FTC to Scrutinize Contactless Payment Technology

← Back to Stories (view on slashdot.org)

FTC to Scrutinize Contactless Payment Technology

Posted by ScuttleMonkey on Monday May 12, 2008 @07:34AM from the after-they-are-already-in-passports dept.

coondoggie writes to tell us that the Federal Trade Commission (FTC) will be taking a look at contactless payment systems and the consumer protection issue surrounding them. "RFID technology provides obvious benefits, the FTC said. For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective. However, there also may be costs regarding consumers' individual privacy rights associated with it."

103 comments

Min score:

Reason:

Sort:

Hmmm by Uncle+Focker · 2008-05-12 07:36 · Score: 3, Interesting

For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective. How about making it so that in this day and age you can actually mail a package and not have to worry about it getting lost along the way? I'd find that much more useful.
1. Re:Hmmm by morgan_greywolf · 2008-05-12 08:02 · Score: 1
  
  How about making it so that in this day and age you can actually mail a package and not have to worry about it getting lost along the way? I'd find that much more useful.
  That already exists. It's called "Express Mail." Make sure you select "insured shipping."
  
  --
  My blog
2. Re:Hmmm by Anonymous Coward · 2008-05-12 08:40 · Score: 0
  
  I've never lost a package in the mail. Not that I've sent a whole lot, but I just got done shipping shirts to ~20 of my friends. All of them have arrived safely. Further, we already have end to end barcode scanning for packages, and I sincerely doubt there will be any appreciable difference by making it wireless.
3. Re:Hmmm by ehrichweiss · 2008-05-12 08:55 · Score: 1
  
  Absolutely. The current technology where they scan your package at every location is ineffective at best since the barcode has to be facing upward for them to be guaranteed to get a scan and even then they're not guaranteed to make it through the system. RFID on the other hand only needs to be in the proximity of the package and it would be a trivial task to make sure that every package on a truck was actually supposed to be going to that destination. Theoretically it could be possible to use with baggage on airlines but there might be issues there that I am unaware of.
  
  --
  0x09F911029D74E35BD84156C5635688C0
4. Re:Hmmm by rfunches · 2008-05-12 09:37 · Score: 4, Informative
  
  IAACPRC (contract postal retail clerk)
  
  Express Mail gets lost. Trust me, I've had it happen once or twice in my two years' work at a contract postal unit (meaning I work for a business which runs a USPS-funded post office) because EMS is just like any other of the "usual" services - Delivery/Signature Confirmation, Certified Mail, Insured Mail. These barcoded services are traceable, but only at certain points, and in some cases (e.g. DC and Certified) USPS only guarantees you'll get a delivery scan; intermediate scans are basically a "courtesy" to the customer. The only advantage of EMS is it includes $100 of insurance and it's scanned in at every stopping point.
  
  If you really don't want something to get lost, send it Registered Mail. Registered stuff doesn't get lost; it's someone's job, because they can literally narrow it down to one employee who last had the item in their possession. Every employee who takes a registered item into possession has to sign for it, so there's a traceable system of receipts linking an item to an employee from acceptance to delivery.
5. Re:Hmmm by asills · 2008-05-12 09:54 · Score: 3, Interesting
  
  False on the registered mail crap. When the postal carriers deliver registered mail they are required to scan it. However, it's apparently a daunting task to do it at the time of delivery so a lot of carriers do them all at once at the beginning of the day. Then they go and deliver.
  
  It's against the rules, but they do it. I've had things say they were delivered at 9am, yet my carrier doesn't arrive until after noon. Without the registered mail envelope no less (it got lost somewhere in between).
  
  My wife's mother works at the USPS and confirmed this is common practice though disallowed. They all do it.
  
  --
  -- What did Spock find in Kirk's toilet? The captain's log.
6. Re:Hmmm by rfunches · 2008-05-12 12:31 · Score: 3, Interesting
  
  The time they scan it in is beside the point. (In fact there was an investigation into our branch office for doing just that -- scanning mail as delivered without actually delivering it or scanning as delivered prior to actual delivery.) The problem is that employees, contracted or federal, can steal any mailpiece except for registered mail and possibly get away with it because of how many hands it can change between scans. When every change of hands requires a physical record and signature, which only happens with reg mail, it's impossible to game the system -- USPS points the finger at the last employee who signed for the mailpiece. And yes, I've had to track down seemingly lost registered mail by calling each office where the piece stopped, inquiring based on lock and seal numbers kept in paper records. That's why I argue registered mail just doesn't get lost; no one wants a lost mailpiece pinned on them.
What I don't get... by tgd · 2008-05-12 07:37 · Score: 5, Insightful

Is why we're once again bucking the trend and doing something different?

A lot of the world is using chip+PIN, which while not perfect is still drastically better than what we've got, can't be sniffed from remote, is much more of a distinct action and has a huge install base.

I'm not sure what this obsession with RFID payment methods is.
1. Re:What I don't get... by JrOldPhart · 2008-05-12 07:43 · Score: 3, Insightful
  
  Chip+PIN... have you noticed all of the cameras? Like one over each register at my local Wal-Mart.
  I don't like entering the PIN where it can be seen.
  
  --
  Nothing is foolproof, fools are too ingenious. - Murphy
2. Re:What I don't get... by Anonymous Coward · 2008-05-12 07:45 · Score: 3, Insightful
  
  Thats why you have two hands. Cover your PIN with your other hand. Duh?
3. Re:What I don't get... by aztektum · 2008-05-12 07:50 · Score: 1
  
  The ultimate display of lazy/pretending we're so important we can't stop for 10 seconds.
  
  --
  :: aztek ::
  No sig for you!!
4. Re:What I don't get... by esocid · 2008-05-12 07:50 · Score: 2, Funny
  
  Hey, I lost the other one in a freak RFID accident you insensitive clod!
  
  --
  Absolute power corrupts absolutely. indymedia
5. Re:What I don't get... by gnick · 2008-05-12 07:54 · Score: 5, Funny
  
  Thats why you have two hands. Cover your PIN with your other hand. No it's not. I have two hands because my ancestor who first developed a mutant hinge at the end of his stubs had two arms.
  
  But, now that I have these two wonderful hands, covering up my PIN is one of the things I can use them for.
  
