maintain a certain minimum balance in my account. I pay no charge to use my credit cards, because I pay off their balance each month, and use no-annual-fee cards.
A Universal card, properly secured, would be very attractive to me.
Don't underestimate the power of The Source
I contacted them with some questions. Here is their replies:
*****
Dear Malachi,
Three-digit credit card security codes will appear on the Pocket Vault screen when you press the "card details" icon. For any card that is currently "issued" or active on the Chameleon Card, the Pocket Vault will then display the security pin and available credit and card balance at the last time the device was updated.
Todd O. Burger
President & CEO
Chameleon Network Inc.
30 Monument Square, Suite 300
Concord, MA 01742
TBurger@ChameleonNetwork.com
W (978) 287-0703
F (978) 369-4661
H (781) 863-1196
M (781) 820-2521
*****
Dear Malachi,
Credit and debit cards can only be loaded to a person's Pocket Vault while the Pocket Vault is docked to a PC or Mac and the legitimate owner of the Pocket Vault has established a secure Internet session.
(The computer and the Pocket Vault actually establish dual secure sessions in parallel on a standard dial-up or better Internet connection with the Pocket Vault website or the website of an authorized Pocket Vault dealer (for example, a major credit card issuing bank). The security and simplicity of our loading process are two of the elements that impressed card industry executives. The complexity is not visible to the consumer and the number of steps the consumer actually takes are few.
The Chameleon Card does have a conventional signature block on its back. Most security experts would acknowledge that the usefulness of the signature is no better than the skill of the average retail clerk who must perform on the spot handwriting analysis by "confirming" that the signature on the card matches the signature on the receipt or the signature entered on the pad at the cash register. Despite the limited value of such verification, we do not alter this verification element. Of course, we think the other security elements that essentially verify that you are the legitimate owner and user of the Pocket Vault represent the real substantive security, and that retailers will eventually come to a similar conclusion, tending to ignore the signature block on Chameleon Cards.
There are two types of places that take imprints: Those that do it as another security tool on top of magnetic-swipe capture of the account number, and those that are completely off-line (e.g., a taxi or flea market merchant.) Those that do it for additional security will no longer need to do this with chameleon Cards. For truly off-line merchants, (about 2% of total credit card transactions or less), the merchant will record the card number by looking at the screen of the Pocket Vault and writing this by hand on the slip. Since worn cards often leave illegible imprints that require the retailer to re-write the number anyway, there is not a great deal of difference here.
The Pocket Vault can store a license type photo (and family and pet photos as well) and associate that photo with any photo ID. The photo displays on the Pocket Vault screen while a photo ID type card is issued.
Please feel free to post this information. You are one of many that has asked such questions, and we are unable to answer all of them. We hope the flood of orders we are seeing (and hope to continue to see) convince card industry executives that we have something here of broad interest to consumers, which could accelerate our efforts.
Thank you for your interest in our product and services.
Todd O. Burger
President & CEO
Chameleon Network Inc.
30 Monument Square, Suite 300
Concord, MA 01742
TBurger@ChameleonNetwork.com
W (978) 287-0703
F (978) 369-4661
H (781) 863-1196
http://www.google.com/profiles/malachid
Another response from some questions I asked.
k .com
*****
License and Other Photro IDs
If we have an agreement in place with the AAMVA (American Association of Motor Vehicle Administrators) or the individual state MVD, it will be the official license image. Otherwise, it will be your photo associated with a Driver's License number. In about 15 states, the license is simply a tool to use in a police cruiser to check the state license database to see if the license is current and in good standing. In those states, a Chameleon Card may be accepted sooner than it is elsewhere.
Fees
There are no fees for use of the card and we do not take any percentage of a transaction (in fact while our Chameleon Card may be used in a transaction, we would be unaware that such a transaction ever took place). Depending on what services a consumer opts in for, there could be monthly charges for the use of the Pocket Vault (updating, backup, promotions and discounts, etc.). If the consumer does not opt in, there will be no further charges.
Loading Non-financial Cards
You will be able to load any card with a magnetic stripe, bar code, smart card chip or typed information card, most photo ID cards, and many (though not all) RFID cards (e.g., contactless cards for parking garages and building access). In some states, you will be able to load your driver's license, in others, we will need to establish a relationship with the Dept. of Motor Vehicles to enable this feature.
Todd O. Burger
President & CEO
Chameleon Network Inc.
30 Monument Square, Suite 300
Concord, MA 01742-1858
Main 978-287-0800
Fax: 978-369-4661
Email: TBurger@ChameleonNetwork.com
www.ChameleonNetwor
http://www.google.com/profiles/malachid