Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

ForumsOff topicI want to disable contactless payments on my credit card - Paypass or Paywave
View this topic in a long page with up to 500 replies per page Create new topic
Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9Next
194 posts

Master Geek
  Reply # 641536 15-Jun-2012 17:55

A second-factor auth via PIN would be slightly more comforting (along with SMS/TXT notification for every transaction), but I still have some trouble understanding why an uncontrolled radio broadcast that could be picked up via some pretty easy-to-acquire hardware with little to no vetting is more secure than a sustem I have better control over (nevermind the massive privacy issues being completely ignored).

* http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
* http://www.shmoocon.org/2012/videos/CreditCardFraud.m4v (Paget @ Shmoocon 2012)

Admittedly we shouldn't believe everything we read online, but I do not see why I should be forced to adopt something that I do not need or have any intention to use.
I am not alone in these concerns, so either there is an issue with user-education/adoption, or there are still technical/security issues that have not been adequately resolved.

Saying the merchant/bank will simply absorb the risk is unacceptable, when not being exposed to begin with is a better solution.

16693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 641564 15-Jun-2012 18:53 Send private message

freakalad:
Saying the merchant/bank will simply absorb the risk is unacceptable, when not being exposed to begin with is a better solution.


Except the basis of every bank is risk management. Every single task is about evaluating risk.

I would suggest you really read up about the changes being made as EMV and NFC are rolled out in the US. I'd pick after this you'll probably want to avooid going anywhere near a credit card.





*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

630 posts

Ultimate Geek
  Reply # 641953 16-Jun-2012 21:44 Send private message

Curious with all these scary posts about the horrible things that could happen when a NFC card is stolen, has anyone actually been a direct victim to pay pass / pay wave ?

The last reported incident was skimming EFTPOS cards by Canadians rather than exploiting NFC technology.

gzt

3196 posts

Uber Geek

Subscriber
  Reply # 641961 16-Jun-2012 22:14 Send private message

No. But banks do not publicize fraud. Successful fraud even less so.




Energy saving and monitoring devices available in NZ: www.energymonitor.org.nz

16693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 642005 17-Jun-2012 09:26 Send private message

The introduction of chip and PIN in Australia along wkith NFC has seen credit card fraud levels drop substancially. Banks don't publicise fraud levels because they're a risk based % at the end of the day, but it's safe to say the new technology is resulting in downwards movement, not upwards.

Those who keep saying NFC is risky need to remember as I keep pointing out that in the US you have never needed a pin or signature for low value credit card purchases, so the move to NFC changes nothing.




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

1500 posts

Uber Geek
  Reply # 642020 17-Jun-2012 10:30 Send private message

freakalad: A second-factor auth via PIN would be slightly more comforting (along with SMS/TXT notification for every transaction), but I still have some trouble understanding why an uncontrolled radio broadcast that could be picked up via some pretty easy-to-acquire hardware with little to no vetting is more secure than a sustem I have better control over (nevermind the massive privacy issues being completely ignored).

* http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
* http://www.shmoocon.org/2012/videos/CreditCardFraud.m4v (Paget @ Shmoocon 2012)

Admittedly we shouldn't believe everything we read online, but I do not see why I should be forced to adopt something that I do not need or have any intention to use.
I am not alone in these concerns, so either there is an issue with user-education/adoption, or there are still technical/security issues that have not been?adequately?resolved.

Saying the merchant/bank will simply absorb the risk is?unacceptable, when not being exposed to begin with is a better solution.

This sounds like the same concerns folk first had when credit cards were introducted...
Why do I want one? Someone could steal it and copy my signature.

You signed up for a Credit/debit card under the banks T's & C's... and guessing you didnt have an issue with that.
NFC is simply the next iteration of making it easier for you to cycle your money thru transaction systems. As folk have said, the risk lies with the banks (it's their system). The responsility lies with you, same way you're currently responsible for your credit/debit cards

194 posts

Master Geek
  Reply # 642039 17-Jun-2012 11:25

not quite the same - with both magstripe+sign & chip+PIN, you have to give explicit auth, and is a token control on the holder's part. if the merchant or bank do not have their act together in validating that auth, then the onus falls on them, since I've done what I reasonably could on my end.

on RFID it's nowhere the same thing - even if the card does not leave my wallet, pocket or bag, the data (i.e. the important, juicy bits) still leak outside of my control, and there is no additional auth validation involved.

saying that this is the same data that's used for online purchases is one of the weakest cop-outs I've heard - if they can completely eliminate online fraud & the black-market in carding has been decimated, *then* that argument might have merit.

if the system as it is has merit, then I should be able to print that data (maybe in QR-code format) on a t-shirt & walk around with that - at least that way I might have a better idea who's picking up the data by virtue of a camera pointing at me.

16693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 642041 17-Jun-2012 11:31 Send private message

I suggest you cancel your credit cards.

You want a complete redesign of the entire system to move from a risk based one to a fully secure system that completey eliminates fraud. This isn't ever going to happen. At the same time you may as well get rid of cash because it can easily be stolen..






*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

194 posts

Master Geek
  Reply # 642323 18-Jun-2012 07:49

I don't have a credit card, but a debit card (oddly enough I can get a special-order CC without RFID; probably old stock), to limit risk.
I only have as much money in my wallet & the account linked to the card as I'm willing to loose at any given time - a mitigation factor I've introduced myself & something I can have control over.

This is not just a whinge about getting things my way, but a need to limit my risk & exposure, and not having to take on more than is absolutely necessary. A few $$$ I'm willing to part with - but not the data.

Being told that "it's all OK because we say it's so" is no good.

