It probably doesn't. This Secure Element+rotating CVV thing is the same as what Google Wallet uses/used, and it's just not the same technology as EMV. Similar concept from what I understand but not actually the same. EMV requires merchants to upgrade their backend infrastructure because they fundamentally aren't just passing around credit card numbers anymore, whereas this is designed to let merchants skip all that and pretend they're still charging regular credit card numbers, with the last three digits changing per transaction. One question in my mind is what happens after you made 1000 transactions: presumably the CVVs start being reused? Or perhaps if they're semi-random they start colliding before that.

At any rate, the big question is whether VISA/MC/the banks will interpret this half-assed non-EMV thing as being as secure as regular EMV. I don't see how it can be, myself, but I've never looked at this in depth. The 2015 date refers to the liability shift. It doesn't imply an actual flag day or widespread deployment of EMV. The idea is after that date whoever has the weaker technology pays for fraud. If the bank hasn't deployed EMV and the merchant has, the bank pays. Otherwise it's vice versa. But I'm not sure how that works here - banks aren't issuing iPhones to people, so when does the merchant win? If the user doesn't have an iPhone? Seems tricky.

Anyway don't expect this to work outside the USA. Not only is the tech different but it's also fundamentally useless. Contactless EMV cards are being rolled out around the world now and they're convenient because you don't have to type in the PIN for small amounts, whilst still being secure. For larger amounts, the PIN is still required. But the cards don't require batteries, can be dropped on the ground, slide inside a wallet, can't be hacked, make payments in just a second or two etc. So it's not clear why you'd want to use a phone instead of a card for this.

These things rarely if ever go to court. Sometimes there's simply no relevance because the regulators have the power to fine companies without winning a court case, and sometimes (like with NY DFS) the laws involved have such insanely high criminal penalties attached - like 20 year jail sentences - you'd have to be crazy to roll the dice instead of just paying up.

This stuff goes both ways. New York State has become notorious for trumping up charges against financial companies and draining mind-boggling sums of money directly into their own accounts. Governments are waking up to the fact that they've passed so many vague laws that basically any company can be "investigated" for breaching them, and given those governments are all heavily in debt and trying to cut back spending the temptation to go whack some foreign company and extract money from it is overwhelming. Compared to taxing their own citizens this seems like free money, plus they get to tell themselves and others that they're fighting the good fight against the evil corporations.

When you dig into the details, that's when this story unravels. But most people never do.

wouldn't implementing such kill switches on weapons be as ineffective as DRM for copyrighted material, with undesirable side-effects for "legitimate uses" and plenty of workarounds for "illegitimate" users?

No.

Such techniques have been used to dramatic effect in vehicle immobilisers, with sharp falls in auto theft directly traceable to their deployment. Having the key fob do a handshake with the engine control computer has - when properly implemented - basically killed most auto theft with what remains being hotwiring very old cars, deliberately searching for cars that have messed up immobiliser implemenations, or just grabbing the driver and forcing them to give up the keys.

Do you know what the vulns are? Tomcat has a list of vulnerabilities on their website but they're all DoS attacks or information disclosure. It's pretty hard to write a Java app that can actually be completely taken over via the network, although I've seen one or two spectacularly dumb web server designs that allowed it anyway (e.g. url parameter names were treated as arbitrary paths through the entire apps object heirarchy using reflection, letting anyone modify any global variable by just doing a GET - no language can save you from this kind of idiocy).

Regardless of political preferences... I simply can't imagine in what form those threats could have been made. Phone call? Letter? Email? How can anyone be so [IMHO, unrealistically] stupid to mention using nuclear weapons knowing that every word in today's communications is being recorded and would be published by the opposite side?

It was made during a verbal question and answer session some days ago. You can read a transcript of the full thing, without western media's blatantly selective quoting and bias, right here. Do go read it for yourself. The press has been having a field day with taking individual sentences out of context, in many cases not even mentioning that Putin was responding to questions from Russian citizens, to make it look like he's issuing press releases about Ukraine specifically. It's the most amazingly dangerous set of selective quotations I've ever seen. In this case Putin wasn't even talking about Ukraine!

I copy/pasted the full question and answer in a post below. But you can easily find it in that page. It's a long answer to a relatively vague question that asks (amongst other things) about how Russia can avoid being drawn into large scale conflicts. So right at the start he says he doesn't want to be drawn into any large conflicts, he doesn't think it's going to happen and that he thinks nobody has any intention of starting a large scale conflict (er, he might want to re-evaluate that given the noise coming out of NATO). Then he goes on to point out that Russia can defend itself, and talks about the "nuclear deterrent" (same language as the UK uses), and then states again that it's for defence.

You can choose not to believe him if you like. But the USA and UK also have "nuclear deterrents" and their so-called Departments of Defence routinely engage in offence at the drop of a hat. We routinely see far more aggressive language coming out of the White House. So I don't think anything Putin is saying here is particularly unique or unusual.

Full transcript of this youth camp Q and A session is available here.

ROMAN SMAGIN: Good afternoon, Mr President.

I am Roman Smagin from Novosibirsk Teacher Training University.

