Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
The Almighty Buck Security

Chase Deploying "Touchless" Credit Cards 373

Rick Zeman writes "As reported by Money Magazine, J.P. Morgan Chase, the US' 2nd largest bank, is rolling out 'contactless' credit cards, presumably using RFID technology. 'The new payment method doesn't require a customer signature, making it more convenient and time-saving for consumers' which leads me to wonder if the next crime wave of the future will be criminals walking through crowds with readers to grab customer info. Chase says, however, that 'new cards are embedded with encryption software to prevent duplication and data theft' but since RFID has been cracked before, and the criminals are usually more clever than the vendors...."
This discussion has been archived. No new comments can be posted.

Chase Deploying "Touchless" Credit Cards

Comments Filter:
  • why not (Score:5, Insightful)

    by Festering Leper ( 456849 ) on Thursday May 19, 2005 @09:14PM (#12584941) Homepage
    store it in a shielded sleeve until you use it?
    • Re:why not (Score:2, Insightful)

      So we are going to take out our "Touchless" credit card when we want to use it? Seems familiar... oh wait, thats what I do now...
    • Re:why not (Score:5, Funny)

      by Mr. Bad Example ( 31092 ) on Thursday May 19, 2005 @09:30PM (#12585076) Homepage
      I prefer to store it in a shielded sleeve before I use it.'re talking about your credit cards. Sorry. Carry on.
    • Re:why not (Score:3, Interesting)

      by DrXym ( 126579 )
      So you're saying the thief need merely loiter near the victim at checkout when they remove their card to wave it past the reader? I'm sure standing behind them would be close enough.

      That assumes people are going to use a shielded sleeve. Precious few won't. And a thief could simply plant themselves somewhere busy like a food court and steal any id that goes past.

      Of course any such system would require some other form of protection. The site says encryption, e.g. the card's credentionals are encrypted w

  • Few Details (Score:5, Informative)

    by AKAImBatman ( 238306 ) * <akaimbatman&gmail,com> on Thursday May 19, 2005 @09:14PM (#12584944) Homepage Journal
    The article doesn't give too many details, but my guess is that this is nothing more than a SmartCard [], similar to the American Express "Blue" card. SmartCards have had contactless technology for nearly a decade that utilize induction technology to communicate back and forth. The reader on the terminal is then able to talk to the microprocessor on the card, usually sending information that is then verified using encryption technology. (Think: public key encryption.) As a result, it's not possible to just run around and collect the info from cards, because they'll never give out secure information. They only give back cryptographically secure results. (At least, that's how it's supposed to work.)

    Note that existing contactless technology is sufficient for this credit card, with a maximum range of up to 10cm. Such technology is supposedly already in use in Europe. (Europeans care to share your experiences?)

    That's my guess anyway. I'm sure someone else can add a few details or make corrections.
    • Re:Few Details (Score:3, Interesting)

      by Goeland86 ( 741690 )
      Wouldn't this technology also be safer for the RealID cards rather than RFID? It's still contactless, though not readable from 40 feet like some RFID tags. I hope that's what the FBI and NSA had in mind, instead of RFID, 'cuz otherwise I'll sue them both for knowingly facilitating identity theft. I wouldn't mind the government being able to read cards without contact, as it imposes less wear on the readers AND the cards, thus saving US money. As for Europe, I was there last month, and the reader wouldn't ta
    • This is using contactless smart cards. This is distinct from RFID and has more security features. It is a partial implementation of EMV, which has been used for years in Europe. If you are paranoid, put a few strips of tin foil in your wallet.
    • Re:Few Details (Score:5, Informative)

      by hawado ( 762018 ) on Thursday May 19, 2005 @09:50PM (#12585212) Homepage
      I worked for a company [], here in Japan where thre use of these type of contactless smart cards is wide spread, which used this technology for fare collection. The bigest problem I had and still have with the system here is that you load up your card with virtual money. So in essence you pay before you play.
      We used these cards to sign in and out of work as well as to pay for lunch at the cafeteria.
      A number of phone manufacturers here are also putting this technology into their phones so you can swipe your phone to pay for things at stores. The main supplier of the actual chip is sony, under the namefelica [].
      Now here, it is impossible to use your bank card to pay for anything. The service is just not avaliable as it is in North america or Europe.
      As to the security of the smart cards, the only information on the card is your personal account number and how much money you have on the card. At the end of the day, on mobile fare collection systems anyways, the data is transfered at the depot to a server which updates the main account information. As to store systems, the data is retrieved immediately from the server and updated.
      If your card is stolen or lost, it is like loosing cash at least until you call the card issuer and they freeze the account.
      I am not sure about how this may affect the magnetic strip on most credit cards, but a magnetic field generates the electrical power required by the chip on card to 'transmit' the data to the reader.
    • transaction approval (Score:3, Interesting)

