Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9


1567 posts

Uber Geek
+1 received by user: 45

Trusted

  Reply # 524925 23-Sep-2011 10:28 Send private message

nickb800: If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


So you're at the Rugby and drop your card, by the time you realise its long after the match and you have a couple of hundred $ from some one else's bar tab. I wonder how long it would take to clear up the mess. My preference is to avoid the risk to begin with.




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

2073 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 524930 23-Sep-2011 10:33 Send private message

openmedia:
nickb800: If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


So you're at the Rugby and drop your card, by the time you realise its long after the match and you have a couple of hundred $ from some one else's bar tab. I wonder how long it would take to clear up the mess. My preference is to avoid the risk to begin with.


Exactly the point I was trying to make (not sure I succeeded)  in my follow up post.  Sure there's insurance, fraud protection etc.  But if the feature is not available on my card, then I don't have to worry about proving my activity over another persons fraudulent use. 




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 524932 23-Sep-2011 10:35 Send private message

I wonder if it's time to implement multi-factor authentication with all payment cards?

Sure, a pin is a form of multi-factor authentication, but maybe something further is needed?

Actually, here's another idea regarding the contact-less cards.
Why not have some form of button that has to be pressed on the card that enables the radio function to work.
That way no-one would have the ability to "skim" a card just by walking by.

186 posts

Master Geek
+1 received by user: 1

Subscriber

  Reply # 524933 23-Sep-2011 10:36 Send private message

What happens if you have a Visa (more than 1 ) and a mastercard in your wallet which you then press against the machine on the bar how does it know which card to take from .

Am not against the process bieng speeded up. have noticed that chip cards slow the process down.

As a retailer we dont total or do a end of day process it just takes it per transaction. We can print a total for the day but it requires no further processing and it just appears by magic in my bank account, be nice if it arrived with the sound of trumpets only problem with eftpos etc no nice till ringing sound


2073 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 524935 23-Sep-2011 10:37 Send private message

dontpanic42: I wonder if it's time to implement multi-factor authentication with all payment cards?

Sure, a pin is a form of multi-factor authentication, but maybe something further is needed?

Actually, here's another idea regarding the contact-less cards.
Why not have some form of button that has to be pressed on the card that enables the radio function to work.
That way no-one would have the ability to "skim" a card just by walking by.


I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

1571 posts

Uber Geek
+1 received by user: 11

Subscriber

  Reply # 524941 23-Sep-2011 10:46 Send private message

davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.



1567 posts

Uber Geek
+1 received by user: 45

Trusted

  Reply # 524944 23-Sep-2011 10:55 Send private message

dontpanic42:
davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.


PayPass is supposed to be an active system which is initiated when your card is placed in close proximity to the card reader. Hence the identifier for each transaction should be single use and cut down on the risk of fraud.

I'd love to see some sort of customer initiated part of the process to reduce the risk of casual fraud via lost cards.




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

2073 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 524946 23-Sep-2011 11:00 Send private message

openmedia:
dontpanic42:
davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.


PayPass is supposed to be an active system which is initiated when your card is placed in close proximity to the card reader. Hence the identifier for each transaction should be single use and cut down on the risk of fraud.

I'd love to see some sort of customer initiated part of the process to reduce the risk of casual fraud via lost cards.


ASB indicated to me as part of my blog post, that while losing the card you're stuffed (and this is what I'd like the 2nd factor of authentication for), simply reading the card and storing the details will not work, as the CCV is changed for each transaction, so a skimmed NFC card details will only work for that one transaction.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

1770 posts

Uber Geek
+1 received by user: 68


  Reply # 524970 23-Sep-2011 11:41 Send private message

openmedia:
sbiddle: I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.

Ah but I want my account configured so that a PIN is required for all transactions.


I've only this year started using a PIN on my cards.... but none had a signature on them. Instead I have written 'Photo ID required'.  That gives me the power to disown an unauthorised transaction, I feel. Even with a PIN it still safeguards against the fraudulent use of a dropped card.

But, dropping your NFC card at at bar....  What's really different here than dropping you cash filled wallet, or dropping your sign/pin card. As currently you still have the option of signing or entering a PIN so a lost card can still be used with a forged signature. And I suspect a busy bar won't really care how the transaction is authorised.

Ultimately you're the card owner and responsible for not losing it.
Or is the real issue the inflexibility of the $80 amount? 

11180 posts

Uber Geek
+1 received by user: 570

Trusted
Subscriber

  Reply # 525024 23-Sep-2011 14:09 Send private message

There are videos of people that are able to read the number off the cards in peoples pockets etc on youtube.

I really dont see any benifit in these since I will still have to pull the card out and put it on the reader as there are at least 3 other RFID type cards in my wallet for accesscontrol so none of them read while the others are present.

