Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:someone explain for the ignorant (Score 1) 448

by Andy Dodd (#49090531) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Many of VeriFone's units now implement contactless EMV with a reader that is below the screen... So you tap your payment device to the screen itself, and it is also frequently NOT obvious that the unit is contactless-capable. When Wegmans first deployed them I was really disappointed they eliminated contactless, until I noticed the contactless payment logo appear briefly at the end of the checkout process.

I've seen these VeriFone units at:
Wegmans
Firehouse Subs
Target (contactless is currently disabled though due to the CurrentC mess)
Hershey's Chocolate World (these units were lower-end/smaller than the three above, but still had contactless-under-the-screen support)

Unfortunately, it seems like VeriFone gives retailers a LOT of flexibility as to the UI/UX of these new readers, and every single one of them has an utterly shitty workflow for contactless.
For example, Wegmans allows you to scan a barcode for their loyalty card or swipe the card via magstripe. If you swipe via magstripe, it will prompt you for desired payment method. If you scan the barcode, there's a beep and no other indication that anything happened. The contactless reader is not activated until you select "Credit" after a Shopper's Club magstripe swipe... So you can't use contactless payment without mag-swiping your loyalty card!

Comment: Re:someone explain for the ignorant (Score 2) 448

by Andy Dodd (#49090471) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

"EMV is going to render a lot of crappy, insecure technologies obsolete (things like Coin, LoopPay, NFC, and many of the smartphone based "wallet" apps.)"
WAT? Yes, LoopPay and maybe Coin will be rendered obsolete, since I know LoopPay is magstripe based and hence it's going obsolete in October.

But for the rest, "EMV is going to render itself obsolete" - makes NO sense whatsoever. Apple Pay, Google Wallet, and all other known NFC payment methods ARE EMV!!!! In fact many of them are more secure than the "plastic card" based EMV since both Apple Pay and Google Wallet use time-limited/geographically-limited or one-time-use transaction tokens, wherease "plastic card" EMV can fundamentally not be limited in time to anything other than the expiration date and can't be geographically limited.

In the case of Wallet, IIRC the method used since Google Wallet moved to HCE with KitKat is to generate a time/geography limited credential when you unlock Wallet with your PIN (which is why HCE-based Wallet needs a network connection for unlock, while the previous SE-based Wallet did not).

Comment: Re:Apple Pay = One time card numbers (Score 1) 448

by Andy Dodd (#49090403) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Yup, and even the units that can't do that (since they're a standalone chip in the card) have, at a minimum, a monotonically increasing transaction counter that is incremented every time the chip is read.

Skips in the counter are allowed (failed reads, accidental reads, etc.), but any "out of order" transactions will trigger an instant fraud alert.

For example:
Your card is at transaction counter 1000
A thief reads your card. He gets 1000, your card increases to 1001
Thief chooses a transaction counter of 1005 and makes a purchase
You try to use the card, payment processor sees transaction counter drop from 1005 to 1001 - instant fraud alert trigger

Most importantly here is that you can easily prove it was fraud and will not be liable for the charges. You can't prove this with magstripes, which is why credit card companies are shifting fraud liability for magstripe transactions from them to the retailer (who is likely to pass the pain on to you) in October.

Comment: Re:someone explain for the ignorant (Score 1) 448

by Andy Dodd (#49090319) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Actually, EMV can be either. There are standards for both. Both methods meed the credit card company requirements for avoiding the fraud liability shift in October.

IIRC, it's ISO 7816 for contact-based EMV, and 14443 for contactless

Also, I'm surprised that ArmoredDragon hasn't seen vendors with an ISO7816 reader, considering that most of the retailers involved in MCX have installed those and not contactless readers as a way of starting to prep for the liability shift without encouraging contactless-based payment systems (Google Wallet, Apple Pay) that compete with CurrentC.

For example, every Walmart I've been to in the past 3-4+ months has had ISO7816 readers, and in fact refused stripe-swipes from my father's card that supported 7816 back in September. (but the 7816 reader was broken, so he had to use a different card... nice one Walmart...) I believe Target's card readers also do 7816. They've also got 14443 capability built in (it's under the screen on that model of VeriFone terminal) but it's not enabled due to MCX/CurrentC.

Comment: Re: The new power supplies may be sensitve to EMP (Score 1) 192

by Andy Dodd (#49017665) Attached to: Xenon Flashes Can Make New Raspberry Pi 2 Freeze and Reboot

IIRC the GSM frame repetition rate was around 400-440 Hz.

Many electronics will, when exposed to RF like this, behave exactly like the legacy "crystal" radios did - these were nothing more than a basic envelope detector (diode + low pass filter) combined with a tuned resonator.

Hit a crystal radio with a lot of local RF (1/R^2 remember?) and it'll receive a "station" it's not tuned to.

Comment: Re:Don't trust any of them ... (Score 1) 82

by Andy Dodd (#48972163) Attached to: Samsung Set To Launch Mobile Payment System With Galaxy S6 At MWC

Even if Apple has the card number - credit cards have built-in fraud protection.

I trust Google with my credit card info, and in the event that they screw up (as of yet, they're one of the few people who HASN'T screwed up at this point with a major breach a la Target and TJ Maxx), the card still has fraud protection.

Wanna bet Samsung's crap is ACH-backed like CurrentC? If it is - STAY THE HELL AWAY.

Comment: Goodbye Samsung (Score 4, Insightful) 82

by Andy Dodd (#48972141) Attached to: Samsung Set To Launch Mobile Payment System With Galaxy S6 At MWC

"Samsung can't afford to give away its position in the smartphone market, and a payments system tailored to customers is a key factor."

Samsung has been losing marketshare because customers HATE being assaulted with Samsung's crappy substandard "me-too" crapware.

This is just more of the same. They just don't get it.

Comment: Perhaps the metrics are screwed up... (Score 4, Insightful) 196

by Andy Dodd (#48960097) Attached to: Music Doesn't Feature In the Pirate Bay's Top 100 Biggest Torrents

"With 1828 ‘seeders’ and just 76 ‘leechers’, True is a fair distance behind the 100th most popular torrent overall: PC game Far Cry 4, which has 1604 ‘seeders’ plus 1260 ‘leechers’."

Keep in mind that:
1) Once a "leecher" finishes downloading, they become a "seeder"
2) Nearly all clients will stop being a "seeder" once a predetermined share ratio is reached

Considering a typical music album is FAR smaller than a game (probably 100-200MB at most, depending on bitrate for encoding, vs. multiple gigabytes for a game - FC4 is over 10GB I'd guess, I can't view TPB to check from my current location), "leechers" become "seeders" far faster, and "seeders" disconnect from the torrent due to hitting the share ratio cap of the client (kTorrent defaults to 1.30 for example) far faster.

Comment: Re: Yay for "zero tolerance" (Score 1) 591

by Andy Dodd (#48960027) Attached to: Texas Boy Suspended For "Threatening" Classmate With the One Ring

If you read the article, the kid already has a suspension on file for daring to bring http://www.amazon.com/The-Book... to school.

Apparently because it had an illustration of a pregnant lady (I'm assuming, since it's a children's book, an appropriately clothed one...)

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...