  --
  He's getting rather old, but he's a good mouse.
6. Re:What I don't get... by moosesocks · 2008-05-12 07:57 · Score: 1, Insightful
  
  The PIN is useless without the Card(Chip) and vice versa.
  
  That's the whole point of the system. Unless you get mugged by the security guard watching the cameras, you shouldn't have too much to worry about.
  
  (And like the other poster said, it's pretty trivial to cover the number pad with your other hand)
  
  --
  -- If you try to fail and succeed, which have you done? - Uli's moose
7. Re:What I don't get... by JrOldPhart · 2008-05-12 08:06 · Score: 1
  
  Read RF device from your surreptitious reader. Pay security guy off for the pins along with a time that they were entered.
  
  --
  Nothing is foolproof, fools are too ingenious. - Murphy
8. Re:What I don't get... by spectrokid · 2008-05-12 08:09 · Score: 4, Insightful
  
  Because safety is a non-issue? You see there are two possibilities. Either you develop a safe system, or you make all your customers pay a little extra to cover for the thieving. In a huge market like the US, and with no real push to go for safety, bankers will do what bankers do best: they will think in money, not in safety (read: engineering). RFID on the other hand, has the possibility to make payments easier. With the payment going faster, shops will need fewer cashiers, customers get the impression things are going faster, everybody wins!
  It is realy social security all over again. Americans have to pay less taxes, because they don't spend so much on keeping the poor of the street. The money they spend on guns, alarm systems, private security is conveniently forgotten. I mean tax is like, well..tax. The fact that you pay for armed security every time you buy a tshirt in the mall, well that is not tax now is it?
  
  --
  10 ?"Hello World" life was simple then
9. Re:What I don't get... by morgan_greywolf · 2008-05-12 08:09 · Score: 1
  The PIN is useless without the Card(Chip) and vice versa.
  
  1. Buy card writer and blank cards
  2. Learn how card #s are stored on debit cards (hint: they're standardized)
  3. Crack into the cash register system data stream (chances are very high it's running on a wireless network, making this much, much easier)
  4. Start grabbing card #s
  .
  5. Profit!!!
  --
  My blog
10. Re:What I don't get... by JrOldPhart · 2008-05-12 08:13 · Score: 1
  
  Even the motions of my head can be determined as I poke the buttons with my nose.
  
  And they have at least 3 angles to look from.
  
  --
  Nothing is foolproof, fools are too ingenious. - Murphy
11. Re:What I don't get... by Anonymous Coward · 2008-05-12 08:16 · Score: 0
  
  BTW... when chip+PIN comes out, turn over the reader or PIN pad and look. How many wires come out? Hopefully, one.
  
  The best way to crack the chip+PIN system is to wire in directly. Several ways. Not easy for ther processors to detect. Possible for the consumer to check.
12. Re:What I don't get... by Firehed · 2008-05-12 08:17 · Score: 3, Insightful
  
  How is waving a closed wallet (holding a tagged card) over a sensor in any way whatsoever more secure or distinct than having to pull out that card and swipe it though the magnetic strip reader? Some more recent readers prompt me to punch in a ZIP code or some sort of PIN rather than scribble any random thing on a signature pad which I consider a vague improvement, but I don't find holding a card over a sensor any more convenient than swiping it through and do feel it less secure.
  
  --
  How are sites slashdotted when nobody reads TFAs?
13. Re:What I don't get... by Firehed · 2008-05-12 08:28 · Score: 2, Insightful
  
  The payment is by far the fastest part of the checkout process. Put the RFID tags directly on the items (and not just the shipping crates for SCM tracking) and eliminate the actually time-consuming process of scanning dozens of bar codes. Remember that old IBM commercial with the shoplifter and the security guard handing him a receipt as he walks out the door with the "stolen" goods? Yeah, kind of like that.
  
  Right concept, wrong place. Considering the deployment cost of a POS terminal, an RFID-based, cashless system wouldn't be a large additional cost to implement provided that inventory on the shelf has the tags - and since passive tags are quite cheap when produced in sufficient bulk, it's just a matter of getting manufacturers to do it. The only thing that would go up in price is a result would be ramen noodles, from 16.6c/pack to 16.7c.
  
  --
  How are sites slashdotted when nobody reads TFAs?
14. Re:What I don't get... by peragrin · 2008-05-12 08:32 · Score: 2, Informative
  
  really done.
  
  Modify an ATM's card reader with a second card reader on top of the first. install Hidden camera with transmitter overlooking the atm keypad.
  
  Sit outside with the receiver setup/ or dump the receiver set to record everything into the convent trash can.
  
  people use ATM the camera only records motion and records pin's while the card reader records cards.
  
  Later gather the data by taking entire trash bag containing receiver. you can make generic cards easily enough. Walk up to another ATM with your generic card, swipe it, and enter the pin you have just gathered.
  
  card and Pin numbers aren't hard to get. RFID as you can simply walk around with it.
  
  --
  i thought once I was found, but it was only a dream.
15. Re:What I don't get... by dgatwood · 2008-05-12 08:48 · Score: 3, Insightful
  
  The thing is, the credit card companies don't care at all about security, but they actually do "C"---make the vendors bear the cost of security. Your card gets stolen and used, they refund the money and reverse the charge and the vendor eats the cost of not verifying the identity of their customers. In the end, everyone pays for it through higher prices for goods and services, but the CC companies don't care about that because they aren't out anything and don't have to answer to cardholders when the price of food goes up a penny due to credit card theft. The costs are so small in the grand scheme of things that for the most part, the customer doesn't notice or care. (If theft increases by two or three orders of magnitude, that will likely change, of course.)
  
  If the credit card companies cared at all about security, they would have solved the problem completely by now; it is trivially solvable. Instead of using a static RFID chip with an identifier on it, they would use an active device. When you make a transaction, the reader would make the request to the CC company. The CC company would generate a large random number. The card would then encrypt that random number with a secret key and return the result along with a card number (which should NOT be the same as the number on the card to prevent people from using the data to make fake non-RFID cards). The CC company, knowing the private key, would then encrypt the number with the secret key, and if the values match, the card is the real card. At that point, only physical theft would matter, and the whole theft-by-wire would cease to be an issue..
  
  More to the point, such a system would also not be vulnerable to interception and replay attacks because the CC computers would send a different random number every time. In effect, if deployed universally, such a solution would eliminate all credit card theft except for that which occurs through physical assault or somebody leaving a card at a restaurant. Of course, for online purchases, this would mean that everyone would need some sort of home equivalent of the transaction device, but that could be as simple as a $10 USB dongle and some software.
  
