Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID MasterCard

Posted by michael on from the swipe-on-swipe-off dept.

starburst writes "MasterCard introduces a RFID MasterCard called PayPass in Orlando Florida. They tout the convenience of no more swiping or giving your card to cashiers. They claim the card has to be within an inch of the reader to be read -- how long till criminals are walking the malls, or next to you in line with portable readers getting your card information?"

47 of 257 comments (clear)

  1. How long? by Mononoke · · Score: 5, Funny

    How long until I can buy a wallet with a woven copper grid liner?

    --
    NetInfo connection failed for server 127.0.0.1/local
    1. Re:How long? by Beautyon · · Score: 4, Informative

      How about right now?

      CARD-SAFE(TM) WALLET

      "Protects Credit Cards And Other Valuables From EMF Damage"

      The magnetic strip on your credit card can be damaged, even erased by exposure to strong magnetic fields. Ordinary magnets will do it, but so can less obvious sources such as anti-theft scanners in department stores or libraries, small electric motors, even speaker magnets (someone told us that electromagnetic harassment can be used to erase credit cards too)! This handsome black leather wallet is discretely lined with both RF and magnetic field shielding materials and offers excellent protection. Includes 2-compartment bill fold, 6-compartment credit card holder and change pouch, all shielded. Measures about 4" x 4½" when folded. Quality European craftsmanship, equally attractive for men and women.

      --
      ATH0 Bitcoin: 1DnwFLXczVZV8kLJbMYoheUrpqHesjxrSi
  2. Photo and PIN on Cash Card / Credit Card?? by justinmc · · Score: 5, Interesting

    If my photo had to be on my Credit Card and also I had to enter a Secret PIN to use it - would that stop a load of Credit Card Fraud??
    If I am at the store, they compare my photo to me?
    However I guess some people would not like carrying an ID card (which it could make the Credit Card?) around with them??
    Just my two bits (0&1)

    1. Re:Photo and PIN on Cash Card / Credit Card?? by Elvisisdead · · Score: 4, Interesting

      In my case, on the back of every card I carry is emblazoned, "ASK FOR ID !!!" in red sharpie-induced print. Someone asks me for ID maybe 20% of the time. The percentage jumps to around 50% for those who actually look at the back of the card.

      It doesn't matter which technology is used (a magnetic strip or an RFID tag). Without authentication of a valid user, the situation won't improve.

      --

      "Want in one hand and spit in the other and see which one fills up first." - My Dad
    2. Re:Photo and PIN on Cash Card / Credit Card?? by Radon+Knight · · Score: 3, Insightful
      If my photo had to be on my Credit Card and also I had to enter a Secret PIN to use it - would that stop a load of Credit Card Fraud??

      It's interesting that you suggest this scheme. Over here in Europe, several countries have started using/requiring PINs to be entered for all credit card purchases. They claim that since this scheme has been implemented, credit card fraud has fallen markedly.

      Personally, I have somewhat mixed feelings about it. Credit cards have - until now - always been safe, emergency financial fallback. As long as you have your card (and haven't hit the limit) you can use it to get yourself out of any bind: buy a ticket, buy a meal, pay for a cab. Now, even if you still have your credit card, if you forget your PIN you're in a world of hurt. ("So, don't forget your PIN, dummy!" Yeah, I know. But no one ever plans on forgetting their PIN.)

    3. Re:Photo and PIN on Cash Card / Credit Card?? by andyh1978 · · Score: 2, Informative
      A couple of banks in the uk trialed this and apparently cut fraud by a significant amount.... but they stopped it due to cost I believe.

      Which bit are you referring to - the photo part? Because point-of-sale PIN number entry is currently being rolled out nationwide here in the UK - there was a trial period and now they're going live.
    4. Re:Photo and PIN on Cash Card / Credit Card?? by Kittoa · · Score: 2
      Someone asks me for ID maybe 20% of the time. The percentage jumps to around 50% for those who actually look at the back of the card.


