Slashdot Mirror

← Back to Stories (view on slashdot.org)

Visa To Push Swipeless Credit Cards

Posted by Zonk on from the tossing-your-money-into-the-aether dept.

BobPaul wrote in to mention an initiative by Visa to allow for swipeless credit card transactions. From the article: "...consumers need only wave credit and debit cards within a few inches of a reader to complete a purchase. And for purchases of less than $25, no signature is required...Each transmission between card and reader has a unique code that cannot be reused even if it is intercepted". Update: 02/25 16:06 GMT by Z : References to RFID technology removed.

9 of 452 comments (clear)

  1. Security? by Cyberax · · Score: 5, Insightful

    And now a thief doesn't have to guess PINs. It will be enough just to steal a card!

  2. Very Secure? by bigtallmofo · · Score: 4, Insightful

    From TFA:

    Each transmission between card and reader has a unique code that cannot be reused even if it is intercepted, a key security feature, he said.

    What protects consumers from fraudulent merchants waving some kind of electronic cash-sucking wand by your back pocket which contains your wallet which contains your RFID Visa card? There's no mention of this in the article at all!

    It's a standard scam now for an unscrupulous merchant to charge millions of people a small amount of money fraudulently with the hopes that the vast majority won't even notice. Imagine what they will do when all they have to do is walk around a mall waving something at people purse's and backpockets!

    --
    I'm a big tall mofo.
  3. Another Fine example of Slashdot "journalism" by sQuEeDeN · · Score: 5, Insightful

    Seriously. IT DOES NOT MENTION RFID ANYWHERE IN THE ARTICLE. Just so y'all realize. Why is slashdot so anti-RFID, anyways? Are you guys anti-barcode? It's just a longer range barcode. And the chipmaker can set the length. It's just a way to get small amounts of information in to a computer. Relax.

    And, I'm inclined to listen to visa a little bit when they say their card is secure. I mean, they are not exactly a company that can win by skimping on security. If the system is hacked, they pay, not you.

    --

    Recursive (adj.): see 'Recursive'
    1. Re:Another Fine example of Slashdot "journalism" by DaveJay · · Score: 4, Insightful

      Why is slashdot so anti-RFID, anyways?

      I believe it is an issue of knowledge. Specifically, with RFID and RFID-like technologies that do not require physical contact or personal interaction (like a PIN or swipe) it is conceivable that your information can be read at a distance* without your knowledge.

      Does that mean the VISA card in this article is going to allow someone to drain your bank account because you walked too close to a vendor's shop? Not necessarily. However, consider this:

      1. The "secure" WiFi protocols have all been beaten;
      2. The "close-range" of bluetooth has been increased to over 1/4 of a mile by use of a shotgun-style antenna;
      3. In general, people continue to use these technologies even if they are informed of the flaws, because they do not want to lose the convenience (or believe that "if it was really insecure, they wouldn't be able to sell it" or "It won't happen to me").

      So do I think that a card like this will eventually be cracked, and will eventually be used to spy or steal from people (successfully or not**)? Yes. Yes I do.

      *Here, "a distance" could be a few feet, or could be across a street through a shop window using a shotgun antenna (see bluetooth example).

      **Here, I refer to the idea that someone who did this in bulk would likely get caught, and if they got caught it would not be a successful theft; then again, people steal checks and forge transactions to pay their utility bills all the time, and are rarely prosecuted for this provided the dollar amounts are small.

  4. Re:Show me the security by Delirium+Tremens · · Score: 4, Insightful
    Maybe they shoud have moved to the latest standard: AES. Deploying 3DES solutions today is deploying legacy.

    "While 3DES appears to be secure for now, it takes at least 3 times as long to run as DES, and this means that it is inefficient and slow compared to other available block ciphers such as the new standard, AES, which has replaced DES."

    -- W. Diffie and M. E. Hellman, "Exhaustive Cryptanalysis of the NBS Data Encryption Standard," in IEEE Computer, vol. 10, 1977, pp. 74-84.
  5. Re:Show me the security by Thaelon · · Score: 5, Insightful
    While this may seem very scary at first it's complete FUD.

    In order to process claims from a reader like this you're going to need a merchant account.

    So let's say you try it, I'll outline the events for you in chronological order:
    1. You obtain a merchant account to be able to collect funds from your portable reader.
    2. You figure out a way to generate transaction IDs without contacting Visa.
    3. You go out and collect ~$24 from fifty people in a crowd, wohoo $1,200!
    4. Let's say you play it smart and only claim those trasnaction monies and random increments over a day or so.
    5. 50 people protest to visa that they didn't authorize your charges.
    6. Visa does about 30 seconds worth of research and realizes that all 50 of these claims lead directly to you via your merchant account.
    7. Visa shuts you down like a bitch and presses charges.
    8. You go to jail since you have no case whatsoever.
    9. Your ass now belongs to Bubba.

    --

    Question everything

  6. Vent my Credit Card/Check Card Pet Peeve by Confessed+Geek · · Score: 4, Insightful

    Please excuse me while I get this personal pet peeve off my chest.

    WHY, do companies and stores think that NOT showing ID when using a credit card/debit card is something that people would want?

    I Don't sign my cards. I write in bold letters on the back MUST SEE ID. Still only about 1 in 20 times am I asked for an ID, even when makeing a $50+ purchase.

    And the debit cards. The advertising on them is insane. They have some celebrity come out and get asked for ID then say - "With our Check Card, you Never need ID" And how is this supposed to be a good thing? I'm supposed to be happy that it is even easier for someone who has stolen a card to go and clear out my checking account? Who the heck goes out with their credit cards, but skips their ID? Who the heck runs around without an ID in the first place? What, your going to go into your wallet or purse, take out the debit card, and leave your licence/ID in there?

    With all the credit card fraud and identity theft gong on, why would anyone make it even easier to ruin your credit rating and entangle you in hours upon hours of sometimes futile effort to get it set straight?

    Mind you I will screem like hell if somebody REQUIRES me to carry an ID all the time - but cash spends fine without any verification.

    Thanks.

  7. Re:Show me the security by John+Harrison · · Score: 4, Insightful
    You can probably eavesdrop on the card to reader communication from some distance. This is known by those that created the spec and they have designed for it. Go read the EMV spec. Tell me if you can hack it. It has been out for years and in production in Europe for a while, though most deployments there are for contact cards.

    The real goal is fraud reduction. Visa isn't aiming for a perfect system, they want a better one that prevents skimming of your mag stripe. This means that they are no longer the low hanging fruit and the fraudsters will target traditional magstripe cards.

    --
    Lasers Controlled Games!
  8. Re:Show me the security by sangreal66 · · Score: 4, Insightful

    And how exactly do you expect this to make you any money? Cash is magically going to fly out of their credit card and into your bank account? Or do you actually expect VISA to start cutting checks to your house for charges made on your stolen card reader?