  The fact that most (all?) cards still don't work this way is ample proof that the CC industry doesn't care. The whole design of the current system is to basically have the RFID data stream look almost exactly like a credit card magstripe so that they don't have to do any extra work and can pass the data through existing legacy systems without bringing them into the 21st century. As long as the primary focus of RFID-based credit cards is on minimizing the cost of upgrading the infrastructure, they will always represent a security hole the size of a planet.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
16. Re:What I don't get... by compro01 · 2008-05-12 09:22 · Score: 1
  
  the royal bank made a small tweak to their ATMs to prevent that old trick. they've got a green plastic thingy bolted over the card slot. it's impossible to sneakily slap on one of those skimming things over the thing. cheap and effective measure.
  
  --
  upon the advice of my lawyer, i have no sig at this time
17. Re:What I don't get... by Anonymous Coward · 2008-05-12 09:41 · Score: 0
  
  The payment is by far the fastest part of the checkout process.
  I've always found it exactly the opposite. The clerks are amazingly fast which scanning items, it's always the customers who are slow. Some people act surprised when the clerk asks for payment and then start thinking about what to do. One old lady spent so long looking for exact change I nearly made the change from my own pocket (it would have taken me seconds), but decided that was too insulting.
18. Re:What I don't get... by Anonymous Coward · 2008-05-12 10:04 · Score: 0
  
  You're assuming that the "green plastic thingy" is not, in itself, a modified card reader planted there by a third-party. You don't know.
19. Re:What I don't get... by rgbscan · 2008-05-12 10:38 · Score: 1
  
  You didn't mean this did you :-)
  
  http://www.informationweek.com/news/mobility/showArticle.jhtml?articleID=199500385
20. Re:What I don't get... by DavidD_CA · 2008-05-12 10:54 · Score: 2, Funny
  
  No. God gave your ancestor a mutant hinge so that you could cover up your PIN. It's all part of His system of intelligent design. </sarcasm>
  
  --
  -David
21. Re:What I don't get... by DarkOx · 2008-05-12 11:07 · Score: 1
  
  Except that for the fact that in most places around the world they still need police and armed security. Frace and the UK spend lots more on social programs then we do and little bit of googling will demonstrait they have a larger number of police per capita then we do.
  
  Now I under I could be mistatken in my assumption you ment social programs rathen then state sponsored security in the form of police officers to arrest people when talked about getting the poor office the steet.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
22. Re:What I don't get... by compro01 · 2008-05-12 12:24 · Score: 1
  
  well being as they've been there for about 9 months, have posters about them all over the inside of the bank, and are on every RBC ATM in town, i'd think not.
  
  --
  upon the advice of my lawyer, i have no sig at this time
23. Re:What I don't get... by Nullav · 2008-05-12 13:11 · Score: 1
  
  Fake ATM. Even in the middle of a park, someone will eventually try to use it. (After all, who builds fake ATMs?) When that happens, you can respond with an error and record the PIN.
  This only seems slightly less plausible than cracking open an ATM, installing a reader and sticking up a camera near by, as suggested by other posters.
  
  --
  I just read Slashdot for the articles.
24. Re:What I don't get... by Nullav · 2008-05-12 13:23 · Score: 1
  
  as suggested by other posters. Oh, and you. Replied to the wrong post, but at least it was similar.
  
  --
  I just read Slashdot for the articles.
25. Re:What I don't get... by symbolic · 2008-05-12 14:31 · Score: 1
  
  Hm, I haven't noticed these cameras. At walmart. Oh...maybe it's because I've set foot in there only about twice over the last five years. The best part about it is that I don't recall ever having regretted it.
26. Re:What I don't get... by peragrin · 2008-05-12 23:58 · Score: 1
  
  My bank does the dame thing, but many gas station ATM's don't.
  
  If the gas station attendant wanted a cut of the cards gotten they could even set it up.
  
  --
  i thought once I was found, but it was only a dream.
27. Re:What I don't get... by compro01 · 2008-05-13 02:12 · Score: 1
  
  Yeah, I know. I never use those things though, because of the fees those damn things charge you. I've seen some that will charge you 5 bucks for a withdrawal.
  
  --
  upon the advice of my lawyer, i have no sig at this time
28. Re:What I don't get... by neomunk · 2008-05-13 05:59 · Score: 1
  
  I saw one that cost $40, but that was in an expensive strip club.
29. Re:What I don't get... by slashdotwannabe · 2008-05-13 07:23 · Score: 1
  
  I'm not sure what this obsession with RFID payment methods is.
  Call me cynical, but I imagine the conversation went something like this:
  
  Big time retail exec: "I don't want a damn PIN code getting in the way of IMPULSE BUYING!!! The cost of fraud is nothing compared to the upsells we'll be getting if we just make it 2 seconds easier to purchase, with no chance of someone getting a bad pin and reconsidering their purchase of that palette of gummy bears! Do you know what our MARGIN on gummy bears is???"
  
  --
  This comment is my opinion and does not represent an official position of Donald Trump or others I do not work for
Too bad the FTC can't investigate the State Dept.. by slew · 2008-05-12 07:45 · Score: 1

I'm guessing contact payment devices have the exact same issues with RFIDs as the new biometric passports.
Perhaps we should just all switch to carrying aluminum foil wallets and purses around...
We are too lazy.. by Junta · 2008-05-12 07:46 · Score: 5, Insightful

When doing anything that requires something to physically touch is considered too much work and we'd rather risk our financial info being wirelessly transmitted than have to swipe a card, we have serious issues.

And all this about inventory tracking is kind of an orthogonal point to payment isn't it? I for one certainly don't mind them being able to wave rfid wands around a vague area and account for an entire big package without having to scan a unique barcode for every item. I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item). However, I don't see the big benefit of avoiding physical contact with my payment device (which I wish was more technically secure than my mag-stripe credit card).

--
XML is like violence. If it doesn't solve the problem, use more.
1. Re:We are too lazy.. by eln · 2008-05-12 07:53 · Score: 4, Funny
  
  Are you crazy?! Payment devices like PIN pads are cesspools of dangerous germs! They have 3,000 times more germs than a toilet seat, and touching them quintuples your chances of contracting horrible diseases like West Nile virus or the Bubonic Plague.
  