      As you've noticed, writing See ID isn't all that effective. But it can prove to be pretty funny:

      http://www.zug.com/pranks/credit/

      -Alex
    5. Re:Photo and PIN on Cash Card / Credit Card?? by dbc · · Score: 4, Interesting

      20% That high??? You are lucky. One friend of mine who for a time ran his own company doing very high priced ECAD software had this experience: He was entertaining clients at a pricey eatery -- the waiter quietly calls him asside and says: "Excuse me sir, but the name on this card does not match your signature" -- Indeed, it did not. The name was someone elses entirely -- not even close. (He settled the bill on another card without embarassment.) Turns out, about a month earlier, a salesmen and he had gotten their cards swapped by a waiter at some other resturant. They both went for *a solid month* of sales call T&E before this waiter caught it. They got to be well aquainted over the next two months as they sorted out their bills.

    6. Re:Photo and PIN on Cash Card / Credit Card?? by me101 · · Score: 2, Interesting

      Actually, writing "ask for id" on the back of most CC (V/MC/AM/D) makes the card "invalid".

      Read the back of your card... it is very plainly printed on the back "not valid unless signed", and if you ever read the "t&c" that come with your card it's also listed there.

      Also, some CC makers (Visa for one, MC used to...), actually guarantee your privacy, so asking for an ID when you present your card is actually breaking the merchant's contract with Visa (the one that allows them to accept transactions and put the visa logo on their storefront), where visa guarantee your privacy, no ID will ever be needed to use the card.

      I used to work for a major retailer, who had a store policy where if someone purchased an expensive watch from certain vendors, they were also to ask for the customers driving license... When I pointed this out to the store (that it was breaking visa's rules on privacy), they said that it was a store policy along with the vendors, and go away. Well, one customer took offense to this policy whilst purchasing a watch, ended up not getting the watch and beinf rather angry when they left the store. Unknown to the store, the customer was a lawyer for a CC processing center, raked the president of the company over the coals on the phone later, so much so that the policy was NEVER enformed again... if someone refused to give their driving license over, it was never questioned and the purchase went on as if the question was never asked.

      I know that in the UK, chip and pin is being implemented, and has to be fully done by 31st Dec 2004, otherwise the banks/cc are saying any fraud is on your heads. The banks are trying to change all those CC swipe machines into ones that are chip and pin enabled, small retailers are being given them in exchange for their old swipe unit... CC companies are replacing cards with chip and pin versiosn as quick as they can (forcing new exp dates etc...)

  3. Paranoid? Ha! by HawkinsD · · Score: 2, Funny

    You know, people make fun of us tin-foil-heat-wearing paranoid psychos...

    But then people invent stuff like this. Which just makes us even crazier.

    --
    Never attribute to malice that which can be explained by mere idiocy.
  4. tin foil hat... by millahtime · · Score: 4, Funny

    time for a tin foil hat for my wallet.

    --
    Evolution or ID?
  5. mastercard, don't sue me by Anonymous Coward · · Score: 5, Funny

    Tank of gas - $22.47
    Pack of cheetos - $1.25
    1 Liter of Mountain Dew - $1.50
    Stolen card # via RFID - Priceless (or your max on the card)

  6. Tell me I'm wrong by Exiler · · Score: 4, Insightful

    I'm haven't read much on RFID tags, but I thought the power came from the reader, so the only thing that would have to be more powerful for the cards to be read from more than an inch away would be the reader, not the card.

    --
    Banaaaana!
    1. Re:Tell me I'm wrong by josecanuc · · Score: 5, Informative

      The power does come from the reader in the form of a low frequency, unmodulated RF signal (a sine wave) around 140 kHz (a very, very low frequency). An antenna on the RFID chip absorbs this RF energy into a capacitive component and the energy from each pulse of the low frequency "Activates" the chip to emit its information on a higher frequency (varies, from 400 MHz to 3 GHz, but mostly in the 400 MHz or 920 MHz bands, depending on the chip design).

      The power with which the chip emits its information is dependent on the size of the capacitor on it, so feeding a higher "power beam" to it will not increase the output power.

      However, RF energy decreases as the distance from the radiator increases (inverse square law), but does not technically (theoretically) go away completely at any distance from the radiator. If your subversive reader had a higher-gain receiving antenna than the official reader, then you would be able to read the data farther away than one inch.

      Note that RFID chips have come a long way since the beginning and now can perform whole two-way transactions during each pulse of activity. The devices could implement a challenge-response type of authentication. The chip sends a string, the reader encrypts it with the secret code, and sends it back to the chip which checks to see if the string is encrypted correctly. If it is, then it sends the data (also enrypted) to the reader, all in one pulse from the "power beam".

