Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Universal Card

Posted by michael on from the no,-we-mean-universal dept.

retro128 writes "Wired News is carrying a story about a new product from Chameleon Network that's supposed to replace all of your credit/debit/customer cards. It can read the information off of the magnetic strips of credit/debit cards, scan the barcode off of customer loyalty cards, and even memorize the RFID signals of devices like the Mobil SpeedPass. All of this information is stored in a device called the Pocket Vault, and is unlocked with the user's fingerprint. If you wish to use a magnetic strip card, you select the card from the touch screen and put a Chameleon card, which looks like and can be run in standard readers like a credit card, in the Pocket Vault. The Chameleon card will then assume the identity of the card you selected, but only for 10 minutes. In this way, if the card is lost or stolen, nobody can use it. In the case of RFID, you just hold the Pocket Vault up to the RFID scanner for a reading. For barcode-based cards, the barcode will appear on the screen and can be scanned by a standard barcode reader. Chameleon Network says this technology will be available in early 2005 and is expected to cost under $200."

12 of 358 comments (clear)

  1. You want me to pay for that? by ObviousGuy · · Score: 5, Insightful

    200 bucks for you to know everything about me?

    How about YOU pay ME.

    --
    I have been pwned because my /. password was too easy to guess.
    1. Re:You want me to pay for that? by Anonymous Coward · · Score: 5, Informative

      RTFA - It stores all of the information locally. The only one that knows everything about you is you.

  2. Great idea....for thieves! by Damiano · · Score: 5, Insightful

    So I can grab any card I get my hands on for even a second (as a waiter or working at a gas station for example), run it through this toy and it saves the mag strip info to its internal memory. After getting several hundred (or when I max out the devices memory) I and my friends can then go on a HUGE shopping spree using stolen credit cards. Conveniently, as soon as I think the credit card companies might realize the first number is being used by an unauthorized person, I just switch to the next one. Sign me up! *sigh*

  3. Gimmie your wallet! by mikeophile · · Score: 5, Funny

    and your thumb!

  4. A card is more than just a magnetic strip... by LostCluster · · Score: 5, Insightful

    It's not quite clear if Visa or Mastercard will allow its member stores to accept Chameleon Cards in place of real plastic cards. Afterall, that card won't be able to mimic the Visa or MS holigram, the color-printed signature strip with code number on it, or the physical impression of the card numbers.

    Accepting non-original cards opens up the risk of accepting any card with a magnetic stripe as being a stand-in for the real credit card. It would effectively turn all in-person credit card transaction to being as insecure as a web transaction. There's a reason why web merchants have to pay more for their credit card services, and it's that insecurity.

    So, it's near certian that Visa and Mastercard accepting stores will be ordered by the card networks not to accept Chameleon Cards from customers. Game over for this technology... it works in the lab but won't work in the real world.

  5. The Ident-i-Eeze!! by tylernt · · Score: 5, Funny

    It wasn't insanely exciting to look at. It was rather dull in fact. It was smaller and a little thicker than a credit card and semi-transparent. If you held it up to the light you could see a lot of holographically encoded information and images buried pseudo-inches deep beneath its surface.

    It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant-a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.

    Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.

    Ford pocketed it.

    --
    DRM 'manages access' in the same way that a prison 'manages freedom'
  6. Credit cards are free, why pay $200? by eddie+can+read · · Score: 5, Insightful

    Let me list the reasons why

    1) Cumbersome

    2) Breakable

    3) All eggs in one basket

    4) A lost/stolen card is replaced by the credit card company. Who replaces that lost/stolen $200 computer?

    5) What do you do when the batteries run out

    6) What happens when the OS crashes and the information is wiped out?

    So many reasons...

  7. Fun with Fingerprints: Chamelon Card by Burstwave · · Score: 5, Informative

    The Chamelon Card system uses a fingerprint reader to secure the data vault. Fingerprint readers can be defeated using a simple hack involving common household items. I refer interested readers to the following article: http://www.schneier.com/crypto-gram-0205.html.

  8. A Lord Of The Rings Moment by Valen0 · · Score: 5, Funny

    One Card to rule them all, one Card to find them
    One Card to bring them all and in the darkness bind them
    In the Land of Cameleon Network where the Shadows lie.