  PIN pads are the next great threat facing your health and the health of your children. Did you hear me? These things could KILL your CHILDREN! You mustn't touch them! You must carry around the econo-size hand sanitizer and use it every time you come within 30 feet of a PIN pad or anyone who has recently used a PIN pad.
  
  For more on this and other everyday items that can KILL your CHILDREN, watch Action News at 10, with weather from Skip Stormy and the DopplerXtreme 6000.
2. Re:We are too lazy.. by fahrbot-bot · 2008-05-12 07:53 · Score: 3, Insightful
  
  However, I don't see the big benefit of avoiding physical contact with my payment device.
  I think the (only real) benefit is the ability to get away from card-shaped items and allow key-fobs and the like. Technically, the RFID chip could be put in a ring, bracelet, or on a key chain, etc...
  I'm not saying all this is/would be better and I certainly don't have any problem yanking out and swiping my CC when I want to buy something.
  
  --
  It must have been something you assimilated. . . .
3. Re:We are too lazy.. by abolitiontheory · 2008-05-12 07:55 · Score: 2, Interesting
  
  No.
  
  Track this back.
  
  "When doing anything that requires physical transation of cash is too much work and we'd rather risk out financial info being stolen because its on a little plastic card, we have serious issues."
  
  "When doing anything that requires physical transation of goods and property is too much work and we'd rather risk our wealth being stolen because its in an easily transportable paper form, we have serious issues."
  
  This is an arguement by current position, in which new technology seems unnecessary and old technology isn't scrutinized.
  
  To be honest, what I'm scared of is the day they start implanting these in our wrists and foreheads. And before you mark me flamebait, don't tell me it isn't the logical extension of this technology, in SOME way.
  
  So, I agree with you in part, that this is a bit excessive to our minds right now, but almost any other parallel to new vs. old technology can be drawn to show that eventually, someone will say the same thing about the next, easier system that comes out. So aside from actual detrimental side-effects like cancer or teletubbies, this argument just shows your age.
4. Re:We are too lazy.. by Amouth · 2008-05-12 07:58 · Score: 1
  
  Are you crazy?! Payment devices like PIN pads are cesspools of dangerous germs! They have 3,000 times more germs than a toilet seat, and touching them quintuples your chances of contracting horrible diseases like West Nile virus or the Bubonic Plague.
  
  PIN pads are the next great threat facing your health and the health of your children. Did you hear me? These things could KILL your CHILDREN! You mustn't touch them! You must carry around the econo-size hand sanitizer and use it every time you come within 30 feet of a PIN pad or anyone who has recently used a PIN pad.
  
  For more on this and other everyday items that can KILL your CHILDREN, watch Action News at 10, with weather from Skip Stormy and the DopplerXtreme 6000. nahh just cary around a big can of lysol.. or jsut alwasy ware rubber gloves.. i bet the person at the register would look at you funny.. and i question weather the person behind you would use it after you .. could be fun
  
  --
  '...if only "Jumping to a Conclusion" was an event in the Olympics.'
5. Re:We are too lazy.. by dreamchaser · 2008-05-12 08:07 · Score: 3, Insightful
  
  Heck, I still use cash most of the time, mainly because I hate those damn Visa commercials that make it look like if you don't use your card you are just holding everyone else up. I was using my debit card all the time until those started, now I use cash just because I can and I'm an ornery bastard.
  
  I wouldn't mind contactless payment via RFID, as long as the chip in each item I bought is disbled as I check out and leave the store.
6. Re:We are too lazy.. by Ender_Stonebender · 2008-05-12 08:23 · Score: 1
  
  I can see your point, but I don't agree 100%, and here's why: Contactless payment piracy and counterfeiting have the same differences as P2P filesharing piracy and physical media piracy - in the contactless and P2P, you get set up once and can pirate as many individual items as you can get your hands on; while in counterfeiting and physical media piracy, you still have to acquire supplies (blanks) to make your end product.
  
  --
  Loose things are easy to lose. You're getting your hair cut. They're going there to see their aunt.
7. Re:We are too lazy.. by maxume · 2008-05-12 08:24 · Score: 2, Funny
  
  Tern of you're spell checker.
  
  --
  Nerd rage is the funniest rage.
8. Re:We are too lazy.. by Chosen+Reject · 2008-05-12 08:30 · Score: 5, Interesting
  
  I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item).
  I'd be bothered by that. Well, not me, but my wife would. She watches as each item goes by to make sure that the price they are charging is the price that was on the shelf. I just let it go, but it seems that nearly every time she does the shopping at least one item is priced higher at checkout than on the shelf, and because they do it one item at a time, she can catch that easier.
  
  Maybe with RFID being used the entire trip from maker to deliverer to stock boy to shelf to checkout then they can keep the prices updated better, but until I see it, I doubt my wife or people like her will end up using any less time at the checkout for this reason.
  
  --
  Stop Global Warming!
  Just say no to irreversible processes!
9. Re:We are too lazy.. by kid_wonder · 2008-05-12 09:03 · Score: 1
  
  I wouldn't mind contactless payment via RFID, as long as the chip in each item I bought is disbled as I check out and leave the store. ... and as long as they don't advertise it with people in a dancing shangrila.
  
  --
  
  "Oh, you hate your job? There's a support group for that, it's called everyone, they meet at the bar."
10. Re:We are too lazy.. by Stanislav_J · 2008-05-12 10:10 · Score: 1
  
  nahh just cary around a big can of lysol.. or jsut alwasy ware rubber gloves.
  Nope -- if you wear rubber gloves, you are also avoiding leaving fingerprints, so you obviously have something to hide -- ergo, terrorist.
  
  (And come on, man....."cary?" "Jsut?" "Alwasy ware?" How many seconds does it take to do a little proofreading?)
  
  --
  "Every great cause begins as a movement, becomes a business, and eventually degenerates into a racket." -- Eric Hoffer
11. Re:We are too lazy.. by Anonymous Coward · 2008-05-12 11:24 · Score: 0
  
  In some cases, the limiting factor isn't your wife's speed at checking the prices, but rather the time it takes the scanner to find and scan the barcode. My wife does the same thing, but she's not doing it when the checkout guy at target is spinning the box around searching for the barcode.
12. Re:We are too lazy.. by Junta · 2008-05-14 00:36 · Score: 1
  
  Isn't she? When the *next* item is being oriented to face the scanner is the interval that you could read the display. If they could thrust as fast as they want without regard to orientation, the prices would probably scroll too fast to read.
  