      While nothing can be totally secure AND also accessible to everyone, the challenge-response system is practical and effective (some mail servers use it so you can log into your mail server over an unencrypted channel without revealing your password).

    2. Re:Tell me I'm wrong by josecanuc · · Score: 2, Informative

      In that case, the RFID chip would still only output it's regular power, since the capacitor in it has a limited capacity. There would be no way to get the RFID chip to emit more power than it was manufactured to.

  7. Really! by _Sharp'r_ · · Score: 4, Insightful

    How much more efficient is it really to put a card an inch next to a pad merchants will have to buy instead of swiping it through a card reader that already exists everywhere?

    Look, the 5 seconds per month people will save with this aren't going to be worth the costs of embedding the RFID, so eventually this will go away based on simple economics.

    --
    The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
    1. Re:Really! by Motherfucking+Shit · · Score: 4, Insightful
      How much more efficient is it really to put a card an inch next to a pad merchants will have to buy instead of swiping it through a card reader that already exists everywhere?
      I really have to agree here. "They tout the convenience of no more swiping or giving your card to cashiers." What the heck? Swiping my credit card is supposedly "inconvenient?" I don't think so. I can't remember the last time I shopped anywhere that I had to physically hand my card to a cashier, every retail store seems to have the self-swipe card reader. Swiping my own card takes, what, 2 seconds? Entering the PIN (if I'm using a debit card) takes another 2 seconds.

      What's the "inconvenience" that RFID is trying to solve here? Why can't some company concentrate on making it faster for Ms. Soccer Mom to write her $300 check at the grocery store, when she's one of 4 Ms. Soccer Moms in line in front of me?

      I agree, this is a solution looking for a problem, and it's going to die a quick death.
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    2. Re:Really! by SmackCrackandPot · · Score: 2, Interesting

      A lot of credit card occurs due to the intermediaries copying the details of your card (the magnetic stripe) while the card is out of your sight. Consider the times when you go to a restaurant, have a meal, ask for the bill, and choose to pay by credit card. The waiter then takes the card out of sight and then (hopefully) returns the card. Other scams simply involve a till operator "accidently" dropping your card on the floor, and then swiping the card through a reader.

      What if you could just swipe the card against a portable pad, without it leaving your hand? Although, I'd prefer an optical communication system, rather than radio waves.

    3. Re:Really! by Richthofen80 · · Score: 2, Insightful

      The inconvienece is that Magnetic card readers wear quickly and everyone gets mad at a multiple swipe purchases, or when it doesn't even work at all. At gas stations, where credit card is self-serve, its really convienent. Thats why mobil invented speedpass. so this is a speedpass for 'everywhere else'. I like it. anything that takes the cashier out of the equation so i can get on with my life instead of dealing with a snotty underpaid teen is a good thing.

      --
      Reason, free market capitalism, and individualism
    4. Re:Really! by 706GL · · Score: 2, Informative

      I allways go ahead and swipe my card and enter my pin before the cashier is done scanning my stuff, this way all I have to do is hit "yes" once their done, so this takes like .5 seconds which I would say is even more efficent than cash.

      --
      ...
  8. Security by InternationalCow · · Score: 2, Interesting

    I checked out their web site - no details on security other than the assertion that it is "secure". Right. I am assuming that the RFID tag is a passive one and that the paypass terminal needs to authenticate in some way. I do hope so, anyway, because if not, criminals are indeed going to have lots of fun with this. Would anyone be able to tell me how secure communication between a tag and a reader can be obtained?

    --
    ----- One learns to itch where one can scratch.
    1. Re:Security by 706GL · · Score: 2, Informative

      No... just because their passivly powered dosen't mean they can't process data, there are dumb and smart prox cards. A smart prox card has RAM and a processor insted of just ROM, and the processor is powered off of the magnetic field the antenna picks up. Here's an example of a smart prox card: hID iClass

      --
      ...
  9. Dexit by Chess_the_cat · · Score: 3, Interesting

    There's something similiar in Canada called Dexit. But it's not a credit card. It's a type of debit card with a $100 limit so if you lose it or anything you're not really out all that much. You can refill it anytime online, over the phone, or automatically from your account. It's used for fast food, candy, newspapers, whatever.