    --
    -Valen
  9. Re:OMG you are a genious. by Anonymous Coward · · Score: 5, Interesting
    Having to post anonymously, due to a previous life of crime that my present life must not acknowledge.

    The criminal element factor was my first reaction to this. Back in the day, I worked as a bartender in a restaurant. I also knew a few people who were 'connected', as it were. These nefarious people had access to a magnetic card writer. I had access to a great many credit cards. I'm sure you can make the connection.

    I was paid a non-trivial sum for every credit card number I delivered to them, and more for American Express Platinum cards. I was also paid another amount for pilfering credit cards from the office safe -- you'd be surprised how many people leave their cards behind at a bar and never reclaim them. We would always get at least 5-10 a night, and there was a stack of 100's that people had never claimed.

    These people would then re-encode the pilfered cards with the stolen numbers and go on a spending spree. In the event of a store with a last four numbers check, or if security was a concern, they just used another corrupt employee like me to type in the correct four digits. I even recieved a few of these cards as bonus payments myself.

    Luckily for me, I got out of the business before it attracted too much attention on my part. However, to this day, I will not use a debit card in place of a credit card. At least with a credit card, you have protection. A debt card just comes right out of your bank account. I certainly tried to not give the criminals debt card numbers, but I'm sure a few slipped through the cracks, and I know that there were co-workers less scrupulous than me.

    However, I also wonder if you'd be able to use this device in any store. With all the security in place today, I wonder who would accept this as a valid credit card. I can't even buy things without having the back signed half the time. Then again, it's not like the self-checkout lines at Wal-Mart ever physically inspect my card.

  10. This will never fly by Jarnis · · Score: 5, Insightful

    - It's expensive. Too expensive for a trinket that might be lost/damaged in everyday life. Credit card lost? No biggie - you just cancel it, request new one. At worst you pay few bucks fee for replacement card.

    - Lose this trinket, and you just gave *every damn card/id thingy ya had* to a thief. Yeah yeah its fingerprint keyed. So what? The data is inside and everything is ultimately hackable.

    - It can obiviously be used to swipe magnetic strip data off other people's cards you may be able to handle. As a bonus if it can 'dupe' smartcards, Visa & co wont be happy - they just spent gazillions in moving every (insecure) magnetic card to ones with chip inside. I think their timetable is something like by end of 2005 every Visa card is a smartcard. I'd expect credit card companies to sue the pants off this company for unauthorized reverse engineering of their security features against duplication in the cards. DMCA will be used to pwn these guys. (And if it does *not* dupe smartcards, it will be useless in couple of years when every card becomes one)

    - Big credit card companies will just tell to the retailers not to accept anything except Genunie Visa(r) Card(tm) :) - logos and all. And if you expect chameleon cards to be allowed to display those logos, think again. Not to mention that a chameleon card would either have to display gazillion different logos (fishy, wouldn't pass in most stores without tons of education and approval of credit card companies), or you'd need a custom card for every card you have - in which case the whole toy is useless.

    - Huge hassles with most clerks refusing the cards 'swiped on' with this trinket even without guidance from credit card companies - "that's not a visa card, are you trying to fool me with some thieves tool with copied card data?". The education required to train every damn minimum wage clerk in the world to identify and accept this thingy in place of a real card would be astronomical - EVEN if the card companies would go along with it.

    Dot.com boom coming back? This company is beyond loony to even attempt to develop something this stupid.

  11. Re:Seriously. by Anonymous Coward · · Score: 5, Insightful

    The Benefit of this thing is essentially that, lacking your fingerprint(the value of biometrics can be discussed elsewhere), it cannot be used

    But that's the complete opposite of the truth. It needs the fingerprint of whoever owns the vault, not whoever owns the original credit card. This scheme simply means that if I DO get access to your credit card briefly that I may also have a cheap consumer device, that I don't need to be coy about using, that allows me to easily copy your card. Instead of walking round with a pocket full of stolen cards I have a single vault that nobody else can access.

    Any "security" features of the original card are rendered irrelevant because of course I do have a completely valid chameleon card.

    Signature confirmation goes completely out because either there is no signature on the chameleon card or, again, it's the signature of whoever owns the chameleon card not whoever owns the original.

    To try to spin this as giving added security to owners of genuine cards is absurd.