      by j1m+5n0w ( 749199 )
      How does the card know that it's owner approves of a particular transaction? From the card's perspective, there's not much difference from running it past a walmart scanner and getting pickpocketted by a card reader with a high gain antenna from a hundred feet away. With a magnetic strip card (horribly insecure, but in different ways), running the card through a reader implies the user's consent, but if that's no longer required, there needs to be some other way to validate the owner's intent to conduct a
      • How does the card know that it's owner approves of a particular transaction?

        Presumably, the actual transaction still has to be sent to the server. The card identifies itself and/or cryptographically approves the transaction, then the results are sent to the CC server via a merchant account. Using your merchant account fraudulantly would not only get your account revoked, but would most likely result in legal charges from the CC company.
      • Because your current credit card stores very little information on it and knows nothing about how much you have. That's all verified centrally at the CC company. So whenever you run your card, the place you run it just sends the card info and the price back to the CC company along with merchant IDs and various other bits of info.
    • Re:Few Details (Score:3, Informative)

      Note that existing contactless technology is sufficient for this credit card, with a maximum range of up to 10cm. Such technology is supposedly already in use in Europe. (Europeans care to share your experiences?)

      I don't know about credit cards, but my Travel card [] for commuting uses some kind of induction tech.

      It's in use in the Helsinki region, with at least half a million of users (probably more). Given that the card is 70 euros a month I would guess cracking whatever encryption it uses is quite hard,
  • Can't be all bad (Score:2, Interesting)

    by FlyByPC ( 841016 )
    I'm sure there will be RFID security issues, but the trend does remind me of a commercial I saw a few years back. I forget the company (real effective, then, huh?), but the gist was that this Gen-Xer walks into a supermarket, starts stuffing TV dinners in his trenchcoat, then walks out. The security guard stops him, but just hands him a receipt.

    I kinda like the idea. Grovery shopping without having to deal with all that pesky human interaction. Qool.
  • Choices... (Score:2, Insightful)

    by cd_serek ( 681446 )
    Having to waste 5 seconds looking through my wallet for my Credit Card, and having to manually swipe it...


    Having my Credit Card details stolen and sold.

    I think the choice is easy.
    • Re:Choices... (Score:5, Informative)

      by AKAImBatman ( 238306 ) * <akaimbatman&gmail,com> on Thursday May 19, 2005 @09:29PM (#12585070) Homepage Journal
      How about option 3?

      3. Being able to wave your credit card while simultaneously keeping your CC data more secure than ever.

      Don't mind the story submitter, (s)he's just making wild claims. This is probably contactless smartcard technology, which is far more secure than RFID. How secure you ask? Well, the card is only supposed to return crytographically secure results. i.e. You submit information to the card, it returns signed results. No data that could be usefully stolen is transferred. At least, that's the theory, but at least it's had a few decades to mature. :-)
    • Re:Choices... (Score:4, Insightful)

      by raehl ( 609729 ) <raehl311@yahoo. c o m> on Thursday May 19, 2005 @09:46PM (#12585192) Homepage
      Having to waste 10 minutes walking to the store...


      Getting sideswiped by a semi on the way to the door and getting killed.

      Your comparison is a bad one. You need to add up all those 5 seconds you save and compare them to the time you'd spend fixing it if your information got stolen times the odds your information gets stolen.

      Let's also keep in mind how easy it is to steal your credit card information as it is. The number is written RIGHT ON your card. Every cashier you ever give your credit card to has access to that number.

      And when that cashier runs the card, what happens? It dials up to the central server and sends your personal information over the phone line. If you're confident with encrytpion to someplace perhaps thousands of miles away, why are you not comfortable with encryption to something 10 inches away?

      The fact of the matter is, getting bent out of shape about contactless transmission is silly. Either the encryption method used is good, or it ain't. You don't need to worry about physical layer compramisesif your transaction layer protection is good.