    --
    Support the First Amendment. Read at -1
  10. They must think it's safe by kirun · · Score: 2, Insightful

    From the site:

    Your card never leaves your hand. And, of course, you get the same level of security that you've been accustomed to: $0 liability on unauthorized purchases and a receipt for every purchase.

    If it's really possible to grab numbers from a crowd, this one could get expensive for them. You'd think they'd be smarter than that. But companies have messed up before.

    --
    I'm scared of numbers that can't be written as a fraction. It's an irrational fear.
  11. How secure? by jayminer · · Score: 4, Interesting

    I think that's a make up on the current insecure credit card framework, which is hopeless. Credit cards are so propagated through the world, and it would be very costly (and disastrous) to build a brand new security mechanism so anyone can understand why MasterCard does such kind of show-off, without doing actually anything.

    This quote is worth any comment:

    "PayPass is guaranteed as safe and secure as all MasterCards."

    Oh, then that gave me a very strong and confident feeling. (Read this as: secure my ass)

  12. Better idea - 2 accounts in one card? by cygnusx · · Score: 5, Insightful

    This card is not about RFID, it's about making card use in scenarios like drive-throughs easier. Also, it's currently limited to <$25 transactions currently according to the FAQ.

    Assuming one likes the idea of small plastic transactions at all, I wonder if it wouldn't be a better idea to _combine_ 2 accounts in one card: one account for the higher-value mag-stripe, and an RFID account with a low credit limit that needs to be constantly replenished.

  13. Obligatory Credit Card Fraud Quote by Mad+Man · · Score: 3, Funny

    "Now I've got enough money to build my robot. My girl robot. This is going to be the best prom ever."

  14. how long... by moviepig.com · · Score: 4, Interesting
    ...how long till criminals ... with portable readers [get] your card information?

    How long till plainclothes cops walk the malls carrying detectors that sense the self-incriminating probe of the would-be pickpacket?

    --
    Seeing bad movies only encourages them. Watch responsibly
  15. Why don't they put some contacts on the card? by Da+w00t · · Score: 3, Insightful

    The kind of contacts I'm talking about would be the ones that measure the resistance across two contacts a few mm apart, in order to use the card your finger(s) have to be on the contacts, otherwise your card doesn't send or receive RFID crap.

    --

    da w00t. mtfnpy?
    1. Re:Why don't they put some contacts on the card? by SWTP_OS9 · · Score: 2, Insightful

      Nice but everyone has a difference resistance... Some almaost non existant and others can short out anything.

      Heat could do it.

      Remember "Locks only keep honest people out."

  16. This is a Horrible Idea by Mister+Transistor · · Score: 3, Insightful

    Once again, just because something can be done, it has been, totally without regard to whether or not it is actually a _good_ idea.

    RFID's on personal ID's or credit cards have to be a security nightmare. How easy would it be to hide a collection device under a bus or train seat and collect ID's for a whole day or two?

    Not to mention that a transmitter generates EM fields, which might be strong enough to erase your other mag-stripe cards in proximity.

    RFID technology is now getting into the "buzzword" phase of electronic manufacturing/production, it's now cheap and common enough to start getting idiotic designers thinking "gee, wouldn't it be neat if we put an RFID in ...". The same thing happened to microprocessors in the mid-80's, and we started seeing truly idiotic applications, uP-based Toasters, Staplers, Golf Tees, etc.

    History repeats itself once again.

    --
    -- You are in a maze of little, twisty passages, all different... --
  17. FUD against RFID? by Hackie_Chan · · Score: 2, Interesting

    Sorry to say, but this collective fear against RFID is just ignorance. The bus company where I live in Sweden has RFID bus-passes and it works like a charm. You don't even need to pull them out of the wallet! It's extremely convenient. I'm a person that's used the technology for over a year so I know what I am talking about. Sure, a bus-pass is different from a credit card, then again, I suspect that you still need to enter your code to charge it.

    --

    What's so bad about being lazy? What if there was a war and nobody showed up?
  18. Why passive? by tomstdenis · · Score: 2, Interesting

    Europeans are smart and use "smart-cards" already. Why are Americans still playing around with new-fangled passive devices which are just not secure?

    The reality of the situation is you can't trust the reader. Ever. This is why it's easy to scam debit [get their card no and pin], why it's easy to charge credit cards, etc...

    Sure it might cost more per card but the cards would be subject to *less* abuse and you'd have to pay out *less* ultimately in fraud.