8797 posts

Uber Geek

Trusted
Subscriber
  Reply # 642393 18-Jun-2012 10:24 Send private message

If you want to limit your exposure then lose the debit card and get a credit card where you only have a max of $50 exposure and that is never enforced anyway.

debit cards are the worst idea ever, you lose the interest free period, shoulder the risk with your own money and the merchants are still paying the same fees.




Richard rich.ms

194 posts

Master Geek
  Reply # 642401 18-Jun-2012 10:36

good idea, thanks.

16693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 642420 18-Jun-2012 11:04 Send private message

freakalad: I don't have a credit card, but a debit card (oddly enough I can get a special-order CC without RFID; probably old stock), to limit risk.
I only have as much money in my wallet & the account linked to the card as I'm willing to loose at any given time - a mitigation factor I've introduced myself & something I can have control over.

This is not just a whinge about getting things my way, but a need to limit my risk & exposure, and not having to take on more than is absolutely necessary. A few $$$ I'm willing to part with - but not the data.

Being told that "it's all OK because we say it's so" is no good.


Debit cards are bad, very bad. For somebody who's so paranoid getting rid of this would be the first thing I'd do! Smile

The biggest issue is that if you have any fraud you're going to have the money taken from your account and then the bank will have to put it back, whereas with a credit card you've never actually paid for the fraudulent charges. You also can't use them at many hotels and rental car companies, and if you can it's your money being held for the pre auth rather than simply a hold put on the credit card itself.

At the end of the day provising you're not breaking your bank terms and conditions your money it safe, but there are some majoer downsides to debit cards




*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

194 posts

Master Geek
  Reply # 644597 22-Jun-2012 10:35

I can appreciate that there are a number of shortcomings & vulnerabilities in all these systems, but what I want to to address & get a modicum of control over this one issue/"feature" - RFID.

Maybe I'm paranoid... maybe not:
* http://www.scmagazine.com.au/News/305881,android-app-steals-contactless-credit-card-data.aspx
* https://github.com/thomasskora/android-nfc-paycardreader

8797 posts

Uber Geek

Trusted
Subscriber
  Reply # 644645 22-Jun-2012 11:41 Send private message

If you have taken all steps to protect it then you are not liable.

Why try to fix a problem that is not yours? the problem goes back to the merchants that accept the fraudulent cards, and to banks that allow withdrawals using the fake cards. Not you. Not your problem to fix.




Richard rich.ms

16693 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Subscriber
  Reply # 644660 22-Jun-2012 12:06 Send private message

freakalad: I can appreciate that there are a number of shortcomings & vulnerabilities in all these systems, but what I want to to address & get a modicum of control over this one issue/"feature" - RFID.

Maybe I'm paranoid... maybe not:
* http://www.scmagazine.com.au/News/305881,android-app-steals-contactless-credit-card-data.aspx
* https://github.com/thomasskora/android-nfc-paycardreader


I have far greater concerns from a risk perspective that my credit card number, name and expiry date is printed on the front of my card. This can be viewed by staff at every store I visit that doesn't have a pinpad allowing self swiping/inserting of my card and requires me to hand them my card.

You're pointing out a very low risk compromise that reastically can't be done without physical access to the card. Despite people making all sorts of claims about capturing RFID data at a distance the reality is this doesn't work very well at all.

I'm pointing out a very valid risk that is incurred every time I use my card. What do you perceive as the greatest risk?





*Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

Prev1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9Next
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Android and iOS combine for 92.3% of all smartphone OS shipment in the first 2013 quarter
Posted 17-May-2013 08:38

Apple’s App Store marks 50 billionth download
Posted 17-May-2013 08:25

Gen-i divests Davanti Consulting through management buyout
Posted 16-May-2013 14:02

Huawei G510 bring big-screen mobile entertainment for Android users
Posted 16-May-2013 11:49

BlackBerry BBM goes multiplatform: iOS and Android versions
Posted 15-May-2013 11:28

BlackBerry introduces BlackBerry 10 QWERTY smartphone
Posted 15-May-2013 09:32


Trending now »
Hot discussions in our forums right now:

A reason not to shop at dick smith
Created by dsnz1, last reply by AKLWestie on 17-May-2013 22:45 (82 replies)
Pages... 4 5 6

Chorus is cutting the cost of VDSL to service providers from June 7
Created by maxzzz, last reply by Ragnor on 16-May-2013 02:57 (40 replies)
Pages... 2 3

A new project coming to Geekzone
Created by freitasm, last reply by InstallerUFB on 19-May-2013 09:27 (197 replies)
Pages... 12 13 14

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by bmt on 19-May-2013 09:28 (1418 replies)
Pages... 93 94 95

Galaxy S4 to run stock Android, by Google
Created by kiwitrc, last reply by Lambchop on 17-May-2013 02:54 (30 replies)
Pages... 2

Sitting on a boring conference call
Created by SaltyNZ, last reply by SepticSceptic on 17-May-2013 16:52 (14 replies)

Office 365 service outage 2013-05-18
Created by freitasm, last reply by networkn on 18-May-2013 22:31 (12 replies)

Samsung Galaxy SIII Discussion and Owners Thread
Created by networkn, last reply by Johnk on 18-May-2013 14:50 (5522 replies)
Pages... 367 368 369


Geekzone Jobs »
Most recent NZ jobs in technology:

SQL Business Analyst
Posted 19-May-2013 09:27

IT Technician
Posted 18-May-2013 22:27

IT Technician
Posted 18-May-2013 22:27

Office Girl
Posted 18-May-2013 13:27

CRM Lead/ Senior MS CRM Consultant
Posted 18-May-2013 09:27

Business Analyst - Technical Web Focus
Posted 18-May-2013 09:27

Senior Front End Developer
Posted 18-May-2013 09:27


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.