      Also, there are other savings here than just your time: Contactless transactions are chepaer to process than signed paper credit card transactions. Merchants can save a lot of money not having to pay cashiers to sit there and watch you sign the receipt, and credit card companies can save money not having to archive those pieces of paper.

      Economic efficiency is good for everyone.
  • Watch out! (Score:3, Funny)

    by E IS mC(Square) ( 721736 ) on Thursday May 19, 2005 @09:15PM (#12584956) Journal
    Your fingers or eyes (what whatever part of your body they are going to use for authorization eventually) are in danger!!
  • ...a brand new set of legal case templates will be opened up to the money-grubbing lawyers. And, there will be more lawyers!!! YAY!!!

  • Europe (Score:5, Interesting)

    by Nexum ( 516661 ) on Thursday May 19, 2005 @09:17PM (#12584971)
    The new payment method doesn't require a customer signature, making it more convenient and time-saving for consumers

    In Europe we have the chip & pin way of using credit and debit cards at Point of Sale. No signature required, but there's not really a time saving involved. When it comes to RFID credit cards though... well, the US can keep them IMO - there's no way i'd be willing to carry one of these, no matter how confident or assuring the bank tried to be.
    • Re:Europe (Score:5, Interesting)

      by JimBobJoe ( 2758 ) <> on Thursday May 19, 2005 @10:26PM (#12585412)
      In Europe we have the chip & pin way of using credit and debit cards at Point of Sale.

      Chip and Pin is destined to stay outside of the US, which is why US credit card companies are always trying to do something new that is entirely unnecessary.

      Mastercard and Visa are competing with people using their debit cardson the debit system and not running the transaction over the MC/Visa system. When you use your debit card on the debit system, you have the card swiped, and then you enter in your pin number...and MC/Visa doesn't get its valuable merchant's fee.

      In order to maintain their fees, MC/Visa has to make sure that people swipe and sign the receipts, avoiding the pin code alltogether. The introduction of a pin based MC/Visa transaction in the US would confuse people toward using their debit cards off of the MC/Visa system.

      There are those who find the signing the receipt thing a pain, and entering the pin easier. So MC/Visa will continue trying to elminate the signature and get people to feel as comfortable as possible in as easy a transaction as possible. Merchants, who don't have to pay the merchant fee if you pay via debit, would prefer you to run the transaction on that system (though I believe they can't request that you do it via debit as part of their MC/Visa agreements) I can only presume that merchants who agree to install these new credit card readers (as featured in the article) are getting some very special deal on all their MC/Visa transactions.

      I hope this goes some way to explain why credit card companies are so keen to reinvent the wheel.
      • Re:Europe (Score:3, Interesting)

        by Tony Hoyle ( 11698 )
        Chip&Pin is just a way of transferring legal responsibility onto the consumer - if someone steals your pin you are liable even if your card was stolen, because they assume you must have told them the pin.

        If it was about 'security' they'd still require a signature+pin (+photo ID would be nice). As it is, all a theif has to do is to say 'I don't know my pin' or (my favourite) 'Don't bother.. this card doesn't work with pins' and they'll immediately put it through as a signature only transaction and *sti
      • Re:Europe (Score:3, Informative)

        by wcdw ( 179126 )
        Chip and Pin is destined to stay outside of the US, which is why US credit card companies are always trying to do something new that is entirely unnecessary.

        Actually, pin # verification for Visa / MC is *already* in the US. They're called Verified by Visa and Mastercard Secure, respectively, and any cardholder is free to attach a pin # to their card.

        They're a huge benefit to merchants, as verified transactions are subject to far fewer chargeback reasons.
  • Well why phish in the comfort of your stinky computer room with thousands of emails when you can fish from your laptop while drinking a latte'.
    I certainly hope that someone will figure out how to crack this and then takke the high road and show the consumers all of thier credit card info so they can cut the damn things up.
    Also, is there any feasibility to just sending the reply that rfid would be responsible for from your laptop and ignoring the tag altogether. I am sure I havce done worse things.

  • To be fair (Score:5, Interesting)

    by hoka ( 880785 ) on Thursday May 19, 2005 @09:19PM (#12584978)
    You need to be at a relatively close range to RFID to get a "solid" reading. Sadly a lot of people are under the assumption that you can basically just pull out a huge giganto RFID reading cannon and know what an entire house worths of data is. It isn't true, and RFID is frankly not really that robust of a technology yet. It would not surprise me in the least if a lot of these cards end up failing due to extremities that cause deformities in the RFID, rendering it completely useless. Me personally? I'm sticking to my card that I have to slide, not that it is necessarily any safer.
    • by gkuz ( 706134 )
      lot of these cards end up failing due to extremities that cause deformities in the RFID, rendering it completely useless

      What are you talking about? Extremities that cause deformities? Is this when your ass is so fat it deforms the credit card in your wallet?