    Tom

    --
    Someday, I'll have a real sig.
  19. It could work... by anser · · Score: 2, Informative

    This would be better with a Smart MasterCard and a microswitch on the card.

    The Smart MasterCard would exchange single-use credit card numbers a la Citibank's Virtual Account Numbers. That way the number would be useless as soon as the retailer has charged it, so that a bystander "sniffing" the information would not get anything of value.

    The microswitch would simply allow you to control WHEN the card can be interrogated, so that passersby can't much with it. You'd squeeze a spot on the card when you held it up to the retailer's reader, and thereby allow the transaction.

  20. Where is the security measure? (was: Re:How long?) by beh · · Score: 4, Insightful


    It's nice to say "you have to be within one inch of the reader for the card to be read", but WHERE is this limit built in?

    a) If it's the card itself (a "hacked" RFID that has a very weak response signal), we're on the "safe" side.

    b) If it's in the reader (i.e. the reader sends out a weak signal, so that only cards within a few centimeters are capable to receiving to the signal), then we're in trouble.

    Given - option B gives stores the "peace of mind", that they'll always read the "correct" card (i.e. the stores won't get in trouble for accidentally charging YOUR purchases to the guy next in line).

    BUT - option B means, that crooks can use stronger readers that can scan your card from a few meters away (all that while the user thinks that even crooks need to make it to within an inch of their cards).

    Before I'd go for such a card, I would most definetely like THAT question answered...

  21. In theory it is the card vendors problem by Coryoth · · Score: 3, Interesting

    I had my credit card number stolen - still no idea how. May have been random card number generation for all I know - I did nothing particularly unsafe (using your credit card at all is pretty unsafe). I was immediately contacted by my bank who were suspicious because the charges were (a) out of line with my current spending pattern (b) in a completely different country to my previous charges. I simply verified that no, I hadn't been to Spain recently, they faxed me some forms (basically just signing to say that no, the following charges were not made by me) and 3 days later my new credit card arrived by courier. everything else was handled by the bank.

    In some ways I got lucky because the nature of the spending raised flags, and because my bank actually has incredibly good service. The catch is, it is up to the credit card companies to wear the cost of stolen cards etc. presuming you take reasonable precautions. If they want to embed easily readable RFID tags and have to cover a shitload of costs for easily stolen card numbers... well, more power to them. They'll be out of that business soon enough.

    Jedidiah.

    --
    Craft Beer Programming T-shirts
  22. Magnets! by Anonymous Coward · · Score: 2, Insightful

    Thats a lie. It takes a moving magnetic field several times that of the earth to erase a magnetic strip.

    Strong magnets, sure. But ordinary ones? No way.

  23. RFID sensitivity by Registered+Coward+v2 · · Score: 2, Informative

    I recently spoke with an RFID engineer about how easy it is to read RFID tags. Basicaly, the readers are very sensitive to the position of the tag, as well as distance. Move the tag out of the ideal plane for the antenna and it becomes unreadable. Sheild it and the reader must be much closer to read it. Great technology for tracking shipments - anything that takes away people entering data via a keyboard and replaces it with people holdining recievers to spots on containers should help greatly reduce tracking errors - as well as allow shippers to track temperatures, if a container has been openned, etc.

    OTOH, what makes things easier when you can train a person to perform a task in a set way is not always better for mass consumption. Look at how often people have to reswipe cards becuse they put the strip on the wrong side of the reader - no imagine someone trying to align the RFID tag with a reader - all you've done is replace one motion with another. Mobil (ExxonMobil - the Mobile is silent) has SpeedPass - which never really caught on - that is esentially the same idea. They tried to push it for fast food purchase as well - ever see a SpeedPass enabled drive through? Which brings up th eissue - how much will it cost for companies to replace/upgrade existing readers to handle the new cards? Without a lot of cards, there's no incentive for companies to spend the money. Without readers, why have the card?

    I've had one CC strip go bad - and all the clerck did was key in the info - this RFID idea sounds like a solution to a non-problem. Now, if they could add a biometric reader that required my thumb on the card to validate it - and it read the first thumb placed on the card as the right one when you get the card, then I'd be interested.

    A switch that activates the tag sounds neat - but now I must not only get the RFID tag close to the reader but hold the card in a special way - forget it - not to mention some people may have trouble doing that due to physical constraints.

