Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID MasterCard

Posted by michael on from the swipe-on-swipe-off dept.

starburst writes "MasterCard introduces a RFID MasterCard called PayPass in Orlando Florida. They tout the convenience of no more swiping or giving your card to cashiers. They claim the card has to be within an inch of the reader to be read -- how long till criminals are walking the malls, or next to you in line with portable readers getting your card information?"

17 of 257 comments (clear)

  1. Photo and PIN on Cash Card / Credit Card?? by justinmc · · Score: 5, Interesting

    If my photo had to be on my Credit Card and also I had to enter a Secret PIN to use it - would that stop a load of Credit Card Fraud??
    If I am at the store, they compare my photo to me?
    However I guess some people would not like carrying an ID card (which it could make the Credit Card?) around with them??
    Just my two bits (0&1)

    1. Re:Photo and PIN on Cash Card / Credit Card?? by Elvisisdead · · Score: 4, Interesting

      In my case, on the back of every card I carry is emblazoned, "ASK FOR ID !!!" in red sharpie-induced print. Someone asks me for ID maybe 20% of the time. The percentage jumps to around 50% for those who actually look at the back of the card.

      It doesn't matter which technology is used (a magnetic strip or an RFID tag). Without authentication of a valid user, the situation won't improve.

      --

      "Want in one hand and spit in the other and see which one fills up first." - My Dad
    2. Re:Photo and PIN on Cash Card / Credit Card?? by dbc · · Score: 4, Interesting

      20% That high??? You are lucky. One friend of mine who for a time ran his own company doing very high priced ECAD software had this experience: He was entertaining clients at a pricey eatery -- the waiter quietly calls him asside and says: "Excuse me sir, but the name on this card does not match your signature" -- Indeed, it did not. The name was someone elses entirely -- not even close. (He settled the bill on another card without embarassment.) Turns out, about a month earlier, a salesmen and he had gotten their cards swapped by a waiter at some other resturant. They both went for *a solid month* of sales call T&E before this waiter caught it. They got to be well aquainted over the next two months as they sorted out their bills.

    3. Re:Photo and PIN on Cash Card / Credit Card?? by me101 · · Score: 2, Interesting

      Actually, writing "ask for id" on the back of most CC (V/MC/AM/D) makes the card "invalid".

      Read the back of your card... it is very plainly printed on the back "not valid unless signed", and if you ever read the "t&c" that come with your card it's also listed there.

      Also, some CC makers (Visa for one, MC used to...), actually guarantee your privacy, so asking for an ID when you present your card is actually breaking the merchant's contract with Visa (the one that allows them to accept transactions and put the visa logo on their storefront), where visa guarantee your privacy, no ID will ever be needed to use the card.

      I used to work for a major retailer, who had a store policy where if someone purchased an expensive watch from certain vendors, they were also to ask for the customers driving license... When I pointed this out to the store (that it was breaking visa's rules on privacy), they said that it was a store policy along with the vendors, and go away. Well, one customer took offense to this policy whilst purchasing a watch, ended up not getting the watch and beinf rather angry when they left the store. Unknown to the store, the customer was a lawyer for a CC processing center, raked the president of the company over the coals on the phone later, so much so that the policy was NEVER enformed again... if someone refused to give their driving license over, it was never questioned and the purchase went on as if the question was never asked.

      I know that in the UK, chip and pin is being implemented, and has to be fully done by 31st Dec 2004, otherwise the banks/cc are saying any fraud is on your heads. The banks are trying to change all those CC swipe machines into ones that are chip and pin enabled, small retailers are being given them in exchange for their old swipe unit... CC companies are replacing cards with chip and pin versiosn as quick as they can (forcing new exp dates etc...)

  2. Security by InternationalCow · · Score: 2, Interesting

    I checked out their web site - no details on security other than the assertion that it is "secure". Right. I am assuming that the RFID tag is a passive one and that the paypass terminal needs to authenticate in some way. I do hope so, anyway, because if not, criminals are indeed going to have lots of fun with this. Would anyone be able to tell me how secure communication between a tag and a reader can be obtained?

    --
    ----- One learns to itch where one can scratch.
  3. Dexit by Chess_the_cat · · Score: 3, Interesting

    There's something similiar in Canada called Dexit. But it's not a credit card. It's a type of debit card with a $100 limit so if you lose it or anything you're not really out all that much. You can refill it anytime online, over the phone, or automatically from your account. It's used for fast food, candy, newspapers, whatever.

    --
    Support the First Amendment. Read at -1
  4. How secure? by jayminer · · Score: 4, Interesting

    I think that's a make up on the current insecure credit card framework, which is hopeless. Credit cards are so propagated through the world, and it would be very costly (and disastrous) to build a brand new security mechanism so anyone can understand why MasterCard does such kind of show-off, without doing actually anything.

    This quote is worth any comment:

    "PayPass is guaranteed as safe and secure as all MasterCards."

    Oh, then that gave me a very strong and confident feeling. (Read this as: secure my ass)

  5. how long... by moviepig.com · · Score: 4, Interesting
    ...how long till criminals ... with portable readers [get] your card information?

