Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC to Scrutinize Contactless Payment Technology

Posted by ScuttleMonkey on from the after-they-are-already-in-passports dept.

coondoggie writes to tell us that the Federal Trade Commission (FTC) will be taking a look at contactless payment systems and the consumer protection issue surrounding them. "RFID technology provides obvious benefits, the FTC said. For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective. However, there also may be costs regarding consumers' individual privacy rights associated with it."

12 of 103 comments (clear)

  1. What I don't get... by tgd · · Score: 5, Insightful

    Is why we're once again bucking the trend and doing something different?

    A lot of the world is using chip+PIN, which while not perfect is still drastically better than what we've got, can't be sniffed from remote, is much more of a distinct action and has a huge install base.

    I'm not sure what this obsession with RFID payment methods is.

    1. Re:What I don't get... by gnick · · Score: 5, Funny

      Thats why you have two hands. Cover your PIN with your other hand. No it's not. I have two hands because my ancestor who first developed a mutant hinge at the end of his stubs had two arms.

      But, now that I have these two wonderful hands, covering up my PIN is one of the things I can use them for.
      --
      He's getting rather old, but he's a good mouse.
    2. Re:What I don't get... by spectrokid · · Score: 4, Insightful

      Because safety is a non-issue? You see there are two possibilities. Either you develop a safe system, or you make all your customers pay a little extra to cover for the thieving. In a huge market like the US, and with no real push to go for safety, bankers will do what bankers do best: they will think in money, not in safety (read: engineering). RFID on the other hand, has the possibility to make payments easier. With the payment going faster, shops will need fewer cashiers, customers get the impression things are going faster, everybody wins!
      It is realy social security all over again. Americans have to pay less taxes, because they don't spend so much on keeping the poor of the street. The money they spend on guns, alarm systems, private security is conveniently forgotten. I mean tax is like, well..tax. The fact that you pay for armed security every time you buy a tshirt in the mall, well that is not tax now is it?

      --

      10 ?"Hello World" life was simple then

  2. We are too lazy.. by Junta · · Score: 5, Insightful

    When doing anything that requires something to physically touch is considered too much work and we'd rather risk our financial info being wirelessly transmitted than have to swipe a card, we have serious issues.

    And all this about inventory tracking is kind of an orthogonal point to payment isn't it? I for one certainly don't mind them being able to wave rfid wands around a vague area and account for an entire big package without having to scan a unique barcode for every item. I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item). However, I don't see the big benefit of avoiding physical contact with my payment device (which I wish was more technically secure than my mag-stripe credit card).

    --
    XML is like violence. If it doesn't solve the problem, use more.
    1. Re:We are too lazy.. by eln · · Score: 4, Funny

      Are you crazy?! Payment devices like PIN pads are cesspools of dangerous germs! They have 3,000 times more germs than a toilet seat, and touching them quintuples your chances of contracting horrible diseases like West Nile virus or the Bubonic Plague.

      PIN pads are the next great threat facing your health and the health of your children. Did you hear me? These things could KILL your CHILDREN! You mustn't touch them! You must carry around the econo-size hand sanitizer and use it every time you come within 30 feet of a PIN pad or anyone who has recently used a PIN pad.

      For more on this and other everyday items that can KILL your CHILDREN, watch Action News at 10, with weather from Skip Stormy and the DopplerXtreme 6000.

    2. Re:We are too lazy.. by Chosen+Reject · · Score: 5, Interesting

      I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item).
      I'd be bothered by that. Well, not me, but my wife would. She watches as each item goes by to make sure that the price they are charging is the price that was on the shelf. I just let it go, but it seems that nearly every time she does the shopping at least one item is priced higher at checkout than on the shelf, and because they do it one item at a time, she can catch that easier.

      Maybe with RFID being used the entire trip from maker to deliverer to stock boy to shelf to checkout then they can keep the prices updated better, but until I see it, I doubt my wife or people like her will end up using any less time at the checkout for this reason.
      --
      Stop Global Warming!
      Just say no to irreversible processes!
  3. Personally by esocid · · Score: 4, Insightful

    I won't use any contactless methods of payment. I know there are ways to capture info from a swiped card, but it's at least harder to get away with that just sniffing for RFIDs in the area. I'd rather not have my financial info available no matter where I go, as opposed to it being available when I use my magnetic strip once per payment. It's selling point is ease and quickness of use, but I've never heard anything about security.
    And yes, I abhor the idea of RFIDs in passports too. I'll cover it in tin foil, along with my head.

    --
    Absolute power corrupts absolutely. indymedia
    1. Re:Personally by Talennor · · Score: 4, Insightful

      the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. . . . [they] have an extremely limited range - a couple inches Actually, the range depends almost entirely on the antenna and power of the reader, not the card. You can do a lot more than a couple inches (though the reader will be directional and may need to be aimed).

      It's not until you start working with battery-powered active transmitters (highway EZ-Pass boxes for the fast toll lanes, etc) where there would be a realistic security risk Another example of what I just said, in Atlanta the toll passes are now just the inductive-powered cards, thin paper you stick on your windshield. No card-side power and it's read >70mph. Quite like how someone could read your credit card while you pass by on the interstate.
      --

      //TODO: signature
  4. Re:Lower repair costs. by Lumpy · · Score: 5, Interesting

    Problem is that the cost of Credit card and Debit card fraud is incredibly small compared to the cost of even giving slightly improved security to the system we have now. The number pad could have dynamic numbers. the numbers on the pad change for every use, scrambled so a camera off axis cant see the numbers from the pattern. Even changing to the smart-card based cards is far more expensive than the amount lost to fraud.

    Banks, contrary to what they advertise and tell you, do not give a rats ass if someone steals your money or identity. So they will do as little as possible to make sure information is secure. If it costs them money, they will do everything possible to not do it.

    The RFID based card system has even died. Most banks did not offer the cards and almost every store and restaurant I saw that had the readers installed now have them removed, almost everyone is abandoning it. Glad to see the government researching a dead technology. I wonder when they will research if the 6809 processor is safe for use in space.

    --
    Do not look at laser with remaining good eye.
  5. Octopus by demonbug · · Score: 4, Insightful

    While I have serious misgivings about the privacy and security issues surrounding RFID (or other) contactless payment systems, I have to say that they can be extremely convenient. On a recent trip to Hong Kong, my wife's aunt (resident of HK) gave us each an Octopus card pre-loaded with a few dollars when we arrived.
    Super convenient. My wife put hers in her purse, I put mine in my wallet. Going somewhere on the subway? Just pull out my wallet, slap it on the reader, and I'm through the gate. My wife could just wave her purse across the reader without even taking it off her arm (assuming the card was in her wallet near the bottom of the bag - it seemed to have a useful range of only 3-4 inches). No searching around for the right card, no worrying about losing the ride card between stops, just slap it down and it automatically calculates the fare and deducts from the amount on the card. When you need to increase or recharge the value on the card, you just take it to the recharge machine, pop it in, and put in a few dollars (or credit/atm card, whatever).
    In HK the cards are accepted on pretty much all forms of mass transit (trains, subway, buses) as well as at an increasing number of convenience (too many 7-Elevens) and other stores (and supposedly taxis are supposed to be accepting them soon).

    I think this is really the ideal use for contactless payment. Basically a replacement for carrying cash around, used to pay for the multitude of small-ticket items and services that you make use of during the day. We do it here in California with FasTrak for paying tolls, but there are a lot of other potential uses. It also makes particular sense for transit, where it not only works to make the actual payment but also replaces the need for a fare ticket, doing the journey tracking by itself. These types of uses also in many respects counter some of the privacy concerns - if you're worried about someone tracking what you are doing, you can always just use cash to increase your balance on your card, or even get a new card every time rather than recharge (though that seems wasteful). Requiring recharge, rather than tying it directly to a bank account, also means that you only ever have to worry about the amount you put on the card. Just like carrying cash around, but more convenient.

    On the other hand, I really don't see any reason to have an RFID-enabled credit card. If I could use a cash card for small purchases then I'd only be using a credit card for larger ones; the few times a week (or whatever) I'm doing this it really isn't a hardship to have to pull out a card.

    I think there are some awesome, efficient, all-around great reasons to introduce contactless payment systems for some purposes. However, due to privacy and security concerns (and the lack of any real advantage) I don't see why anyone would want something like an RFID-equipped credit card. Too much potential for abuse, with little or no real benefit (to the individual - no doubt businesses would find all sorts of fun uses for cards tied to individual people that they can remotely sniff).

    1. Re:Octopus by Freeside1 · · Score: 4, Funny

      We do it here in California with FasTrak for paying tolls... Beware, if you or a loved one leaves their FasTrak (or other automatic toll device) behind when they move/get a new car, think twice about shipping it to them...
      luckily I didn't learn this from experience, but word of mouth.
  6. Re:Hmmm by rfunches · · Score: 4, Informative

    IAACPRC (contract postal retail clerk)

    Express Mail gets lost. Trust me, I've had it happen once or twice in my two years' work at a contract postal unit (meaning I work for a business which runs a USPS-funded post office) because EMS is just like any other of the "usual" services - Delivery/Signature Confirmation, Certified Mail, Insured Mail. These barcoded services are traceable, but only at certain points, and in some cases (e.g. DC and Certified) USPS only guarantees you'll get a delivery scan; intermediate scans are basically a "courtesy" to the customer. The only advantage of EMS is it includes $100 of insurance and it's scanned in at every stopping point.

    If you really don't want something to get lost, send it Registered Mail. Registered stuff doesn't get lost; it's someone's job, because they can literally narrow it down to one employee who last had the item in their possession. Every employee who takes a registered item into possession has to sign for it, so there's a traceable system of receipts linking an item to an employee from acceptance to delivery.