    --
    I'm a consultant - I convert gibberish into cash-flow.
  24. what happened to the old security measure? by TamMan2000 · · Score: 2, Interesting

    Has the world completely given up on checking signitures?

    --
    "I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
  25. Answer from someone in the business by Anonymous Coward · · Score: 2, Informative
    I work in the security business where this technology is used to control locks and other things.

    I have seen a boosted reader read a card (which has this magical "2 centimetre" reading distance) several metres away. It was an experiement, and the reader emitted so much energy that it certainly wouldn't pass any certifications but I strongly doubt criminals care about that.

    You could quite easily set such a transmitter up in a window overlooking a busy street, and you will be able to scan most people that pass by.

    So, to answer your question. The reading distance mostly related to the power of the transmitter. The card itself cannot determine how far away the reader is.

    That said, I would assume that MasterCard uses smarscards for this. The card would actually perform a cryptographic signature check using some form of challenge response algorithm. This prevents anyone from reading your card number, but it won't protect against a malicious store charging customers passing by on the street outside his store. :-)

    If they work exactly like a magnetic card, only sending the number on the card (like most rfid-based key cards do) then they are plain stupid.

  26. Smart and Subtle by PetoskeyGuy · · Score: 4, Funny

    I love the Shielded cap. All the benefits of an aluminum foil beanie, without the strange looks.

  27. both kinds exist by zogger · · Score: 2, Informative
    There are both passive and active rfid tags. Some are powered from the reader externally like you say (from the right up extremely close all the way out to dozens of feet), but there are others that are completely self powered.

    Nokia also announced recently they have software & hardware that can turn your cellphone into a tag reader.

    Wonder how long until the later gets "improved" upon by "outside independent researchers", the kind of dudes who wear darker colored chapeaus.....

  28. Mastercard is not stupid. by stienman · · Score: 3, Insightful

    The people working for mastercard and other financial credit companies are as smart as we are, and they stand to lose millions in fraud if they don't secure their customer's cards.

    I would be very surprised if the cards didn't have built in challenge/response cryptography to send the information. These cards are available now, and cheaply in bulk. Further, they would likely only contain a database link to the credit information which can probably be invalidated without changing the credit card number.

    Of course, this means the bad guys only need to break one (or maybe a few) keys to gain access to everyone's card, but then they have to go around and collect them by hand.

    The assumption that companies are stupid or lazy is actually based on the fact that they have to make cost/performance decisions. What seems stupid to us generally is cheaper including all the incidental and security costs. I doubt that the cost/performance ratio here would favor a 'stupid' solution.

    -Adam

  29. Re:Convenience by Ctrl-Z · · Score: 2, Insightful

    You would still need to take the card out for signature validation.

    --
    www.timcoleman.com is a total waste of your time. Never go there.
  30. Clone Speedpass RFID? by Aoverify · · Score: 3, Insightful

    Are there any documented cases of Mobil Speedpass RFID's being stolen and cloned? I do recall reading a slashdot story about a product that could be used for this purpose.

    There are already millions of these out, and the infrastructure for using them has already been in place for years (atleast in my neck of the woods).

  31. Even an inch is too much. by Ungrounded+Lightning · · Score: 4, Insightful

    It's nice to say "you have to be within one inch of the reader for the card to be read", but WHERE is this limit built in?

    Even an inch is too much. Pickpockets often have a "bumper" who distracts the target so he doesn't notice the touch on his wallet. Now the pickpocket can lift your card information by bumping into you in a checkout line.

    Then a little careful observation as you enter your PIN and your account is toast.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  32. This is already out there (and maybe better) by Dr.+Null · · Score: 2, Interesting

    In Hong Kong, I was at the local equivalent of the 7-11 where I saw the people where just waving their wallets in front of a panel by the cash register. It turns out that they have something called the Octopus card. This is a short range RFID cash card that works much like a prepaid phone card. You go to a ATM like station where you can purchase the card and/or add money to the card. If the card gets stolen, you loose the money on the card. Lots of people had it, and it made the line at the store FLY. It must have been 3 time as fast as "normal"
    The possibility of electronic pick pocketing is interesting, but at some point you have to convert the codes into money. A criminal would look very suspicious then. (unless they also owned a 7-11.... HMMMM)

    Dr. Null