Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:standards, use them (Score 1) 206

My understanding is that CVS basically disabled contactless period when Apple Pay came out, supposedly because they were part of the MCX consortium developing CurrenC. I hear sporadic reports that it occasionally works, then breaks a few days later. Apple Pay can do both EMV and MSD contactless; in fact for some reason Amex cards are MSD-only in both Apple and Android Pay, even though their plastic cards with NFC can do both.

I so rarely have a reason to shop at CVS that I haven't had much opportunity to test personally. Other MCX members like Best Buy eventually did turn on Apple Pay.

Comment Re:That's because the payment terminals are outdat (Score 2) 206

Your iPhone doesn't store your actual card number (termed a "Primary Account Number"). When you add your card to Apple Pay, your bank creates a "Mobile Device Number". Your bank keeps the association while your phone uses the MDN to pay, so that's the number the merchant sees. If their systems are later compromised, your bank knows something is wrong if they see the MDN used in a non-Apple Pay transaction.

Apple Pay doesn't require entering the PIN. You can also authenticate using your fingerprint. But since the phone doesn't transmit card details to the terminal until after you authenticate, it's more secure than using an NFC card. A merchant who upgrades their terminals to recognize CDCVM can allow contactless payments in excess of the limit for NFC cards (GBP 30 in the UK, $100 in Australia, etc).

Comment Re:standards, use them (Score 1) 206

They do. The over-the-air protocols in Apple, Android, and Samsung Pay are contactless EMV (a variant on the contact EMV standard for chip cards) and the legacy MSD contactless (basically transmitting magnetic stripe card data over the NFC interface) protocol, which are the same as used for contactless payment cards (Visa PayWave, MasterCard PayPass, American Express Express Pay, Discover Zip). So anywhere that takes contactless payment cards takes Apple/Android/Samsung Pay.

Comment Re:From GRC who brought you ShieldsUp! and SpinRit (Score 1) 31

At the very least, any site using SQRL that cares about security should disallow logins where the SQRL client and browser IP addresses are different.

This actually breaks the original intended mode of operation for SQRL, using a smartphone to scan a QR code and log in on a PC in most cases (it would still work if the PC and the phone are both behind the same NAT device). While this may not necessarily be useful for all people, one of the uses cases for this mode was to allow a safer login on a potentially untrusted machine.

Comment Re:To boldly go where no One wants to go (Score 1) 106

Captain! Thar be spoilers ahead!

Beyond boils down to a story about a Captain going mad in space and abandoning Federation ideals and principles. It's not like Star Trek has never explored that before. In this case, he's a soldier unable to exist in the more peaceful world he helped to create. To quote Chancellor Gorkon: "If there is to be a brave new world, our generation is going to have the hardest time living in it."

Comment Re:Pegg's Star Trek is an abortion (Score 1) 106

So why is there so little gay crew?

Actually do we really know? We have the seven lead characters, one of which we know to be gay (Sulu) and and additional four have been depicted as being in heterosexual relationships in this timeline (Spock, Uhura, Kirk, McCoy). Though we can't rule any of them out as being bisexual.

So that's five people we know something about their sexuality, out of a crew of 1100 (remember, this Enterprise is much bigger than the one in TOS, which had a crew of around 400). Think about today's society. You probably know some gay people and some straight people. But you probably interact every day with lots of people you have no idea about; you've never seen them before and you'll never see them again. Some of them are probably gay. I think the same can be said for the Enterprise: Some of them are gay, some of them aren't, and most of them you'll never know.

Comment Re:But "dipping" solved everything? (Score 1) 134

So what happened in October 2015 was a liability shift. Prior to that, banks would reimburse merchants for fraudulent purchases. With the liability shift, banks stopped reimbursing merchants if the bank had issued a chip card but the merchant continued to swipe cards. There's been delays in merchants getting their chip solutions developed and certified, that's why you see places with chip readers that don't work.

So today chip cards can still be cloned and used at places that are still swiping. As more places enable chip readers, swiping will become rarer and cloned cards will become harder to use, and the fraudsters will have to look to other things.

Comment Re:Chip (Score 1) 134

The liability shift places liability on the merchant where the fraudulent purchase occurred.

Consider this scenario: Someone swipes a card at Wendy's and that data was captured and used to create a fake card and the fake card is used at Safeway, which hasn't enabled their chip card readers.

If the original card had a chip, Safeway is liable. If the original card didn't have a chip, then the bank that issued the card is liable.

Comment Re:Walmart (Score 1) 118

IMO the customer experience for Apple Pay is far superior to a QR code system like Walmart Pay. Presuming an iPhone 6, because that's what I have. On the iPhone 6, I hold the phone up over the NFC sensor, the phone wakes up and prompts me to authenticate via Touch ID, I do and it's done. For Walmart Pay or other QR code systems I'd have to wake up and unlock the phone, find and open the app, find the QR code scanner, hold the phone over the QR code. And my phone has to be online, so no good if I'm overseas in Airplane Mode (I've used Apple Pay in airplane mode).

And about those NFC pads... You know all those new Ingenico iSC 250 readers Walmart installed to accept EMV chip cards? They all have NFC built-in. Walmart simply disabled it.

Comment Re: Usage is consent (Score 1) 118

Originally the CurrentC scheme was going to promote direct debit from bank accounts using ACH, rather than using credit/debit cards. ACH means lower fees but also removes the consumer protections associated with credit and debit cards. Walmart was a backer of CurrentC, but they must have seen that CurrentC was going nowhere quickly and launched their own similar Walmart Pay system, which does allow credit/debit cards. I don't know if it also supports ACH.

Comment Re:Public Domain (Score 3, Insightful) 152

True, but the way I see it, the airlines and third party booking sites feel it's worthwhile to have their options appear on metasearch sites. The point I was trying to make is that there are examples for allowing "competitors" to use their API. Also there's a history in the travel industry of having shared booking channels in the form of the GDS systems (Sabre, Apollo, Shares, etc).

I suppose the difference is that there are a lot more competitors than in ridesharing, where Uber is clearly the dominant player. Since most people are aware of Uber, there is not much incentive for them to participate in third-party apps since if the choice is "use a third party app and always use the cheapest" or "just use Uber since the price is probably close enough not to matter", Uber prefers the latter.

And back to the airline industry, Southwest does the same thing. You may notice their fares don't show up in metasearch or third party booking sites. They have established a reputation as "the low fare airline" so it's not to their benefit to make it easy to see how their fares compare to others.

Slashdot Top Deals

A successful [software] tool is one that was used to do something undreamed of by its author. -- S. C. Johnson

Working...