Privacy Pitfalls in No-Swipe Credit Cards 261
Nrbelex writes to mention a New York Times article about the privacy pitfalls of 'no-swipe' credit cards. Despite assurances from the card companies, researchers Tom Heydt-Benjamin and Kevin Fu were able to easily retrieve data from the new cards ... data available without encryption and in plain text. From the article: "They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150. They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50. And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. 'Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?' Mr. Heydt-Benjamin, a graduate student, asked."
Original research paper (Score:2, Informative)
http://prisms.cs.umass.edu/~kevinfu/papers/RFID-C
gentlemen, start your soldering irons
Re:Oyster Cards on the London Underground (Score:5, Informative)
Bob
How they think about fraud (Score:5, Informative)
So even though the credit card companies should do more to protect the information from a logical and PR perspective, they've already decided that the small potential increase in the cost of fraud is outweighed by the increased use of these cards that some people consider more convenient.
Re:Oyster Cards on the London Underground (Score:5, Informative)
I do know about the thugs who pose as Ticket inspectors... I was once getting off the SilverLink COunty service from Euston to Harrow and Wealdstone, and the "thugs" were waiting on the stairs.. I shown my Oyster (travelcard, not pre pay) and he checked with the reader, then grunted in a few loud syllables that would make an orangutang proud "Not Valid". And pushed me aside.... (for once i was glad there was CCTV in the area).
I piped up, louder "Of course its bloody valid!" and fished out my record card. It seems there was another chap also given the rough treatment...
Mr gorrilla, said "That record card must be fake!" with obvious snicker.
"Call your manager NOW, before I call the Police!"
He was saying "You do that sonny," when his supervisor came to see what the commotion was about (The other guy next to me was makign an equally loud commotion)..
He checked my record card, and saw it was perfectly valid.. then checked the readers of the baboons, and found them set for zone 6.. WTF.
With a lot of apologies, we were allowed to move on.
My suggestions for anyone who has an issue with these blokes, write a letter to both TfL and Silverlink.
I do understand they do need to check for tickets, they are loosing millions of pounds a year thanks to fare avaders. And nothing annoys me more than watching people chance it.
However, their bahviour is not on.
Re:Citi PayPass (Score:3, Informative)
Meanwhile, out on the Long Island railroad (also run by the MTA,) you now pay a penalty of $5 or so when you buy a ticket for cash on the train. They want you to use the vending machines or the last few remaining human-staffed station booths instead, with the same resulting traceability. You even get all sorts of bonuses if you let them just mail your tickets to your home and charge your card.
Re:You mean... (Score:3, Informative)
Re:Dumber then not signing (Score:3, Informative)
Liability, merchants, and you (Score:4, Informative)
Everyone keeps saying, "Who cares, I'm not liable if someone takes my card and uses it", and that "The banks eat it".
No, they don't. The merchants do. And the customers end up covering it in the end.
I own an online retail business. If someone disputes a purchase and we lose the dispute, the credit card processor simply takes the money back from *us*. We're out the money. Nobody else.
We go to great lengths to try and prevent this (AVS, CVV, etc), but you will get one every once in a while no matter what you do.
So fraud rates are built into retail *pricing*. When we get a new product, we have a formula to decide our selling price. It's based on our business costs. Fraud is one of those costs - we know how much we incur per year, so we build it into the profit margin. Every business does this in one way or another.
If fraud goes up, so do our prices. Therefore, it goes full-circle back to the consumer.
Brian Roach
Re:Pickpocketing at the same old level (Score:3, Informative)
Credit card fraud ruins your credit rating. This happened to the parents of a friend of mine. With a crappy credit rating, his parents were unable to get favorable terms for his school loans, and so he ended up taking out a lot of 9% or higher interest rate loans for his college education.
Also, when you report your credit card stolen, there is a period where you don't have a credit card at all because they cut you off for a while. So you had better have some cash on hand or another credit card to cover this situation. This is exactly why I have two credit cards rather than one.
And no, my friend never got a cent from the credit card companies to compensate for his ruined credit rating, or for the other inconveniences he went through. There's no law requiring it.
Re:Why are we upgrading again? (Score:3, Informative)
This was covered recently at snopes.com (http://www.snopes.com/business/bank/pinalert.asp