  --
  XML is like violence. If it doesn't solve the problem, use more.
Personally by esocid · 2008-05-12 07:48 · Score: 4, Insightful

I won't use any contactless methods of payment. I know there are ways to capture info from a swiped card, but it's at least harder to get away with that just sniffing for RFIDs in the area. I'd rather not have my financial info available no matter where I go, as opposed to it being available when I use my magnetic strip once per payment. It's selling point is ease and quickness of use, but I've never heard anything about security.
And yes, I abhor the idea of RFIDs in passports too. I'll cover it in tin foil, along with my head.

--
Absolute power corrupts absolutely. indymedia
1. Re:Personally by Firehed · 2008-05-12 08:42 · Score: 1
  
  While I'm not big on the idea of wireless payment (in this form anyways), the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. Passive RFID tags like those in some credit cards, Mobil Speedpass, your office door key, etc, have an extremely limited range - a couple inches of the reader with most tags. They don't actively broadcast anything since their broadcasting is actually powered by the signal the reader sends out - a weird wireless inductive power of sorts. It's not until you start working with battery-powered active transmitters (highway EZ-Pass boxes for the fast toll lanes, etc) where there would be a realistic security risk. Granted it's still easier to clone an RFID tag than a mag strip without touching the card, but in both situations it would be more discreet to just pick-pocket the victim. In both cases, leaving your phone's Bluetooth or WiFi turned on is going to be a much bigger potential risk, which in itself is still fairly minimal (there was a bluetooth phone exploit a while ago that was being used to trigger phones to dial $5/min toll numbers and racking up charges, but I haven't heard of it happening recently).
  
  Again, I agree with the general sentiment, but the threat is incredibly minimal. It's the social engineering aspect that's the actual threat, not so much the data transmission method.
  
  --
  How are sites slashdotted when nobody reads TFAs?
2. Re:Personally by Talennor · 2008-05-12 09:07 · Score: 4, Insightful
  
  the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. . . . [they] have an extremely limited range - a couple inches Actually, the range depends almost entirely on the antenna and power of the reader, not the card. You can do a lot more than a couple inches (though the reader will be directional and may need to be aimed).
  It's not until you start working with battery-powered active transmitters (highway EZ-Pass boxes for the fast toll lanes, etc) where there would be a realistic security risk Another example of what I just said, in Atlanta the toll passes are now just the inductive-powered cards, thin paper you stick on your windshield. No card-side power and it's read >70mph. Quite like how someone could read your credit card while you pass by on the interstate.
  
  --
  
  //TODO: signature
3. Re:Personally by srollyson · 2008-05-12 09:09 · Score: 2, Insightful
  
  While I'm not big on the idea of wireless payment (in this form anyways), the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. This is certainly true now, but there's also no incentive to go the extra mile for RFID tag reading. Don't you think that making credit card info available on the airwaves would encourage more sophisticated RFID readers?
  
  I've heard stories of thieves putting fake mag-stripe readers on top of ATMs, which leads me to think that RFID payment would be a criminal's dream come true.
Lower repair costs. by khasim · 2008-05-12 07:51 · Score: 0

A RFID tag can be read without moving parts.

A chip and pin terminal is more like the regular debit card consoles we already have. Swipe the card (failure point), punch in 4 digits (4 failure points) and it contacts the bank (one failure point).

In theory, RFID payment cards mean fewer repairs on all the machines out there.
1. Re:Lower repair costs. by truthsearch · 2008-05-12 08:00 · Score: 2, Insightful
  
  We can send a man to the moon, but we can't make a reliable number pad? The failure rate of the 9 buttons should (hopefully) be extremely small.
  
  --
  Developers: We can use your help.
2. Re:Lower repair costs. by MarkGriz · 2008-05-12 08:00 · Score: 1
  
  What's wrong with "contact" payment technology?
  The iButton looks like it can do pretty much everything RFID can, without the risk of sniffing.
  
  --
  Beauty is in the eye of the beerholder.
3. Re:Lower repair costs. by eln · 2008-05-12 08:14 · Score: 2, Interesting
  
  Actually, we're currently technically not capable of sending a man to the moon. Check back around 2020 though, then we can start saying that again.
4. Re:Lower repair costs. by shawn(at)fsu · 2008-05-12 08:15 · Score: 1
  
  I think you might have missed the intent of the parents post. Hey meant failure point as a way to protect the owner of the card. If I steal your card a failure point is me having to enter your pin number. It is extremely small if you know your pin, otherwise the possible failure rate should be extremely high as it is a guess of finding the one right combination out of 10,000 possible combinations.
  
  --
  500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
5. Re:Lower repair costs. by Anonymous Coward · 2008-05-12 08:16 · Score: 0
  
  People do not want to pay the cost for what would have to be a virtually indestructable button reader. And people would figure out how to break them like they do at the market all the time. Missing/broken buttons, using a real pen on the pen reader, parts of stickers across the touch pad etc etc etc.
6. Re:Lower repair costs. by Lumpy · 2008-05-12 08:21 · Score: 5, Interesting
  
  Problem is that the cost of Credit card and Debit card fraud is incredibly small compared to the cost of even giving slightly improved security to the system we have now. The number pad could have dynamic numbers. the numbers on the pad change for every use, scrambled so a camera off axis cant see the numbers from the pattern. Even changing to the smart-card based cards is far more expensive than the amount lost to fraud.
  
  Banks, contrary to what they advertise and tell you, do not give a rats ass if someone steals your money or identity. So they will do as little as possible to make sure information is secure. If it costs them money, they will do everything possible to not do it.
  
  The RFID based card system has even died. Most banks did not offer the cards and almost every store and restaurant I saw that had the readers installed now have them removed, almost everyone is abandoning it. Glad to see the government researching a dead technology. I wonder when they will research if the 6809 processor is safe for use in space.
  
  --
  Do not look at laser with remaining good eye.
7. Re:Lower repair costs. by shawn(at)fsu · 2008-05-12 08:24 · Score: 1
  
  Or its possible I missed the point. I must be tired. I'm going home.
  