It’s no secret to anyone that history tends to repeat itself. Historical events seem to unfold according to a cyclical theory. Over these last two years we have remembered and celebrated the historic choices that Russia made at important moments for our country’s destiny, such as in 1612, 1812, and 1914.

In this context, I want to ask you what view you take of the cyclical nature of history as we can see it in Russia. Also, I want to ask you about your view of historical memory, how it helps us, how it can help to preserve Russia’s political influence on the international stage, contribute to our society’s development, and not let Russia be drawn into a new open global conflict.

Thank you.

VLADIMIR PUTIN: Historical memory is a very important part of our culture, history and present. Of course, we must draw on our historical experience and historical memory as we look towards the future. I can therefore say straight away that Russia is certainly not about to let itself be drawn into any large-scale conflicts. We do not want this and will not let this happen.

Naturally, we need to be ready to respond to any aggression against Russia. Our partners, no matter what the situation in their countries and the foreign policy ideas they follow, always need to be aware that it is better not to enter into any potential armed conflict against us. Fortunately though, I don’t think anyone has the intention today of trying to start a large-scale conflict against Russia.

Let me remind you that Russia is one of the world’s biggest nuclear powers. These are not just words – this is the reality. What’s more, we are strengthening our nuclear deterrent capability and developing our armed forces. They have become more compact and effective and are becoming more modern in terms of the weapons at their disposal. We are continuing this work to build up our potential and will keep doing so, not in order to threaten anyone, but so as to be able to feel safe, ensure our security and be able to carry out our economic and social development plans.

As far as cycles are concerned, yes, I think that the world’s development does go in cycles. This has pretty much been proven as far as the economy is concerned. There are economists here and they can no doubt explain it better than I can, but there are various cycles in the economy, small waves, large waves and so on, and any country’s development depends on the state of the economy. This is why economic growth and the transition from one technological level to another always have an impact on people’s lives and prosperity and on the social and political situation.

Just look, for example, at the way demand is growing in the European countries, and how hard it is to keep up with this constantly growing demand even at today’s level of technological development. This is a sign that there is a need for something else, that we must compensate somewhere for what we are not managing to achieve with the help of foreign policy and defence policy.

I hope very much that not just Russia’s historical memory but that all of humanity will prompt us to search for peaceful solutions to the various conflicts that are currently unfolding and that will arise in the future. We support political dialogue and the search for compromise.

You mean these satellite images? The ones that have the following quotes attached to them?

At a press conference on Thursday, August 28, Dutch Brig. Gen. Nico Tak, a senior NATO commander, revealed satellite images of what NATO says are Russian combat forces engaged in military operations in or near Ukrainian territory. NATO said this image shows Russian self-propelled artillery units set up in firing positions near Krasnodon, in eastern Ukraine.

This is an extremely misleading way to phrase things. Krasnodon is not just "in eastern Ukraine". It's right on the border. So being near it can also mean in Russia. The above comments from NATO mean nothing, assuming CNN is reporting them accurately. What about the others .... hmm let's see.

Image 2 is from inside Russia and they say so. Image 3 is also in Russia. Image 5 is captioned twice, once with "Russian self propelled artillery unit inside Ukraine" and again, but this time it's again "near Krasnodon", which is practically in Russia. If there's an obviously demarcated border in this area it's hard to see based on the Google satellite images. The last image doesn't even claim to be of anything in particular, the caption is merely summarising story in general.

Both Russian and Ukranian troops appear to regularly cross the border without realising it - there have been repeated reports of Ukrainian forces entering Russia and then being redirected back across the border, with no obvious blowback. Given these things, and the fact that western media is in full-blown propaganda mode and not even hiding it, I'm going to want way stronger evidence than this.

But honestly, even if Russia did invade, this would merely make it on par with the USA and UK, both countries that practically revel in invading other countries and wading into other countries civil wars. So a part of me couldn't get too excited even if it did happen. It's definitely NOT worth a serious, major conflict between Russia and the west.

Yes, but the tanks and artillery the "separatists" keep popping up with are coming from somewhere. At this late stage in the game, they certainly aren't Ukrainian remnants that the separatists have captured in those Ukrainian territories - those were used and destroyed many months ago.

Really? I was reading in the Guardian (which has proven itself to be woefully biased in the past few months) that the separatists were surrounding and capturing Ukranian army units just last week. What's more, in the past days we've been reading about waves of deserters from the Ukrainian army. Nobody is claiming the separatists are armed only with stuff they got months ago. They're claiming, and so is Kiev, that they've been able to obtain large quantities of arms from the fleeing, conscript-based Ukrainian army.

Meanwhile Poroshenko is trying to claim that there's an Russian army rolling around in his country ...... yet so far nobody has been able to actually find it. An entire army! Over 1000 soldiers and 100 tanks! Such a unit requires support vehicles, a tent town, supply lines .... so where is it? Maybe it's sort of like invasion by aid convoy.

NFC payment cards in Australia/Europe cryptographically sign a challenge from the terminal, using basically standard crypto. It's EMV all the way. In-person magstripe payments are carefully controlled and risk analysed to ensure they only occur if, for example, the card is broken - or outright banned.