    • Why not install a switch between the chip and the antenna? Then you need to close the switch for the reader to access the chip contents - think "press to swipe".

      While the switch would be a point of failure for the card, it seems to worse than using the magnetic strip in readers with dirty heads (i.e. most or all of them.)
  • Let's just say *I* won't be an early adopter! o_O
  • Chase says, however, that 'new cards are embedded with encryption software to prevent duplication and data theft'

    Gentlemen, start your armchairs!

    but since RFID has been cracked before, and the criminals are usually more clever than the vendors...."

    ...and we have Ignition!

    Seriously, until we know the specifics, much of what anyone says in this story will be silly posturing and armchair engineering. It's also pretty hilarious to see a slashdot reader questioning the qualifications of a bank's se

  • As far as I can tell, it seems like credit card companies currently don't care too much about who is using the card. My signature is checked against my card maybe 10% of the time I'm making a transaction. It's probably much easier for them to run through their database with a "fraudulent buying pattern" detection algorithm then crack down on the way the card is physically used, be it by signature or embedded RFID.

    The fact that credit cards are often used online further nullifies the point of efforts for

  • The solution is simple, make the card reader tied to a certain account at the credit card company, to which cards may debit only. Then you'll always know where the money ends up, and the security problem becomes one of bank security. Unless criminals have some reason to want to debit from someone else's card into someone else's account.
  • Sounds like a new way to get ripped-off. Is the sack under the mattress such a bad idea?
  • it might not be rfid (Score:5, Interesting)

    by Naikrovek ( 667 ) <jjohnson.psg@com> on Thursday May 19, 2005 @09:37PM (#12585126)
    I've worked on wireless smart cards, that act similarly to rfid cards, but have very good encryption, even public/private key encryption. smart cards have their own computers on them, so you can have a challenge/response, or just about any kind of encryption you can think of.

    those are just as hard to crack as PGP emails. Not at all easy.
  • If you are familiar with Easypass you know how this will revolutionize things. According to one bill, our car passed a Parkway toll near the Atlantic City Expressway and entered the Lincoln Tunnel ten minutes later.
  • Outside of the US merchants are manadated by Visa and Mastercard to move to a high encryption RF standard. Dispite what the credit cards would have you beleive, the US has extremely low credit card fraud. Because fraud provention work well no one is in a hurry to move in this direction.

    In Europe organized crime is a big deal. In particular in the east. So much that the credit card companies have mandated EVERY merchant switch credit card terminals. If they don't switch terminals, they won't cover cert
  • Because you've heard about all the Mobil card information that's been stolen, right? Oh. You haven't? Right. Because there hasn't been any.

    You have to touch the speedpass reader for it to work, that's the keypad one without a battery. The window one can be read at about 2' but all you're going to get is a number that Mobil matches up with an account. Nothing sensitive.
  • I'm sorry (Score:5, Interesting)

    by mcc ( 14761 ) <> on Thursday May 19, 2005 @09:40PM (#12585147) Homepage
    I don't care how encrypted or advanced or "secure" it is, I don't want my credit card doing anything unless I've taken it out of my wallet.

    And I would sooner change my bank to get a normal credit card than I would buy a wallet with a faraday cage built in.
  • Would it be that difficult to simple wire in a loop to a contact button, such that the induction circuit is open unless you press the button, and thus the induction field itself is not enough to read the card?
  • by G4from128k ( 686170 ) on Thursday May 19, 2005 @09:45PM (#12585181)
    HK has been using a contactless cash card [] since 1997 called Octopus [] It's proprietary RFID system (built before the standard appeared), that seems to work quite well for public transport and retail.
  • Why the paranoia? (Score:3, Interesting)

    by Joe Random ( 777564 ) on Thursday May 19, 2005 @09:45PM (#12585182)
    I just don't see why everyone is so afraid of RFID credit cards. Simply have the private key portion of a key pair stored in the card itself, with the public key in an easily-accessible database. When you make a purchase, the merchant sends a random challenge to the card, which then encrypts it with the private key and sends it back. The merchant verifies against the public key, and, if it matches, the transaction is approved. With a smart card, the only way to use my card is to have the physical card, in which case we're back to be exactly as secure as the current system.