    How long till plainclothes cops walk the malls carrying detectors that sense the self-incriminating probe of the would-be pickpacket?

    --
    Seeing bad movies only encourages them. Watch responsibly
  6. FUD against RFID? by Hackie_Chan · · Score: 2, Interesting

    Sorry to say, but this collective fear against RFID is just ignorance. The bus company where I live in Sweden has RFID bus-passes and it works like a charm. You don't even need to pull them out of the wallet! It's extremely convenient. I'm a person that's used the technology for over a year so I know what I am talking about. Sure, a bus-pass is different from a credit card, then again, I suspect that you still need to enter your code to charge it.

    --

    What's so bad about being lazy? What if there was a war and nobody showed up?
  7. Why passive? by tomstdenis · · Score: 2, Interesting

    Europeans are smart and use "smart-cards" already. Why are Americans still playing around with new-fangled passive devices which are just not secure?

    The reality of the situation is you can't trust the reader. Ever. This is why it's easy to scam debit [get their card no and pin], why it's easy to charge credit cards, etc...

    Sure it might cost more per card but the cards would be subject to *less* abuse and you'd have to pay out *less* ultimately in fraud.

    Tom

    --
    Someday, I'll have a real sig.
  8. Re:Really! by SmackCrackandPot · · Score: 2, Interesting

    A lot of credit card occurs due to the intermediaries copying the details of your card (the magnetic stripe) while the card is out of your sight. Consider the times when you go to a restaurant, have a meal, ask for the bill, and choose to pay by credit card. The waiter then takes the card out of sight and then (hopefully) returns the card. Other scams simply involve a till operator "accidently" dropping your card on the floor, and then swiping the card through a reader.

    What if you could just swipe the card against a portable pad, without it leaving your hand? Although, I'd prefer an optical communication system, rather than radio waves.

  9. In theory it is the card vendors problem by Coryoth · · Score: 3, Interesting

    I had my credit card number stolen - still no idea how. May have been random card number generation for all I know - I did nothing particularly unsafe (using your credit card at all is pretty unsafe). I was immediately contacted by my bank who were suspicious because the charges were (a) out of line with my current spending pattern (b) in a completely different country to my previous charges. I simply verified that no, I hadn't been to Spain recently, they faxed me some forms (basically just signing to say that no, the following charges were not made by me) and 3 days later my new credit card arrived by courier. everything else was handled by the bank.

    In some ways I got lucky because the nature of the spending raised flags, and because my bank actually has incredibly good service. The catch is, it is up to the credit card companies to wear the cost of stolen cards etc. presuming you take reasonable precautions. If they want to embed easily readable RFID tags and have to cover a shitload of costs for easily stolen card numbers... well, more power to them. They'll be out of that business soon enough.

    Jedidiah.

    --
    Craft Beer Programming T-shirts
  10. what happened to the old security measure? by TamMan2000 · · Score: 2, Interesting

    Has the world completely given up on checking signitures?

    --
    "I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
  11. It becomes YOUR problem as soon as by Anonymous Coward · · Score: 1, Interesting

    ... YOU make an "atypical" purchase as the first one in a new country you just flew into. Card issuer tries to call you or speak to you via the handset on the merchant's terminal, equipment in new country doesn't know how to handle this, result: transaction declined and card blocked for the rest of the trip.

    I make it a point to ask card issuers about whether they have such a policy and if they admit it, I don't deal with them. Some have recently taken to saying "if you plan on going abroad, tell us in advance and we'll remove the 'unusual transactions' filter from your account for 30 days."

    Yeah, I'll really tell an underpaid call centre drone when my house will be unoccupied for weeks because I'm out of the country.

    Cash is so much less hassle these days...

  12. This is a bad choice of name by Anonymous Coward · · Score: 1, Interesting

    There is a gas company that already has the trademark on PayPass for a small RFID dongle that is read by the gas pumps to pay for gas.

  13. This is already out there (and maybe better) by Dr.+Null · · Score: 2, Interesting

    In Hong Kong, I was at the local equivalent of the 7-11 where I saw the people where just waving their wallets in front of a panel by the cash register. It turns out that they have something called the Octopus card. This is a short range RFID cash card that works much like a prepaid phone card. You go to a ATM like station where you can purchase the card and/or add money to the card. If the card gets stolen, you loose the money on the card. Lots of people had it, and it made the line at the store FLY. It must have been 3 time as fast as "normal"
    The possibility of electronic pick pocketing is interesting, but at some point you have to convert the codes into money. A criminal would look very suspicious then. (unless they also owned a 7-11.... HMMMM)

    Dr. Null

  14. Re:Tell me I'm wrong by Anonymous Coward · · Score: 1, Interesting
    How would that decrease the security of the challenge-response method? The intial string "to be encrypted" is random.

    I'm at the checkout with a trolley full of beer & wine. I wave my "card" over the RFID reader. The reader sends a random challenge. My "card" relays that challenge to a repeater in my pocket, which forwards it to the person behind me in the queue. Their card responds to the challenge, through my repeater which forwards it back to my "card" sending it to the checkout.

    Bingo - someone else has just paid for my beer!