NFC payments in the USA involve the phone sending regular magstripe data to the terminal, with only the CVC code being some kind of cryptographic derivative - a three digit number (less than 1000). The reason for this crazy setup is so merchants don't have to update their backend/PoS systems that still expect magstripe data. There is no plan to perform a complete upgrade thus old style transactions cannot be phased out. It's a dramatically less secure system.

Your card was declined because they're totally different and incompatible technologies. NFC payment cards from outside the USA aren't the same as "NFC payments" inside the USA (which require mobile phones as far as I can tell).

More importantly, the underlying technology is totally different. VISA Europe is not at all the same as VISA USA. VISA in Europe is a coalition of banks, VISA USA is a private company. America has never rolled out EMV, making its banking industry a ridiculous joke compared to, well, everywhere else. You don't get reports of major European supermarket chains getting their PoS systems hacked and magstripes skimmed like you do in the US, because EMV is a much more secure system.

The NFC payment cards that are rolling out around the world (outside USA) now are basically a variant of EMV/Chip and PIN. The underlying crypto is the same. The card signs a challenge from the terminal. They're upgrading to elliptic curve crypto at the moment actually, not sure if all NFC cards do that or not but it would not surprise me. NFC as tried by Google in America is actually a very minor variant on just sending your magstripe data via radio. I believe the CVC code rotates (three digits of entropy lol) and the tech is based on a Secure Element hard-wired to the NFC radio. But the phone has minimal control over the actual payment transaction, thus doesn't add much value beyond being a big battery, and that's why the tech largely stalled. Also they screwed up the compatibility testing and the terminals were full of bugs that meant transactions just sort of randomly failed.

So don't be fooled. The "NFC payments" that we know outside of North America is totally different to what they call "NFC payments", which is an unfortunate piece of linguistic confusion.

Here's a tip, my Russian friend: if you want to pretend to be a neutral observer on the Ukrainian conflict in an internet forum, then you'd do better to proofread your post again and again until you manage to remove the little telltale signs that your native language is Russian. No informed reader of your post above is going to be convinced you don't have a significant dog in this fight.

You know, maybe some of us should complain to Slashdot about the Obama/Poroshenko-bots that reliably and consistently troll every single story about this conflict? You know, the ones who imply that anyone who even slightly skeptical about the propaganda we're all being fed, must be Russian or a paid Kremlin propagandist?

Suck on this. I'm a native English speaker from the UK, I have never been to Russia, I have been reading Slashdot for about 14-15 years, posting for most of that time too. And the Anonymous Coward tells it like it is. Poroshenko has claimed Ukraine was invaded like ten times already. He claimed he was being "invaded" by a fucking aid convoy, including after Putin's honesty about it's contents had been verified by international journalists and the Red Cross. In fact he asserted he'd shell said convoy, so the Red Cross chickened out, but the crazy Russians just drove right in there and delivered that aid anyway.

So as a native speaker, please heed my call - let's all stop abusing the English language shall we? We know what an invasion looks like. It looks like what the USA did to Iraq. It looks like Russian flags flying above Kiev and Russian tanks rolling down the streets to the parliament building. It does not look like journalists scrabbling around presenting the testimony of a milkmaid in a farcical attempt to find an army, as the Guardian did only a few days ago. Now condemn Putin for militarily supporting the rebels if you like (though the proof of this is wafer thin as well), just be aware that this is something many countries do, including the ones that are currently being most shrill about Ukraine. So such an argument doesn't have much impact, unfortunately, though I wish we lived in a world where it did.

That's a rather one-sided view of what happened. Yes, the Soviet Union did invade Afghanistan as part of pushing its global ideology, much like the USA invaded Vietnam. But the stone age state of Afghanistan at the time of the US invasion in 2001 was a direct result of America supporting religious fanatics in a proxy war, the mujahideen, who after the war ended and the Soviet's were defeated went on to become the Taliban. That's why bin Laden is so famously a former ally of the US.

The USA is not only building an empire but doing so in plain sight of everyone. To quote Putin directly:

Our partners, especially in the United Sates, always clearly formulate their own geopolitical and state interests and follow them with persistence. Then, using the principle “You’re either with us or against us” they draw the whole world in. And those who do not join in get ‘beaten’ until they do.

This principle is most clearly visible in two acts. One is that the sanctions on Iran are built as a "you're with us or against us" model. Any country that is seen by America to be "undermining" the sanctions i.e. not joining in is itself sanctioned. And the second act is again sanctions based: every financial institution in the world is being taken over by Washington via a system of recursive ("viral" if you like) sanctions that require banks to obey the USA even if that would contradict local laws. The goal is to collect tax from American's abroad. It's called FATCA and it's resulted in many, many nations having to repeal their own privacy laws, in order to allow banks to become agents of the US Government. They were given no choice in the matter.

So the USA has found ways of forcing people in countries all over the world to: (a) engage in economic warfare against America's enemies and (b) pay taxes directly to America, all regardless of what the local government wants or how the local people vote.

Being able to conscript people to their fights and force payment of taxes is the very foundation of empire itself.