  --
  500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
8. Re:Lower repair costs. by truthsearch · 2008-05-12 08:42 · Score: 2, Informative
  
  That's not quite accurate. Both MasterCard and Visa have fraud departments. Both monitor fraud and require their member banks to remain below a certain threshold, otherwise their fees increase or contracts get withdrawn. Fraud is a large expense (customer service, closed accounts, etc.) and is considered harmful to their brand image.
  
  --
  Developers: We can use your help.
9. Re:Lower repair costs. by p0tat03 · 2008-05-12 11:22 · Score: 1
  
  Banks, contrary to what they advertise and tell you, do not give a rats ass if someone steals your money or identity. So they will do as little as possible to make sure information is secure. If it costs them money, they will do everything possible to not do it.
  Except, of course, that the cost of card fraud is borne by the card issuer, not the cardholder. VISA and MC both lose a lot of money each year due to fraud, and you can bet your buttons they're doing something about it.
10. Re:Lower repair costs. by Apu · 2008-05-12 16:45 · Score: 1
  
  Except, of course, that the cost of card fraud is borne by the merchant, not the card issuer.
  
  Fixed.
11. Re:Lower repair costs. by Splab · 2008-05-12 17:14 · Score: 1
  
  Yeah because its ever so more secure having the customer standing and slowly punching the keypad in plain view because the numbers have moved around.
12. Re:Lower repair costs. by Anonymous Coward · 2008-05-12 20:19 · Score: 0
  
  On the contrary. Contactless payment systems are taking off in certain places. Here in Canada, MasterCard's PayPass is being heavily pushed. You can now make these purchases at major a donut store chain, gasoline stations, the country's largest food distributor and major movie theaters. At the same time, TD Canada Trust (pretty much the top bank in Canada) has an ongoing Visa payWave and chip card market trial, with a national roll out planned for later this year. While the technology is far from dead, I'm honestly concerned about potential side effects from these cards. Am I going to get cancer in my left cheek?
13. Re:Lower repair costs. by Anonymous Coward · 2008-05-13 04:31 · Score: 0
  
  Yes it is.
  
  Every secure government installation that has keypad entry does this already.
  
  Just because you dont know what you are talking about does not mean that everyone else does.
  
  I've seen what he is talking about and they work great.
Bad summary of a bad article by Anonymous Coward · 2008-05-12 07:52 · Score: 0, Troll

Why did this make Slashdot?

It is an uninformative article which says barely more than the summary, and if is not well written or reasoned.

For example, Contactless Payment Systems have nothing to do with the supply-side benefits of RFID. Perhaps they meant to say that RFID has proven useful in other ways, so it might be good here too.
RFID tech is full of holes security wise. by AndGodSed · 2008-05-12 08:02 · Score: 1

And it doesn't seem that anyone in decision making positions are getting that message.

So roll on RFID everywhere, let the crooks benefit, just like with DRM.

--
Seven Days with Ubuntu Unity
1. Re:RFID tech is full of holes security wise. by flaming+error · 2008-05-12 08:11 · Score: 1
  
  it doesn't seem that anyone in decision making positions are getting that message. Here's your chance to give them that message.
2. Re:RFID tech is full of holes security wise. by Freeside1 · 2008-05-12 08:25 · Score: 1
  
  Elaboration?
  RFID chips can be encrypted, and the read-distance of the chips are directly proportional to the size of the antenna on the chip.
  Not to mention the fact that (unless the banks are dumb as fuck) the RFID chip itself will just have a generic ID pointing to an entry in a database somewhere, not the account number itself.
  The only hole in security I can think of at the moment is that the chip can be read without you knowing, which won't in itself be useful unless the criminal has breached other forms of security, which could be breached with any payment method.
  Or you can just make a little metal sleeve for your rfid key-fob, or you know, pay in cash or traditional credit cards.
Three P's and you're out. by Anonymous Coward · 2008-05-12 08:10 · Score: 1, Informative

Its a proprietary protocol in a proprietary device made by a company that lives on it's proprietary products.

I do like their products for some things and they do promote them well with hobbyists. Their prices are painful though.
1. Re:Three P's and you're out. by MarkGriz · 2008-05-12 09:05 · Score: 1
  
  Agreed, but that was just an example. There's no reason "RFID" can't be implemented without the RF part.
  
  --
  Beauty is in the eye of the beerholder.
2. Re:Three P's and you're out. by Anonymous Coward · 2008-05-12 14:20 · Score: 0
  
  Let's see, it is standard 1-wire protocol (implementable by any idiot with some programming skills) in a well documented housing (the spec PDFs contain full measurements and drawings) and without any patents (well, none that are actually enforcable).
  
  Works for me :)
PRIVACY IS DEAD!! by StevenABallmer · 2008-05-12 08:20 · Score: 0, Insightful

Admit it people! Privacy has been dead for years now and the latest technologies only bury it deeper! The only privacy you have is whats in your head and we are trying to get to that too! http://fakesteveballmer.blogspot.com/

--
The Secret Diary of Steve Ballmer
You sir are my hero... by FirstNoel · 2008-05-12 08:24 · Score: 2, Funny

Doing something just because a commercial tells you not too.

I'm the same way..

Sean

--
"Hmm. I am to metaphor cheese as metaphor cheese is to transitive verb crackers!"
1. Re:You sir are my hero... by treeves · 2008-05-13 05:54 · Score: 1
  
  Or...
  
  A gallon of milk: $3.29 on debit Mastercard
  A box of sugary breakfast cereal: $4.59 on debit Mastercard
  Paying cash for those items just to be different: priceless.
  
  --
  ...the future crusty old bastards are already drinking the Kool-Aid.
Re:Too bad the FTC can't investigate the State Dep by countSudoku() · 2008-05-12 08:25 · Score: 2, Informative

Sounds like these guy's product: http://www.emvelope.com/products/show/1 , a Faraday Cage for your wallet. Could be worse.