    I would think that /. geeks would be all over this. I mean, it's not perfect, but it would be a hell of a lot more secure than the current system. Right now, if I take my credit card to a restaurant, the waiter need only make a spare imprint of the card (and write down the verification number on the back). Later, he can pull out a phone book to get my address, and then he has all of the information he needs to use my card fraudulently.

    I say "bring on the RFID credit cards". Simpler to use, and more secure than what's currently in my wallet.
  • Some retailers (Gas station employees mostly) will double swipe your card to charge you twice or swipe it through a personal magnetic reader which grabs and stores all info on your card which they use later to repro your magnetic strip. With RFID, an fradulent retalier would simply need you to walk through the door and have a concealed reader sitting within close proximity. You won't even know you've been charged until you get your bill at the end of the month. And to add to this, if they charged you 10 cen
  • Unless you're also eliminating the ID check, this isn't going to save any time. Plus, I don't see the benefit of not having to swipe outweighing the problems with something that compromises security this much.

    Further, this will make it a nightmare for law enforcement. Most credit card rings go through a retail location (i.e., a waiter jacks everyone's info, and someone else does the fraud). However, if you could just steal credit card info from people who you just brush up against, there'd be very little f
  • by Comatose51 ( 687974 ) on Thursday May 19, 2005 @09:52PM (#12585226) Homepage
    I was just thinking about this. I doubt banks will make it THAT easy for people to steal identity. Remember, it's money here we're dealing with and if it becomes too easy to steal the banks will lose money as well and customers' good will and trust, which you want in the finance industry.

    In any case, I can imagine it working like this:
    1. Terminal sends some string of random bytes, p.
    2. Card processes it using some one way function f(p,q) and returns the value s where q is some secret info.
    3. Terminal takes the results and sends p and s to the bank to verify. Bank runs f(p, q) and see if it matches s. If so, return true.

    That's just a simple scheme I hatched up where you don't have to reveal your secret info to verify yourself. I'm sure there are much better ways.
  • by lawpoop ( 604919 ) on Thursday May 19, 2005 @09:59PM (#12585268) Homepage Journal
    Nowadays, a pickpocket bumps into you to distract you from the hand going into your pocket.

    In the near future, all that a pick pocket has to do is bump into you and he's got your entire wallet.

    I dub this "Phishpocketing".

  • by Hido ( 655301 ) on Thursday May 19, 2005 @10:01PM (#12585281) Journal
    In Japan we have been using contactless technology for our daily needs for a while now. Good examples of the technology are Felica [] Suica [] and Edy [].

    As much as the /. crowd has been all skeptical about this technology, over here I've not heard of anything happening that could make headlines for this and I personally have been using them for my daily commute needs and have never had any sort of problems with them.

    Now its understandable that people are getting all finicky about something like this, but I say first try it out before you make a comments on about it. Its a lot better then walking around with a wad of cash and it sure as hell beats having to stand in line trying to by a ticket for anything from airlines to trains.
  • by Chibi ( 232518 ) on Thursday May 19, 2005 @10:03PM (#12585290) Journal

    I personally have 3 credit cards and 1 banking card. I'm curious what will happen if/when multiple companies pick up on this technology? If I wave my wallet near some type of scanner, which card will be selected?

    • Obvious solution: whichever one you pick when it says "which card would you like to use?"
    • If I wave my wallet near some type of scanner, which card will be selected?

      I have two different contactless readers on my desk, and a few dozen cards of different types, so I think I can answer this.

      Which one will be selected? None. In my experiments, the reader is unable to communicate with any card if there are multiple cards in range. The technology doesn't have any anti-collision technology, and no way of addressing a specific card, so when multiple cards are powered by the field, they step al