IMO they should seperate the RFID from the card and make it a keychain dongle type thing, no reason at all that it is built into a card.




Richard rich.ms

2073 posts

Uber Geek
+1 received by user: 119

Trusted

  Reply # 525028 23-Sep-2011 14:18 Send private message

richms: There are videos of people that are able to read the number off the cards in peoples pockets etc on youtube.

I really dont see any benifit in these since I will still have to pull the card out and put it on the reader as there are at least 3 other RFID type cards in my wallet for accesscontrol so none of them read while the others are present.

IMO they should seperate the RFID from the card and make it a keychain dongle type thing, no reason at all that it is built into a card.



Admit it, you want a chip in your arm right? 




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

11180 posts

Uber Geek
+1 received by user: 570

Trusted
Subscriber

  Reply # 525030 23-Sep-2011 14:20 Send private message

davidcole:

Admit it, you want a chip in your arm right? 


Thought about it a while back, but when it gets compromised as these things do, upgrading would be rather painful. Plus there is some strange reason why I cant just get one RFID loaded onto doors at several different places to do with something about a site code on them, so it wouldnt help with the excess number of cards either.




Richard rich.ms

711 posts

Ultimate Geek
+1 received by user: 144

Trusted
Subscriber

  Reply # 525032 23-Sep-2011 14:26 Send private message

I agree with the OP on this. My concern is loss/theft of my wallet. In the hours it takes for you to become aware that you no longer have your credit card, how many tap n' go transactions under $80 could be performed? Sure shops will have CCTV, but the chances are the perps will be out of area on a spending spree. Even then we presume the police have the time to follow up on these grainy pixelated images. It doesn't have to be high value items, just something that could be offloaded easily through TradeMe or Cash Converters.

In the past, banks made you liable for the spending up to the point where you reported the card as lost/stolen. It wouldn't take even a stupid criminal long to run up quite a bill and you would be left holding the debt until you were somehow able to prove that it wasn't you making the purchases. In the meantime you could be left with no cards and no money to buy even food (cue melodramatic swoon).

Unfortunately, the banks or credit card companies are going to force this upon us whether we like it or not which eventually we will have to accept one way or the other. I just hope their fraud protection leans towards the customer and not only their bottom line.





Procrastination eventually pays off.

11180 posts

Uber Geek
+1 received by user: 570

Trusted
Subscriber

  Reply # 525036 23-Sep-2011 14:33 Send private message

You dont have to accept this, you can choose to cancel your credit card if they force this onto you and you dont want it. I asked a bank and there were no plans to force chip or NFC onto eftpos cards, just the visa/mastercard ones.

Or you could - shock horror - pay with MONEY.




Richard rich.ms

711 posts

Ultimate Geek
+1 received by user: 144

Trusted
Subscriber

  Reply # 525053 23-Sep-2011 14:52 Send private message

richms: You dont have to accept this, you can choose to cancel your credit card if they force this onto you and you dont want it. I asked a bank and there were no plans to force chip or NFC onto eftpos cards, just the visa/mastercard ones.

Or you could - shock horror - pay with MONEY.


True - but banks could very quickly introduce those plans.  My debit card from England soon got chips in them - which I thought was great anyway.

Cash?  The strange look you get from shop assistants when you use cash because all of a sudden they have to count the change out to you.  My favourite is the look you get when you present a $20 for a chocolate bar.  The thing is, you will still need a card to get money from the ATM. 

I'll bet you all the tea in China that they won't offer tap 'n' go on the ATM's  - too much risk!!! (you'll probably tell me they already do in America).




Procrastination eventually pays off.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

How good is your general Science Knowledge?
Created by Aredwood, last reply by floydbloke on 31-Oct-2014 22:08 (35 replies)
Pages... 2 3


Government Limos
Created by networkn, last reply by Bung on 31-Oct-2014 12:39 (94 replies)
Pages... 5 6 7


Snap refuses to replace faulty gear
Created by Brendan, last reply by MadEngineer on 28-Oct-2014 19:07 (92 replies)
Pages... 5 6 7


OneDrive code giveaway - go!
Created by freitasm, last reply by firefuze on 31-Oct-2014 22:11 (23 replies)
Pages... 2


Shutup and take my money (via NFC on my mobile phone)
Created by sxz, last reply by richms on 31-Oct-2014 21:53 (23 replies)
Pages... 2


Sky will be 'upgrading software' of My Sky to connect to internet. What does that mean?
Created by Geektastic, last reply by hio77 on 31-Oct-2014 19:14 (23 replies)
Pages... 2


Speed limit when overtaking? Teach me please.
Created by nakedmolerat, last reply by joker97 on 28-Oct-2014 17:13 (123 replies)
Pages... 7 8 9


Uber: a cheaper taxi ride?
Created by kingdragonfly, last reply by livisun on 31-Oct-2014 14:47 (34 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.