--
This is the NSA, we're gonna geet U h@x0r5! Also, what is a h@x0r5?
Octopus by demonbug · 2008-05-12 08:38 · Score: 4, Insightful

While I have serious misgivings about the privacy and security issues surrounding RFID (or other) contactless payment systems, I have to say that they can be extremely convenient. On a recent trip to Hong Kong, my wife's aunt (resident of HK) gave us each an Octopus card pre-loaded with a few dollars when we arrived.
Super convenient. My wife put hers in her purse, I put mine in my wallet. Going somewhere on the subway? Just pull out my wallet, slap it on the reader, and I'm through the gate. My wife could just wave her purse across the reader without even taking it off her arm (assuming the card was in her wallet near the bottom of the bag - it seemed to have a useful range of only 3-4 inches). No searching around for the right card, no worrying about losing the ride card between stops, just slap it down and it automatically calculates the fare and deducts from the amount on the card. When you need to increase or recharge the value on the card, you just take it to the recharge machine, pop it in, and put in a few dollars (or credit/atm card, whatever).
In HK the cards are accepted on pretty much all forms of mass transit (trains, subway, buses) as well as at an increasing number of convenience (too many 7-Elevens) and other stores (and supposedly taxis are supposed to be accepting them soon).

I think this is really the ideal use for contactless payment. Basically a replacement for carrying cash around, used to pay for the multitude of small-ticket items and services that you make use of during the day. We do it here in California with FasTrak for paying tolls, but there are a lot of other potential uses. It also makes particular sense for transit, where it not only works to make the actual payment but also replaces the need for a fare ticket, doing the journey tracking by itself. These types of uses also in many respects counter some of the privacy concerns - if you're worried about someone tracking what you are doing, you can always just use cash to increase your balance on your card, or even get a new card every time rather than recharge (though that seems wasteful). Requiring recharge, rather than tying it directly to a bank account, also means that you only ever have to worry about the amount you put on the card. Just like carrying cash around, but more convenient.

On the other hand, I really don't see any reason to have an RFID-enabled credit card. If I could use a cash card for small purchases then I'd only be using a credit card for larger ones; the few times a week (or whatever) I'm doing this it really isn't a hardship to have to pull out a card.

I think there are some awesome, efficient, all-around great reasons to introduce contactless payment systems for some purposes. However, due to privacy and security concerns (and the lack of any real advantage) I don't see why anyone would want something like an RFID-equipped credit card. Too much potential for abuse, with little or no real benefit (to the individual - no doubt businesses would find all sorts of fun uses for cards tied to individual people that they can remotely sniff).
1. Re:Octopus by Freeside1 · 2008-05-12 08:46 · Score: 4, Funny
  
  We do it here in California with FasTrak for paying tolls... Beware, if you or a loved one leaves their FasTrak (or other automatic toll device) behind when they move/get a new car, think twice about shipping it to them...
  luckily I didn't learn this from experience, but word of mouth.
Chip and PIN by Anonymous Coward · 2008-05-12 08:41 · Score: 0

What I want to know is what the deal is with this UK "Chip and PIN" system? What does this chip do? How is it any different from a magnetic strip and PIN? Does the chip not release information until a successful challenge-response action has taken place between the card and the card reader? Couldn't an encrypted magnetic strip be just as good?
Blip-pocketing? by Sentry21 · 2008-05-12 08:44 · Score: 1

I'm wondering how long until some company comes out with (or some government mandates) a contactless cash card with half-assed security measures, to the point where all it takes to pick a hundred thousand pockets becomes a receiver in a suitcase and a few hours in Grand Central Terminal.

I'm a big fan of new technology, the higher the better, but let's just hope that if implemented, it's implemented by those with the most to lose (e.g. banks) rather than those with the most to gain (e.g. legislators).
Security cameras don't watch you by OMNIpotusCOM · 2008-05-12 08:52 · Score: 2, Informative

Oh, you have nothing to worry about. The cameras at every store you've ever been to is not there to watch the customer. It's to watch the person at the register, either as they get shot in a robbery or to accuse them of stealing. Ever watch security camera video from a bank or gas station robbery? You can barely see the perp, but there's a great over-the-shoulder shot of the register and the smokes.
1. Re:Security cameras don't watch you by PitaBred · 2008-05-12 09:02 · Score: 1
  
  That's because the losses from internal sources are typically much higher than the losses from robbery. Besides, they pay insurance against robberies and the like, they can't insure against a clerk giving out two packs of cigs when only being paid for one without the camera. The businesses are paying attention to the forest, not the tree.
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
2. Re:Security cameras don't watch you by Anonymous Coward · 2008-05-12 23:54 · Score: 0
  
  Here here...the convenience store I worked at lost a lot more to employees (including me...just chocolate bars and chips) than to robberies...except for the time the assistant manager had the deposit ripped from her hands outside the bank.
3. Re:Security cameras don't watch you by OMNIpotusCOM · 2008-05-13 08:03 · Score: 1
  
  I guess they should have had security cameras outside the bank to watch her, so that they could blame her for being robbed. She was probably wearing something seductive anyway.
No Scrutiny please! by failedlogic · 2008-05-12 08:52 · Score: 2, Funny

I think FTC scrutiny is absurd in this case. There are most certainly no privacy or banking regulations to be concerned about this technology.

I renewed a Slashdot subscription this morning by sticking the card in front of my computer. I have a USB based reader connected to my computer to make secure transactions. At no point does it transmit the information in plain-text. I'll do it right now to show how useful this is. Here is the actual output:

Card Holder Name:
John Doe
Credit Card Number:
1234 5678 9123 4567
Expiry date:
01/2080

See, what is wrong with that? I think this is a great technology. FTC, Buzz off!
It's really not quite that simple. by danaris · 2008-05-12 09:01 · Score: 1

There is a qualitative difference there. Gold -> paper and cash -> credit both significantly increase the amount of money (or access to money) you can reasonably carry on your person. The only difference with an RFID vs mag-stripe is whether you have to swipe or wave vaguely in the general direction of the reader.

Dan Aris

--
Fun. Free. Online. RPG. BattleMaster.
paving the way to an eWallet future by Anonymous Coward · 2008-05-12 09:10 · Score: 0

I think there is a lot more to NFC than simply enabling existing cards formats.

If you think of NFC in the context of an electronic wallet where you could load an NFC enabled device with multiple cards (say, your credit and debit cards, gym pass, movie tickets, etc), then it makes a lot more sense. For example, you could load all the information on your phone, and replace your current wallet completely.

That's currently not possible with mag-stripe technology, and would require updating the information passed to the Point of Sale (POS) reader with different card information, something that a small electronic device (phone, pda) could do.