  • A Question (Score:3, Interesting)

    by citizenc ( 60589 ) <> on Thursday May 19, 2005 @10:09PM (#12585318) Journal
    Why would this not require a customer signature? Why not eliminate the need for the signature for any type of credit-card transaction?
  • It'd be childish to blindly assume criminals were cleverer than vendors. They're not. Instead, they: - have more efficient "cost structure" and thus more manpower, and - are bound to less limitations (practically none, to be exakt - other than the law of physics, that is, if you must count that).
  • Don't assume RFID (Score:2, Interesting)

    by Anonymous Coward
    In Japan they have already rolled out Felica for train tickets, coke machines and some convenience store purchases. The cards are pre-paid and you can recharge them at any JR (Japan Rail) train station. Here is the info on the technology. html []
  • by rufusdufus ( 450462 ) on Thursday May 19, 2005 @10:40PM (#12585466)
    If you can't see why contactless credit cards are a terrible idea, then congratulations, you don't have a criminal mind!
    Does all that talk about encryption make you feel warm and fuzzy? Don't let it. Encryption gives ZERO protection in this case, doesn't even need to be cracked. The criminal doesn't need to understand the information he is stealing, he just needs to route it to a card reader that does.
    The difference here is that a person who keeps control of their swipeable credit card has the assurance that only businesses they trust has access to the card.
    The odds that a traceable employee (with a job!) steals the card while in the backroom is much smaller than an anonymous person in the crowd at the mall.
    • by Anonymous Coward
      no matter how clever the card/reader transaction was, heres a scenario that would always work:

      hacker #1 finds a mark he can get close enough to to read the card, maybe he's on the subway or something. Then radios his accomplish hacker #2 who is about to buy something from the store. Instead of having a card in his wallet, he has a radio repeater from a hacker #1's reader that takes the information from the card and plays it to the store's card reader. Even if the card reader "challenged" the card with s
    • by asuffield ( 111848 ) <> on Friday May 20, 2005 @02:22AM (#12586413)
      If you don't see why encryption can solve this problem, then you don't have a technical mind.

      The information supplied by the card is of ZERO value to any criminal. Copying the data sent over the air is completely useless. No secret is ever revealed. Everything transmitted is considered 'public' information, in the sense that it doesn't matter who sees it.

      The message from the card in particular is useless, and doesn't even need to be encrypted. It can say "Alice has made a purchase of two pairs of woollen socks from the shop on the corner for £2.67. This is her third purchase on 20/05/2005", and the credit company can maintain a replay database to make sure that she only makes one third purchase on a given day.

      Replaying that message to another device accomplishes nothing. It's not a purchase at this device, for this object or amount of money, or which will actually be accepted by the credit company.

      We aren't really talking about 'contactless credit cards' here. We're talking about contactless smart cards, which are a well-developed technology. They are nothing like RFID.

      Now, there's still plenty of room for the credit companies to screw up security on these cards, particularly since they don't actually care how secure they are. But genre attacks like you describe are not an issue.
  • "We believe these innovative cards with blink will provide merchants and cardmembers with the increased speed and convenience they want at the point-of-sale," said Carter Franke, chief marketing officer of the company's credit card division, in a statement.

    I didn't think that signing a charge receipt took that long, but maybe I'm wrong.

    From the CNN article referenced []:
    But MasterCard said the feedback for its system was more positive. The company has been testing its cards in Orlando and Dallas and plans
  • THIS IS NOT RFID (Score:5, Informative)

    by RzUpAnmsCwrds ( 262647 ) on Thursday May 19, 2005 @11:11PM (#12585633)
    Umm, Slashdot has made this mistake before and it will make it again, so let me say this:


    RFID is a term used to describe a number of standards.

    Chase is deploying "contactless smartcards" (ISO 14443). Contactless smartcards, like regular smartcards, use public-key encrpytion technology. Being able to activate / read the card does zero good, because the secret is stored in the card and never revealed.

    ISO 14443 is also far more secure than magstripe cards, which have no encryption whatsoever.
  • No need to make it card shaped if it doesn't have to be inserted into anything.

    OMG, my old Swatch Access site [] (now hosted by someone else) is the 5th hit on a Google search for "Swatch Access".

  • by NotQuiteReal ( 608241 ) on Thursday May 19, 2005 @11:38PM (#12585755) Journal
    As long as it is legal tender, I pay cold, hard cash for lots of stuff.

    I dress like a slob, so I am not a mugging target, and I don't spend what I don't have, so I don't have any credit card debt.

    When the clerk asks for personal info, even if it is just "Can I have your zip code, sir?", I say "No".

    Sure, I could get a couple of percent on "the float", but just not hassling with big bills is worth it. Paying for a meal you excreted a month ago sucks.

    Pay as you go. Be happy.

"If the code and the comments disagree, then both are probably wrong." -- Norm Schryer