Slashdot Mirror
Plastc Swiped $9 Million From Backers, Now It Plans To File For Bankruptcy and Shut Down (theverge.com)
Plastc announced today that it is planning to file for bankruptcy and will shut down on April 20, 2017, after raising more than $9 million through preorders and shipping to no backers. "Plastc launched in 2014 with the promise of shipping a single card that could digitally hold 20 credit or debit cards that a user could switch between," reports The Verge. From the report: With that, all backers' money is lost, and no Plastc cards will ship. Plastc announced the news on its website today along with the fact that all its employees have been laid off. Its customer care and social media channels have also been shut down. The company explains that it thought it would close $3.5 million in funding in February this year, but that fell through. Another possible investment deal of $6.75 million fell through, too. What's not clear is how more than $9 million wasn't sufficient to get backers their orders. Backers will likely have questions and want their money back, but with no one to turn to from Plastc, they'll likely be out the cash.
Uh, guys? You check the calendar? You're a little late with this story, don't you think?
“He’s not deformed, he’s just drunk!”
Bettr thn gret, fantastc!
If one were to look at the long term history of the financial industry (going back to before wall street was wall street), you'd find bankers, stock brokers et al were inherently distrusted. Financial fraud is/was easy so they did it... Over and over and over.
This is why there has historically been heavy regulation and oversight.
I did not fund this one, but these guys: https://popslate.com/ took my money and still have that website up (though it does say that their models are "sold out"). Message this March that they would not be refunding or fulfilling orders.
Welcome to America. We don't have chip and pin, we have chip and sign, but actually, fuck signing most of the time.
The chip does NOTHING in the USA except make the whole process take longer. Cloners have been available in the US for these cards for years. And you can still run the, as mag swipe (or even phone-in/ "offline" transactions) at a whole bunch of exempted places that don't have to get their act together anytime soon.
Dumb ass millennials say "oh I am investing in this glorious business"
except it's just some idiot making promises that can't be met and then the idiot runs off with whatever money was pledged
Yeah but how the fuck are you gonna say no to Waffles the Memory Foam Corgi?
https://www.kickstarter.com/pr...
...having too many credit cards in your wallet was not one of them. Can't say I'm surprised it turned out to be a scam. The latest crowdfunded crap I've seen being promoted on Facebook: some shysters trying to convince investors that a Samsung Tablet with VNC installed on it is a novel invention.
These days, crowdfunding seems to be less garage/backyard tinkerers, and more already wealthy con artists using it as an easy source of income. Can't say I blame them - if I had the means to promote and profit from some idiotic "invention", I'd probably do that shit too. Anybody want to invest in my solar powered vinyl player which automatically uploads your music to the cloud? I swear, it's going to be the next big thing!
---
DRM is like antifreeze, to the MPAA/RIAA it's sweet, to the consumers it's poison.
Not only $9 million, they were seeking an additional $10.25 million and are going bankrupt because they couldn't get it. I'd really love to see the financials on this company. Nine million dollars in 5 years for no product is quite the haul for the officers.
--- Keep the choice with the user..
The three types of suckers are investors, clients and workers. The most profitable form is to steal from all three and keep the fraud rolling along indefinitely. That is the fundamental model for the financial industry. All the top banks, investment houses, hedge funds, etc skim the wealth generated in the country and put it in their own pockets. That's, along with regressive taxes, underlies the ever increasing wealth disparity between rich and poor.
So what do you think will happen to the scam artists who pulled this off? Will they suffer any economic or reputational damage? No way. They all got out fat and happy, and their business reputation will be enhanced because of their successful raid on a gullible public. I expect they will get better positions with larger companies because of their proven track record of theft.
I expect no change, although it might get worse. I just wish they would stop calling it capitalism.
Why is Snark Required?
Technically, you're actually both wrong. The chip has both an encrypted part and a public part.
Three years ago I did a small crowdfund for a solid state laser cutter; we got 300% funded, delivered our backers' orders in 120 days, and everyone was happy. Small problem: I tell people this now, and nobody takes me seriously because "oh, crowdfunding? must have been a scam of some kind".
I'm ready to go with my next product and since my last one was "too small scale" investors won't talk to me.
As usual, a cool new ecosystem was ruined by parasitoids and saprophytes.
Liberty - Security - Laziness - Pick any two.
I had a Coin (basically the same idea), it worked OK for about two months, then chips became a thing.
I assume that's what actually killed these guys too. Not that it was a scam, but that they couldn't deliver.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Fun fact, call ins and internet orders happen everywhere.
I'm also not convinced the chips are clonable.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
The chip does NOTHING in the USA except make the whole process take longer.
I agree with you, but just to clarify.
It's not the chip that makes the process take longer, it's the US regulation that comes with the US chip that makes the process take longer. And the American regulation requires that the chipped card checks the bank balance and do all the handshakes between multiple networks in real time before it allows the transaction to take place, hence the extra delay.
As opposed to Europe, where the European chipped card could work in a place with no phone reception and no network access, the balance would be kept on the card, and the balance would later be reconciled in a central ledger at the end of the day, or at the end of the week (I'm not sure which). But this of course made the card super fast to use.
In other words, let's say you have one thousand dollars in your checking account. In the US, a cloned card could effectively steal that $1,000 from you. But in Europe, let's say you have 1,000 Euros in your bank account, you make 1,000 clones, and you ask 1,000 criminals to all use the card at the same time by sending them the pin via text messages all at once, then it would mean that the bank could potentially lose 1,000,000 Euros by the time it adds up all the transactions of 1,000 Euros when it finally reconciles everything.
Of course, I'm skipping over some technical details, but that's basically the gist of it. Also, I should mention that it's much easier to crack one card in a couple of weeks and clone it 1,000 times than having to crack 1,000 separate cards to clone them once. And also, some chipped cards are allowed to be used without the pin, because not everything on a chipped card is encrypted, and that's ok for some businesses because they'll limit the amount of the transaction when the pin is not used, and also they can take other security measures, like video recording the person, or video recording the car of the person who used it, or something else entirely. And in the end, no system is perfect, and that's ok. A security system just needs to be difficult enough for criminals to crack and low reward enough to make the risk too high for most criminals to want to take.
> Cloners have been available in the US for these cards for years
Prove this statement because it smells like bullshit to me.
Point me towards a cloner (or even an article that describes how to) for chip & pin cards or stfu with your hyperbolic bullshit. HINT: incorrect implementations of emv. (ie: using non-random UN's) aren't clones.
Again, we don't have chip and pin in the USA. We have chip and LOL. It's a farce. Cloners have been available for years.
AFAIK In Europe connection generally IS made to the banks (on occasion this can be slow, or fail and need to be retried, which have both happened to me), but provision is made for disconnected terminals. For your hypothetical attack people would need to find unconnected POS terminals, which are pretty uncommon now. Contactless is another matter, but there is a low transaction limit.
Why is it a farce exactly? Works fine in europe and asia.
Or they would need to do a ddos attack on the relevant phone lines or networks, or cut an underwater fiber cable to a bunch of islands, or blow something up, or wait for a semi-predictable natural disaster to occur, or even find ways to affect the power grid because many handheld POS systems in Europe are portable and battery powered.
takes off with the loot. This is just one more in a long string of heists that Americans have pulled off using crowdfunging websites. It's the American business model I guess, find someone who is willing to pay or invest, then just make off with the money, knowing very well there was a clause in the contracts or agreements that allowed you to.
If you're an American, you may have some chances to recover your money or investment. Which also gives the signal to Asians, Russians, and Europeans: if the business is American, be very careful before you buy in, because you have 0 chance of getting money back if it fails.
I do think that below a certain threshold amount, making the connection isn't mandatory. That's usually when it goes quickly and it doesn't say "connecting". I've only seen it happen on small amounts. Do note, that this is what I conclude from the behaviour. It would be better if someone who actually knows how this works to chime in.
If anything, I do not think that it's the card that stores the transaction. It would not make any sense at all. Imagine I do a 1000€ purchase, and it would be store-on-card. At that point, I destroy the card or never use it again. My card never gets the chance to "synchronize" with anything. Now, perhaps I misunderstood what you meant with "the balance would be kept on the card", but it definitely doesn't involve storing anything on the card. It's the terminal that must store and forward the transaction. Granted, it doesn't change anything in your scenario, but given European chip 'n pin do connect, I doubt you attack would be feasible (ignoring the fact you need a 1000 unconnected terminals, which is doing to be very hard to find).
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Well, I was at a restaurant at a ski station really high in the mountains, the prices were really expensive, and the handheld POS device didn't have a connection.
And yes, I do realize that many ski resorts in Europe have ok cell phone coverage, I remember seeing the billboards of cell phone companies advertising that fact on top of the mountain itself, but I don't remember seeing those billboards at all the ski resorts I've visited and like I said, at least one restaurant at the top of a telepherique didn't seem to have coverage and yet the European chipped cards still worked.
But then again, it's been a few years since that happened, so maybe the security of chipped cards in Europe has been upgraded since then. I don't know.
The way actually successful implementations of this idea work, is that the card is yet another chip with its own identity and keys, and you can register it as an authorized id at the other companies.
i.e.: you do not *copy* 20 different credit card on it, you ask your 20 credit companies to accept also the key inside this card as ID proof.
that works nicely because wireless NFC / RFID (and contact smartcards for the LUDDITES! still using that ;-) ) is standardized, meaning that in practice it really all boils down to "accept yet another key", there is no real need to modify hardware.
---
(And yes my second example is a plain watch which also has an RFID chip. Not a smartwatch with software controlled NFC. It completely predates the Apple Watch craze by a few years. And actually works with way much more different ski resorts accross europe than advertised).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
There was a time when I only bothered with one card. Then I woke up and realized that this was a bad idea as all your eggs are in one basket. Mostly because I had my wallet stolen and it was a right pain and that was 20 years ago. It would be worse today.
Now I have one debit card, and two credit cards. I hardly use the debit card other than to withdraw cash from an ATM. Almost every card purchase is done with a credit card and I *NEVER* use the debit card on the internet. I only carry one of the credit cards with me, the other is heat sealed in a shielded bag between two pieces of cardboard. It's linked to my Amazon account and PayPal so it keeps ticking over with transactions. This card is for physical use in the even my primary card is lost, stolen, cloned, broken or the bank is having issues. It lives in a draw in my house, and when flying on holiday it travels in my suitcase separate from me, in case my main card has any of the above problems. Being heat sealed in a bag I can tell if it has been tampered with.
Further one of the credit cards is Visa and the other is Mastercard and they are issued from different banks. Finally I keep in a safe place in the house 150GBP in new notes (10*10GBP and 10*5GBP) for emergency use should both banks have issues at the same time.
From my understanding, in Europe, the chip and pin does make a connection. Terminals generally do have a connection.
Normally, they have a connection, yes. Real-time banking is not instantaneous, but usually faster than counting out change for cash. If the connection is down, they usually fall back to printing receipts that you have to sign to validate use of the card.
If anything, I do not think that it's the card that stores the transaction. It would not make any sense at all. Imagine I do a 1000€ purchase, and it would be store-on-card. At that point, I destroy the card or never use it again. My card never gets the chance to "synchronize" with anything.
Doesn't work that way. Of course any offline transaction is stored in the sellers terminal - at some point the seller go online & synchronize with the bank, and then the money is pulled out of your debit card account. (Or charged to some credit card you will be billed for.) It won't matter if you destroy your card. If you want "free stuff", you have to destroy the sellers terminal or backend computer. The seller will likely object to that, it is equivalent to taking the money back after paying.
They may store a copy of the account balance on the card. This is only for your convenience - so the card can report "out of money" and reject the offline transaction. This protect you from overdraft fees. Getting around such protections may be possible, but it will only let you go a bit deeper into overdraft debts. Doing that is usually not very interesting, unless you're financing something like a suicide attack and therefore don't care about ruining your own economy & credit rating.
Granted, it doesn't change anything in your scenario, but given European chip 'n pin do connect, I doubt you attack would be feasible (ignoring the fact you need a 1000 unconnected terminals, which is doing to be very hard to find).
That attack would definitely be feasible.
*BUT* the unconnected terminals would be limited to a small amount only.
So at the end of the day, the bank only loses a couple of thousands of EUR, (Well within something they can live with)
or bounces the transaction back and a thousands of shops are a few dozens bucks back. (Again, well within something they'll survive with)
Contact less payment are basically the same but even lower (only a few bucks are accepted without asking for a PIN)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
That's why 'plastic' could never mimic a chip card; because to mimic the behaviour and 'signing capabilities' of such a card would require knowing that secret information along with associated algorithms
Or, inversely, it could hold its own sets of secret information, and the plastc compagny would register these as an acceptable form of ID / as altenate accepted signing to the other companies.
(I.e.: when you "copy" a credit card or an access card to it, what actually goes behind the curtain, is that in the DB of the bank or some other company the plastc is added as yet another accepted form of ID for you next to whatever contactless card / RFID fob you were already using).
At lest that's how it is actually implemented in the realworld by other companies that didn't go bust like plastc.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Actually, they're one of the copy-cat companies which jumped on the idea when the originating company published their idea. That company is still alive, though struggling. The biggest setback was chips. You're supposed to pay using your chip now, swiping is reserved for the restroom. These multi-card cards don't have chips.
Some do.
The idea is that you're not trying to *copy* the data from the source card's chip to the multicard's chip.
The mutlicard's chip has it's own private credential on the chip.
What you do is you register said credential as yet another acceptable ID at the other company.
(So the company isn't accepting only info of Card A - that also got copied on card B. But the company is accepting any of the private key on the chips of either card A or card B).
I can open a shared car with my train pass, because the carsharing company accepts to recognize the train pass as also identifying me.
This concept has been popular for ages for ski passes across european ski resorts : nearly all companies accept each others wireless cards (to the point that it even ended up in wrist watches).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
So what is the alternative though? Middle men who evaluate prospective investments and allocate your savings accordingly? That is basically how the financial world outside crowdfunding works, and the result has been that central banks have to keep bailing out the bad investments to the point where almost every asset class is detached from any fundamental valuation, and people are paying governments to borrow money from them.
I actually think we are closer to a working system in crowdfunding. Yes there are a huge number of scams and failures, but these quite obviously exist in almost every other investment market. Just look at how things like LIBOR were rigged to understand that an official regulated system is no protection against the same sort of people who might try to take you for a ride on kickstarter. The difference on crowdfunding sites is that it is relatively easy for someone who has done a bit of research into a business to figure out whether the idea is a scam (for example, using basic science). The other thing about these sites is that nobody is crying for the people who lose money on these things. This is how it should be. People waste money all the time. The main problem is when they waste money and then the taxpayer runs to the rescue to bail them out. That crowdfunding still has the notion of buyer-be-ware about it seems quite healthy.
I imagine as these things develop (and move towards micro-equity sites) a whole industry of third-party auditors will spring up who will be able to validate basic information about a business - such as whether the idea has plausibility issues, that the owners are who they say they are, and that the funds are being spent as stated. There are already a lot of these things in place, and I get a sense that many of the people losing money on these scams are actually not that bothered about it, and see it more as throwing a few dollars at a bunch of ideas to see what sticks. This is not necessarily unhealthy if people can handle the losses.
It is quite easy to steal small amounts of money from a large number of people. Most people will not pursue any serious legal action.
This is a limited liability company. All profits and assets will flow one way to the owners, all liability will stop with the entity that goes bankrupt. But corporations are people my friend. And the courts are ruling corporations have free speech rights, and have ruled spending money is speech, they also have free will, conscience and religious liberty, according to our courts.
It takes two real people and nine months to make a fresh citizen, and just a filing fee to create a corporate citizen. Real citizens can not dodge criminal liabilities of their actions, corporate citizens can. They are only assessed civil damages at best.
These corporations play one party against another and are going scot free. (scot was a kind of tax in old England).
Corporations are a great threat to our liberties. People who rail about and aware of the threat government power poses to our liberties are silent about the threat posed by corporate power.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Besides, all it needs is a phone line.: Classic POTS for the terminal base to be connected (the handsets can be wirelessly connected to it), and if those people had a phone, they had a connection.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
*of course* it doesn't... That's was the whole point of the thought experiment.
That would be a reasonable assumption. I wouldn't count on it... Overdraft fees are the bread and butter of banks ;-)
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Correction, it was a "Siemens S35i" and a "Psion Revo Plus". It's been ages, I even thought of that setup.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Why is it a farce exactly? Works fine in europe and asia.
Because Europe and Asia don't use chip and sign. Chip and sign is for Americans getting odd looks from retail personnel when we present a credit card in those areas.
How your comment currently sits a a number 3 considering you have very little truthful information in your statement if quite interesting.
First, the "speed" has nothing to do with the US regulations. The initial speed has everything to do with the conversation that happens between the card and the terminal (ATM and POS). This is what unlocks the card to allow the transaction selection process to continue. In Europe, the PIN of the card is entered to actually unlock the card, in the US, the card is just "unlocked" automatically. Now, please don't confuse the PIN of the card with the PIN of the transaction: they are two very different security items.
Second, this network balance traffic is not true. There is typically a single message that is sent out from the terminal that has all of the needed information. If the transaction is authorized, that is when the account balance (which is NOT a network or EMV requirement) is sent down to the card.
Third, there is no bank that I am aware of that actually allows for offline transactions. There could be some arrangements between particular banks and merchants, but it is not a generally accepted practice within the industry. Banks love to avoid risk whenever possible.
As opposed to Europe, where the European chipped card could work in a place with no phone reception and no network access, the balance would be kept on the card, and the balance would later be reconciled in a central ledger at the end of the day, or at the end of the week (I'm not sure which). But this of course made the card super fast to use.
I haven't seen any chip and pin device in Europe that DOESN'T require an authentication / authorization step. If it's allowed at all it would only be on small transactions - train tickets, snacks etc. The same is true for contactless transactions which don't require authentication on small payments but will still authorise payment usually by asking a server.
It also doesn't make the process any slower in my experience than paying by swipe. If chip and pin is slow in the US it's probably more to do with people being unfamiliar with the process, inconsistencies between different stores / banks, or people forgetting their pin etc.
How do you know it didn't have a connection? Handheld devices can talk remotely to a base station at the counter in the restaurant. It would either dial up on demand over a telephone line or it would be connected over a data network. Even a restaurant on a mountain can get a network - probably easier than some other places since it's probably line of sight with a mast.
Of course, I'm skipping over some technical details, but that's basically the gist of it. Also, I should mention that it's much easier to crack one card in a couple of weeks and clone it 1,000 times than having to crack 1,000 separate cards to clone them once. And also, some chipped cards are allowed to be used without the pin, because not everything on a chipped card is encrypted, and that's ok for some businesses because they'll limit the amount of the transaction when the pin is not used, and also they can take other security measures, like video recording the person, or video recording the car of the person who used it, or something else entirely. .
Not your fault as your points are sound, but I find your statements to be a bit ironic. You see, you started your post because somebody bitched about how the chip does nothing in the USA except delay the whole process. I guess you don't know because you're not like this, but the people who say stuff like "The chip does NOTHING in the USA except make the whole process take longer." are also the super paranoid people who find everything to be an invasion of their rights, so they'd also never agree to your suggestions of videotaping their cars, the transaction itself, and so on.
You need to do more research. Nearly all vendors allow for offline transactions. They merely shift the liability for failed transactions back to the merchant and provide a floor mechanism to be specified by the merchant.
If the merchant wants to accept $5 sales and is willing to take the liability (most do), no problem. If the merchant doesn't want to accept liability....also no problem (the transaction will be failed).
Actually, they haven't. You can clone the mag strip, but most cards now register that they have a chip. The bank won't authorize it by mag strip if a smart card is present; you can still copy the mag strip and use it for offline attacks (e.g. use it to buy crap through Paypal).
A smart chip--the type of tool embedded in an EVM card--is a miniaturized computer with an I/O protocol. When attached to the reader, it's powered up and accepts commands. It doesn't release the key, and only performs digital signing within its own memory space and returns the result.
Some implementations in early chips used DES, which has cryptographic weaknesses. It's possible to crack DES in a few hours and recover the key by analyzing signed known-plaintexts, allowing for cloning. Most early implementations used 3DES or RSA at a currently-unbroken level, making this attack impossible.
Amusing: SD cards are also microcomputers and communicate over an I/O protocol. Direct access to SD card NAND is not possible; loading an operating system onto an SD card and making it perform computations is possible.
Support my political activism on Patreon.
No, it's a fool and his money...
And don't call me Shirley!
Easiest answer here is for the US gov't to mandate minimal acceptable response times for chip banking transactions. There's precisely no reason why it should take longer than a second or two to authenticate any consumer debit. If it takes longer than that, the bank's systems are broken and should be fixed before they're allowed back on the network.
Everywhere else in the world, chip transactions (including a roundtrip to the bank) happen very quickly.
A government is a body of people notably ungoverned - AC
And the American regulation requires that the chipped card checks the bank balance and do all the handshakes between multiple networks in real time before it allows the transaction to take place, hence the extra delay.
That is not typically the reason for the delay. The fact of the matter is that the US region required online processing for EMV because at least 90% of the transactions in the US were already online only. There are some significant attacks against offline EMV that are entirely mitigated by online processing. There are no known attacks on Online EMV with card present. Even without a PIN, you cannot duplicate someone's card or skim it. You can steal someone's card and use it, but you cannot create a cloned copy of the card and use it.
The problem in the US is entirely with poor implementations. The most inexpensive terminals manually check a list of supported brands against the card's brand(s) one at a time. The brands have IDs that can be incredibly specific. A lot of the processors I've worked with want to manually add each and every ID to their configuration basically saying "I support North American MasterCard. I support Australian MasterCard. I support European MasterCard..." for basically every region in the world when they could just say "I support MasterCards of all types." So the card terminal sits there for a solid 10- 20 seconds just going through its list asking the card "Are you this brand?" Literally. Regulations in the US require you to support "US Common Debit" if you're going to allow debit transactions. There is literally one additional ID that is required to be supported in the US versus other regions. Furthermore, you'll find that transactions go online and receive approval in Europe somewhere on the order of 70+% percent of the time and are still faster than US transactions. I'm working on a project right now for a company halfway across the world from me and, when I have control of the terminal flow, I can run through the entire process from the US, 8000 miles, back to the US for issuer authorization, then back that 8000 miles to the processor and back to me in about 300-400ms. With a processor who lives in the same city, I can complete a transaction in 100-200ms on a slow day.
When I say that, I'm obviously excluding transactions that require prompts, but one where I have the terminal flow set to run the transaction from end to end the instant the card is inserted into the terminal with no further human interaction required.
As opposed to Europe, where the European chipped card could work in a place with no phone reception and no network access, the balance would be kept on the card, and the balance would later be reconciled in a central ledger at the end of the day, or at the end of the week (I'm not sure which). But this of course made the card super fast to use.
They have not done this in Europe or anywhere else in a long time. I think the last card issued that behaved in this way was around 2007. Some of them haven't expired in their countries of origin and you still have to support this capability in some regions, but it's being phased out. You cannot trust a balance from an offline transaction. The terminals all have a transaction ceiling which, when hit, a transaction is forced to be processed online. In the US that limit, from a liability standpoint, is $0. For most European merchants, they use somewhere on the order of 20-40 pounds/euros/whatever. Basically a high enough limit that you can recharge your metro card. That limit is also based on the type of merchant as well. The majority of card fraud occurs at gas stations and the industry has completely different rules for unattended gas pumps.
And also, some chipped cards are allowed to be used without the pin, because not everything on a chipped card is encrypted, and that's ok for some businesses because they'll limit the amount of the transaction when the pin is not used
Lose your wallet all the cards and IDs in it are at risk.
Sad that so many backers thought this was something. NFC can do this job. I just don't see a viable future for a separate digital card.
But then, if you lose your phone you've lost a lot.
It's not clear, but speculated that with chip and sign, it is entirely possible:
https://www.wired.com/2015/09/...
However, what has actually happened is that most fraudsters, who are as technically capable as your average script kiddie, have just found other ways of defrauding you rather than try to solve a hard technical problem. The most popular method now, and which I personally know many people have been facing, is opening a credit card in your name and using your potentially great credit score against you. This is ALSO because credit card companies are dropping the ball.
This is why we should not let idiots with MBA degrees use statistics to make decisions. "If I make this one change, I will fix 60% of the problem! I'm done!", and a month later the mole pops up another hole. So no doubt they will try to close this new hole, and the criminal element will look elsewhere, perhaps back at cracking EMV and it's known weaknesses, one of which has been identified:
http://blog.unibulmerchantserv...
(TL;DR: It's not guaranteed and work for some uses, but it's a crack in the wall)
Because Lord knows I want to trust my financial transactions to a start up with no proven record of performance or trustworthiness, and pay for the privilege!
The summary is wrong, these were not "preorders". This is the whole problem with crowdfunding and it's the reason I think they either need to either outlaw it, or require some sort of educational barrier to entry. Require new users to go through a course and take a test at the end so they understand WTF they are actually doing with their money. Most people do not understand that Kickstater and indiegogo are not storefronts to go preorder stuff, they are sites for FUNDING a company or product. That comes with a lot of risk. Fraudulent projects aside, it's entirely possible that it will fail for legitimate reasons. Inexperience, production issues, regulatory issues (oops, looks like we need FDA approval? RIP). Before these microfunding sites came to be there were some hefty barriers to entry, both financial and regulatory, for people wanting to invest in new companies. It was assumed if you could get over those barriers you at least knew enough to know what you were getting into, even if it didn't mean you would make wise choices.
I browse on +1 so AC's need not respond, I won't see it.
Why does the balance need to be sent to the card at all? POS terminal sends "I need to authorize a $30.47 charge", bank sends back "Approved" or "Denied" along with a transaction ID. Why would the POS terminal ever need to know a balance associated with a card?
Enigma
Ahhh, I suspect that is why my "tap" functionality has a limit (found that out a couple weeks ago). Makes sense, as I think the cap is like 100$, so sure someone might run around with a bunch of cloned or stolen cards, however at 100$ per tap, they would have to use it a LOT to actually steal any amount of money (in a relative sense from a bank). Using it so much, probably means they get caught also.
That said, the whole business plan for the service seems to be flawed in so many ways.
1st of all, most people I know want to use LESS cards, not more to take advantage of the rewards program.
2nd with VISA/MC already having a monopoly why would they want to participate?
3rd with card companies why would they want you to be able to use other cards, again why participate?
4th while consolidating might be useful, that would likely break terms of contract, or they would re-write the contracts so that it does.
5th people with 20 credit cards are likely the ones that are highest risk to default in the first place, making the service undesirable.
In all, I can see why no one wanted to invest, and it failed. How they spun it to get the initially 9 million is a a mystery to me (unless they got significant buy in from MC/VISA and/or a number of banks etc..).
I wish I had mod points.
You sir, win the thread.
The contents of this message have been doubly encrypted by ROT13
Why is it a farce exactly? Works fine in europe and asia.
Because Europe and Asia don't use chip and sign. Chip and sign is for Americans getting odd looks from retail personnel when we present a credit card in those areas.
Canada has chip-and-pin and have for a long while. I don't know what's wrong with the US banks and why they want to do their own, less secure option. Perhaps they plan on going to chip and pin once a certain percentage of card readers have been upgraded to support chip. There are still about 40% of the vendors (restaurants, etc.) that I deal with that have the chip part blocked off because their system doesn't support it.
> Cloners have been available in the US for these cards for years
Prove this statement because it smells like bullshit to me.
Point me towards a cloner (or even an article that describes how to) for chip & pin cards or stfu with your hyperbolic bullshit. HINT: incorrect implementations of emv. (ie: using non-random UN's) aren't clones.
Again, we don't have chip and pin in the USA. We have chip and LOL. It's a farce. Cloners have been available for years.
Can you point us to a resource that shows that you can clone a chip for online processing? To my knowledge, you cannot. Since the US has a floor limit of $0, all transactions go online and you cannot use a cloned card. Not to mention that Chip + PIN is completely possible in the US, and is expected to roll out in the next year or two. In my experience, it's actually the US based credit card processors that don't want to support PIN right now, and not the issuing banks.
While Val Thorens is not the most expensive ski resort in Europe, it still ranks pretty high up there because of its altitude. If you're going to have the benefit of not needing artificial snow when other ski resorts do, then many of your customers during the late season are going to be top government officials and CEOs, and cell phone networks (not to mention the NSA and the Russian FSB) will do everything in their power to make sure those types of people have the illusion of perfect coverage and perfect service wherever they are.
You think he'll stop at 8?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
If chip and pin is slow in the US it's probably more to do with people being unfamiliar with the process, inconsistencies between different stores / banks, or people forgetting their pin etc.
Yes, it's some of that, but not only that.
I have experience using both kinds of cards, both in the US and in Europe, and in the US, the process of using a chipped US card with a pin is definitely a lot slower than using a US magnetic-only debit card with a pin. For one thing, the system won't even let you enter your pin for a chipped card in the US until the connection has already been made, so there is no kind of caching that is even allowed.
And I guarantee you that if you ever come to the US and tried an American chipped card yourself with a pin, you would notice the difference in speed yourself. There is absolutely no doubt in my mind about that. The only part that I'm fuzzy about is the European system these days, because it's been a few years since I've used it.
I've used chip&pin at Target, and it works well. Everywhere else that I've had to use the chip, my experience agrees with yours.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Depends on whether there's fraud or not. I've heard of a case where the bank insisted that a guy who spent time in South Africa must have snuck into the UK again to use his chip&pin to withdraw money.
"When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
In the US we have about the same percentage of new chip readers masked off because the software to run them is not installed yet. The difference between our systems is that when the US readers are all working, they will support the same crappy chip-and-sign that does nothing to aadd security. You will have real chip-and-PIN.
my recently cloned card was *only* used at swipe terminals, they did not use the chip feature.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
That has got to be the most silly explanation of why a place has good coverage, I've ever read.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
In all seriousness though, removing the part about the CIA and the FSB, the top ski resorts in France do have giant advertisement billboards on top of mountains in the middle of nowhere (reminding that a particular cell phone network still works there).
And this is in no small part due to the fact that some CEOs will see some of these billboards and that some of those CEOs control companies with 10,000+ employees (all possibly requiring a company cell phone).
That would be a reasonable assumption. I wouldn't count on it... Overdraft fees are the bread and butter of banks ;-)
Yes, but in some European countries, like in France for instance, those kinds of fees are heavily regulated by the government.