From a security standpoint, there are also advantages such as requesting a PIN, or asking for challenge questions. Challenge questions could be based on transaction amounts, etc... The NFC chip does not have to contain (or transmit) card information all the time. It can be stored encrypted on the a chip used by the device (SIM, etc) and be pulled only at the time of transaction. With a limited range and combined with PIN/challenge questions, the time when fraud is possible is reduced. You would also not require to give your device to the store clerk so the device is in your hands all the time.
I, for one, welcome our RFID overlords. by Anonymous Coward · 2008-05-12 09:56 · Score: 0

RFID chips are pretty convenient, especially when one is far too drunk to find their credit card to pay for a cab ride home.
Doesn't wear out. by pavon · 2008-05-12 10:28 · Score: 1

I've been looking into getting one of these, just because I am sick of my magnetic strip getting screwed up a month after I get the card and then having to request another one.

I've heard that at least some of the touch-and-pay systems aren't just passive RFID, but use a challenge-response system which would actually more be secure than a credit card, since the merchant / snooper never sees your card number. If I can verify this then I definitely will be getting one.

So sure, maybe theoretically someone could sit next to me on the bus, and gather enough CR samples to recover the key. But considering all the places that I have used my CC number online, and who knows how many of the merchants store that info, I think that a brute-force cryptanalysis of my keyfob is the least of my concerns.

And besides, since it is a real credit card (not a debit card) the CC company will pay for any fraud anyway, so making sure the system is secure is their problem not mine.
One Fob, Two Fob, Red Fob, Blue Fob by martyb · 2008-05-12 11:01 · Score: 1

I think the (only real) benefit is the ability to get away from card-shaped items and allow key-fobs and the like. Technically, the RFID chip could be put in a ring, bracelet, or on a key chain, etc...

So, if I swing my key chain containing my RFID credit card fobs in the vicinity of the checkout reader... how do I make it scan my American Express(r) card fob instead of my Visa(r) card fob instead of my... ???!!!?
It's not uncommon to see someone open their wallet to reveal a dozen or more credit cards. Besides the majors (Amex, Visa, MC, Discover) there were several more store credit cards and/or gas cards, etc. So what is such a customer going to do... remove the fob they want to use from their key ring, swing THAT fob near the reader, and then reattach it to their key ring? And THAT is supposed to speed things up how? Or, more likely, they'll try and make the desired fob stick out from the others and try and wave that one at the reader... OOPS! It scanned the wrong card. Can you ring that up again, please?
Or, attempting to be helpful, the pin pad displays "We noticed you are carrying the following credit cards; please click on the one you want to use for this transaction." Privacy advocates would just LOVE that one. :/
So, please tell me again what the advantage of having an RFID chip in my credit card(s) is? Given the choice, I'd much prefer sliding my mag stripe through the slot.
1. Re:One Fob, Two Fob, Red Fob, Blue Fob by fahrbot-bot · 2008-05-12 12:14 · Score: 1
  
  So, if I swing my key chain containing my RFID credit card fobs in the vicinity of the checkout reader... how do I make it scan my American Express(r) card fob instead of my Visa(r) card fob instead of my...
  You're giving the CC vendors too much credit (so to speak). Hell Blockbuster sent me a little "key chain" card - like I rent soooo often that I need the damn thing on my key chain. Or the Exxon SpeedPass fob... They're thinking of the advertising potential. Companies only offer things that they think benefit them. The customer is an after thought.
  So, please tell me again what the advantage of having an RFID chip in my credit card(s) is?
  It's not - I agree with you.
  Given the choice, I'd much prefer sliding my mag stripe through the slot.
  I've been telling my girlfriend since we met.
  
  --
  It must have been something you assimilated. . . .
Octopus card payment is 11 years old... by Eddy_D · 2008-05-12 11:09 · Score: 1

Octopus cards are RFID (now) and are _widely_ used in Hong Kong. They were introduced in 1997. I think that's a pretty good case study for the FTC.
http://en.wikipedia.org/wiki/Octopus_card

--
- I stole your sig.
Exactly: Because it plays to it's strengths by Anonymous Coward · 2008-05-12 11:36 · Score: 0

I lived in Hong Kong for a while and left when they were finishing rolling it out to buses (after the local 7/11 and the MTR.)

While there are ways the Octopus card system could be improved, the overall approach works *because it doesn't try to be a credit card*. If you add the capacity to run up huge charges, then the economic dynamic for "is it worth it to break this system" changes. I forsee problems when people say "It works for them!" and then try to bridge the way we buy things with credit cards with that technology.
Radio broadcasting financial info is stupid by Anonymous Coward · 2008-05-12 12:15 · Score: 0

Is it really so tough to have to make physical contact with something I own to complete a transaction?
old Technology by PPH · 2008-05-12 14:10 · Score: 1

We've had a form of contactless payments for years.
Put the cash in an unmarked paper bag and we'll call back with instructions on where to drop it.

--
Have gnu, will travel.
Not quite right by Anonymous Coward · 2008-05-12 19:53 · Score: 0

In the interests of accuracy, a few qualifications of the points raised above:

The "RFID" chips used for tagging items are not the same as the chips used for contactless payment cards. The cards do a lot more than just passively offer up static data. The exact specifications are different between the different card schemes, but generally a random number is provided to the card for encryption with a secret key. The result is used to change the "card number" uniquely for each transaction. So legacy systems can happily transmit the card data, but the card scheme back-end systems can validate the card.

The upshot of this is that contactless cards are not only faster than magstripe cards, they are inherently more secure - even if someone with a directional antenna manages to communicate with your card, they have to have implemented the whole protocol correctly, and even then they only get a single-use number.

On the other hand, that dodgy waiter who's just swiped your magstripe card through a hand-held skimmer has captured your valid card data; which his associates in another country are using to buy stuff with RIGHT NOW!!!11

It's true that contactless card are more vunerable to theft than full-blown chip&PIN cards, but the lack of a PIN is offset by the lower ceiling limit on contactless payment, and by the lack of PIN exposure. As evoked by the "cover it with your hand" comment above, every time you type in a PIN there's a risk of exposure.

But that's not something that the majority of readers here have to worry about - I have heard it said that the chip & PIN standard (EMV) will never be adopted in the US, as it's a European standard, and patriotic principles will prevent it's implementation.
One Fob to Rule Them All by UnderCoverPenguin · 2008-05-13 02:44 · Score: 1

and bind them into debt. (Oblig LOTR ref)

--
Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr