If you’ve had a New Zealand passport issued since November 2005 you would have spotted the Near Field Communication (NFC) page in your passport. This solid page contains a NFC chip which duplicates the data printed in your passport electronically, and also contains a digital copy of your photo along with the biometric data relating to this photo.
An ePassport is now mandatory for visiting a number of countries, and if you’ve been to Australia in the past couple of years chances are you’ve used a Smartgate machine at the airport rather than having to be processed manually by Customs. The Smartgate kiosk reads the biometric data from your passport and when your photo is taken it is compared to the biometric data in your passport to establish a positive match.
If you have a modern Android phone with NFC capabilities you can easily view the contents of this NFC chip.
Download the NFC Tag Info app from the Play store to your Android phone, and once installed click on the app to run it. If you now try and read your passport you’ll see an error come up saying “Basic Access Control is active”. BAC is an security layer protecting your passport from being accessed without an encryption key, essentially preventing your ePassport from being read by somebody who doesn’t have physical access to the passport. The BAC encryption key is generated using your passport number, date of birth, and passport expiry date – data that is only printed inside your passport.
If you now go back to the main menu you’ll see an option to “setup access keys”. enter your passport number, date of birth and passport expiry date and press save. This will generate the encryption key required to read your passport.
If you now put your phone next to your passport the app will be able to read the NFC chip and you should see your passport details and photo appear on the screen.
A number of other details can be viewed, including the biometric data for your photo and the Machine Readable Zone (MRZ) data which is the machine readable text that appears at the bottom of your passport photo page.
To change electronic details of a passport additional layers of encryption exist also – you can’t change your details simply by having the BAC encryption key as this allows read only access.
If you’re interested in knowing more here are a few links you might want to check out:
iOS devices need to have the carrier pack configured to allow LTE on supported networks before LTE can be used. This option will only show in phones that have had the carrier pack set to allow LTE. Vodafone New Zealand isn't listed as an official LTE carrier on the Apple website but it would be safe to assume that Apple aren't going to ruin things for Vodafone and announce something before Vodafone themselves do.
So what secret are Vodafone holding from us?
It's no secret they've just upgraded over 400 cellsites around the Auckland region over the weekend to deliver 900 MHz Dual Carrier 3G services across the Auckland region (I wrote about this here on Friday). Vodafone also have plenty of 1800MHz spectrum to deploy a LTE network on.
Does this hardware support a technology they haven't yet told us about? You decide...
Example A - $12.99 vs $20.00 for the identical tablets at two different pharmacies.
If you do suffer from hayfever I highly recommend Levrix tablets, I've found them amazing. It might just pay however to check the price before you buy them.
Credit card security isn't a laughing matter these days. It's certainly not difficult to find people who have had their credit cards compromised and fraudulent transactions charged to their account. Typically this has been as a result of physical card security being compromised by the use of a card skimmer attached to an ATM (numerous instances in Auckland), a compromised EFTPOS terminal recording card details (a major burger retailer in Queen St, Auckland), or by staff who have access to credit card records randomly copying numbers down for use (a foreign call centre for a major telco). Banks have complex systems monitoring transactions in real time and will often detect card fraud and put a hold on your card well before you're even aware there could be an issue. While card fraud normally doesn't leave the card holder out of pocket due the liability limits banks have in their terms and conditions, having to get a new card can often be a real pain if you have automatic payments such as bills set up on it.
Having had my card compromised while in Australia in the middle of 2012 and then spending an entire afternoon dealing with the consequences while trying to enjoy a relaxing long weekend away means I have zero tolerance to anybody in the industry dealing with credit cards who isn't willing to comply with industry guidelines. As far as I'm concerned you deserve to be named and shamed if you're accepting credit cards and failing to comply with industry guidelines.
The Payment Card Industry (PCI) Security Standards Council are responsible for creating data security standards for cardholder data. Known as the PCI Data Security Standard (DSS) this document covers the requirements and security assessment procedures that should be used in the banking and payments industry to ensure that card security remains a top priority. It's common to refer to being "PCI complaint" when your systems are complaint with this standard.
It's therefore surprising so see a large business like Wellington Airport failing to comply with industry PCI standards governing credit card security, and more so the fact this lack of security has now existed for several years in their car park ticketing machines.
Despite what some may think, a credit card number, or Primary Account Number (PAN) as it's technically known as, isn't just sixteen random numbers. Each card issuer has a unique Bank Identification Number (BIN) which comprises the first six digits of the card. The next nine digits are the account number, and the last digit is a check digit calculated using the MOD 10 algorithm, otherwise known as the Luhn Algorithm, calculated off the prior fifteen digits. This algorithm isn't complex, and it's easy to calculate this check digit with a piece of paper and a pen.
PCI DSS requirement 3.3 covers the storage and use of PAN numbers
3.3 Obtain and examine written policies and examine displays of PAN (for example, on screen, on paper receipts) to verify that primary account numbers (PANs) are masked when displaying cardholder data, except for those with a legitimate business need to see full PAN.
Mask PAN when displayed (the first six and last four digits are the maximum number of digits to be displayed).
As you can see the PCI DSS requirements are that the first six and last four digits are the only digits that should be displayed on a receipt. Why? Because displaying any more than this leaves your card number open to being compromised.
The first six digits are unique to your bank, so displaying these poses no real security risk. The last digit is a check digit, and the prior three prior digits are only 1/3 of your account number. Using a MOD10 calculator to calculate the remaining six digits still leaves a vast number of possibilities, so many in fact, that it poses no great security risk.
Wellington Airport receipts display the last six digits of the PAN, as pictured below (I've crossed two out so you can't see them). This now only leaves four digits that need to be generated, and literally leaves only a handful of possibilities for the card number. For all intent purposes you may as well be displaying the full PAN, as a card card can be compromised with access to the first six digits and the last six digits of the PAN.
A Wellington Airport parking receipt by itself isn't going to let somebody exploit your credit card - as they're only displaying the last six digits of the PAN. Combined with another receipt from a PCI compliant terminal or retailer however and your card number can be compromised. Considering many people throw receipts away together it's entirely possible that somebody could gain access to two receipts which would enable them to reconstruct your credit card number.
So a small tip from me - if you use your credit card at Wellington Airport be careful what you do with your receipt. It could be the most expensive car park you ever use!
Update 05/01/2012 :
Fellow Geekzone Moderator Nate spent some some time whipping up some code using the MOD 10 algorithm to generate possible card combinations. By entering an incomplete credit card number and X's to signify the masking all possible full PAN numbers are displayed. These could then easily be submitted automatically to a payment gateway to establish the valid number. If PCI compliant PAN masking of six digits is followed the 100000 possible combinations make this a a virtually impossible task. With non PCI compliant PAN masking such as that used by Wellington Airport this could be done in a matter of minutes with access to appropriate payment gateways.
Orcon CEO Scott Bartlett, Chorus External Communications Manager Robin Kelly and Head of Industry Relations Craig Young, and TechDay’s Sean Mitchell will answer your questions and provide practical information on how you can make the most of UFB.
If you live in Auckland this is clearly a fantastic opportunity to learn about the UFB project and understand how fibre will be installed to your home or business. A free breakfast is also a great selling point!
For more details check out the Orcon website
With internet traffic growing year on year and users continually expecting faster data speeds, one area that still causes issues is how to carry those bits and bytes around a building or home. If a premises doesn’t have cat5e or cat6 cable for Ethernet, retrofitting it can be an expensive and very time consuming process. Wireless can be a solution, but still can’t deliver the sorts of speed that Ethernet can, and installing a reliable high speed wireless network in a building still requires cabled access points if decent speeds are to be maintained. One solution to this problem is the HomePNA standard which allows data to be carried over existing copper or coax cable, completely avoiding the hassle of having to run Ethernet cable, and delivering speeds faster than wireless. The HomePNA 3.1 standard offers speeds of up to 200Mbps, support for 802.1Q VLAN tagging, fully transparent Quality of Service (QoS) using 802.1p, and supports cable runs up to around 1km. When deployed over coaxial cable the technology is referred to as HCNA (HPNA over Coax)
Late last year I trialled some Netsys NH310 units from Snappernet. These units allow existing TV coaxial cable to be used to carry Ethernet data, in much the same way cable modems work over the TelstraClear Cable TV network using the DOCSIS standard. By using different frequencies than the TV signals, both can be combined and run over a single coaxial cable. These units feature 100Mbps Fast Ethernet ports, and in real world testing deliver speeds of around 90Mbps – fairly typical for a 100Mbps device. Over the coaxal cable the HPNA protocol supports speeds of up to 200Mbps, so the 100Mbps fast Ethernet ports are in effect a bottleneck in the system. Up to 64 slave units may be connected to a single master unit, all of which will share the available bandwidth.
The Netsys HN310H Master unit features 5 Ethernet ports and 2 coax F connectors, one for the TV aerial input, and the other for HCNA out. The HN310C slave unit features 2 Ethernet ports, and 2 coax F connectors, one for the HCNA input, and the other a passthru port to connect into your existing TV or Set Top Box (STB). While setup of this hardware may look simple, some knowledge of MATV (master antenna TV) or SMATV (satellite master antenna TV) is essential to deliver the optimum performance from this hardware. 16dBM isolation is recommended between the master and slave units, with a minimum of 8dBm isolation required for these devices to function correctly. If your setup has isolation of between 8dBM and 16dBM and is also being used for TV distribution you may need to use of a high pass filter between the slave passthru port and TV/STB to avoid any interference to the TV signal. In many MATV or SMATV distribution networks 16dBM TAP’s are installed as standard so this is a perfect match. The HCNA standard uses frequencies between 15MHz and 40MHz so this hardware can happily co-exist with both terrestrial and satellite distribution networks.
One thing to be aware of is that most TV amplifiers sold in New Zealand and Australia used in MATV/SMATV distribution networks don’t support a return path, ie. they will block signals from travelling from the output port of the amplifier to the input port. This means that master and slave units must both be installed on the output side of the amplifier. If there are multiple amplifiers you’ll either need to install multiple master units, or replace the amplifiers with units that support a return path. Many splitters, diplexers and TAP’s sold in NZ also only support frequencies from 45MHz upwards, so these will also need to be reviewed and replaced with equipment that supports frequencies from 5MHz upwards.
Configuration is done using the web interface on the master unit. Once the master unit is configured and slave units hooked up to the coax network they appear in an access list with their MAC address, here they can be associated a plan speed if required, with a number of predefined speed options being available. Individual VLAN’s can be assigned to both of the RJ45 ports on the slave units from the web interface, and there are a number of diagnostic tests available to show signal level and network performance of each individual slave unit.
These units are a very cost effective way of delivering Ethernet to hotel or motel environments that will typically have coaxial cable for TV but no Ethernet cable. With Ultra Fast Broadband (UFB) due to hit NZ this year, this hardware could also provide solutions to premises where retrofitting cat5e or cat6 cable for Ethernet is going to be costly. Other HPNA equipment also exists that runs over copper cable, so existing cat3 phone cable can also be utilised without needing to look at more expensive xDSL based solutions.
Overall the setup is relatively straight forward, and once installed the performance is brilliant. There are certainly plenty of small issues that could arise attempting to install these in an existing MATV/SATV setup, and if you have no knowledge of TV distribution networks, and I would highly recommend anybody thinking about this solution seek outside advice from somebody with knowledge of MATV/SMATV setups.
The real world performance of these units is awesome, and they were chosen for a large scale deployment in an apartment building here in Wellington delivering high speed symmetrical internet connections with VoIP services. The bonus of being future proofed for higher speeds in the future means that delivering a 100Mbps service to customers with a good CIR is totally within the capabilities of this product. Overall they’re a product that creates a fantastic solution and comes with with a great price point.
<shameless plug on> If anybody is interested in looking at these as a solution for a environment such as a hotel, motel, or apartment block I’m happy to provide consultancy advice or work with you on deploying a solution, my details are listed on the right. <shameless plug off>
I couldn't help notice the deal on Spreets today, only $160 for a "GPS Navigation & Multimedia System that Includes an eBook Reader, Games, & Music & Movie Player! Worth $455. Delivery Included"
This product is apparently an essential trip to take on holiday "Don’t head off on your summer holiday road trip without it!" the promo blurb says. It features "the latest in GPS navigation technology".
This is fine if you live in Australia. If you read the fine print this units has the "latest Australian maps pre-loaded", with no mention anywhere of the inclusion or ability to load New Zealand maps onto it.
Even worse the Spreets page claims the product is worth $455. I wonder why the company that is distributing it only sells it for $345 including free delivery, and a 10% discount if you pay by credit card?
Is this really a bargain? Or just an overpriced piece of junk that in all reality is virtually worthless for it's intended purpose in NZ? That's up to you to decide, but I certainly won't be buying one.
Digital TV isn't new to New Zealand - Sky TV began digital broadcasts in the late 90's and Freeview launched in 2007 offering a digital platform for existing Free To Air (FTA) broadcasters using a DVB-S (satellite) platform to offer nationwide coverage to any home with a satellite dish, and in 2008 launched a DVB-T (terrestrial) network that works with a UHF TV aerial and will offer coverage to 87% of the population by the end of July. In September 2012 New Zealand begins what is arguably the most significant change to TV broadcasting in New Zealand since TV broadcasts began in 1960 - the shutdown of these analogue TV broadcasts leaving NZ with a 100% digital broadcast platform. This process is known as Analogue Shut Off (ASO) or Digital Switchover (DSO). By the end of 2013 when this process is complete and all analogue TV broadcasts are discontinued, every TV in the country that is not equipped with an integrated digital tuner for Freeview, an an external Set Top Box (STB) for Freeview, Sky or TelstraClear will be unable to pick up any TV broadcasts. It also means that every VCR or DVD recorder in the country will also be unable to record any TV broadcasts unless connected to an external Freeview, Sky or TelstraClear STB. Despite the dates for switchover being announced earlier this year, an official announcement was made on Friday marking the launch of a new www.goingdigital.co.nz campaign to educate people about this important milestone.
Current statistics show that close to 80% of homes are currently accessing digital TV. What these surveys don't ask however is whether every TV on the premises is currently accessing TV using a digital platform. Somebody who has Sky hooked up to their new 50" Plasma in their lounge is counted in these statistics as being a digital customer, even if the TV in the bedroom is only tuned into an analogue signal. The total number of TV's that are accessing analogue broadcasts is still very significant, and every device that has a tuner in it will require to be replaced or connected to a STB for it to continue working once the analogue broadcasts are shut off. What is readily apparent is that there are a large number of people unaware that analogue TV broadcasts will be shut off, and that their TV's will suddenly be incapable of displaying anything unless they purchase a digital STB for it. While advertising campaigns have started advising of the digital switch over, educating people about the implications of this will take time.
Of great concern to me however, is the behaviour of some of New Zealand's largest retailers continuing to sell products that do not feature a digital tuner, meaning they will be incapable of functioning in a little over a year without additional cost to the consumers.
Several weeks Harvey Norman had TV advertising for a Visio 19" LCD TV for $249. "Great for the bedroom" boasted the voiceover message. This TV features no integrated Freeview tuner and is only capable of tuning in analogue broadcasts. Anybody buying one of these TV's for their bedroom and relying on analogue broadcasts will find that that once analogue broadcasts cease that their TV will be unusable unless an external STB is connected to it. Harvey Norman aren't the only ones guilty of this - a quick glance at The Warehouse and DSE mailers show they are also selling a large number of TV's with no integrated digital tuner.
This poses a question - are these retailers blatantly misleading their customers by selling products that will not be able to perform it's primary purpose (watching TV) starting in 15 months time unless the customer spends more money to purchase a STB to allow this TV to continue to operate? I personally think they are. A quick survey by of these retailers on the weekend inquiring about these products shows that they're doing nothing to educate and inform their customers that the product they're about to purchase will be unusable unless connected to a STB at additional cost to the consumer.
In my opinion every retailer in New Zealand selling a TV or DVD recorder without an integrated Freeview tuner should be forced to display Point of Sale material warning of the limitations of the product, and the same material should also included with the product. Selling a TV or DVD recorder that will in effect be obsolete, without clearly advising customers of this is in my opinion, completely unethical.
So my challenge to retailers - what are you going to do about this? What steps will you take to educate customers? What will you do when a customer brings their Visio TV back in 15 months time and says it no longer works?
If you're a consumer who's recently purchased a TV from one of these retailers that doesn't feature a digital tuner and were unaware that it will require additional hardware and costs to operate in a little over a year, what do you think?
Your thoughts on this issue are welcome.
* Image of switch off dates is from www.goingdigital.co.nz
This morning I awoke to the sound of Radio NZ news in attack mode launching a full on hatchet job on Mastercard. What had Mastercard done that was so bad? Well nothing. Nothing at all.
In November last year (1) the consortium of ANZ, EFTPOS NZ and MasterCard announced the launch of MasterCard PayPass in New Zealand. PayPass is a Near Field Communication(NFC) capable card (think "Snapper card") and enables payment for goods without having to use the magnetic stripe or chip on your card. No PIN number is required for low value purchases, which means the transaction times are super quick, typically somewhere in the vicinity of 300ms - 500ms depending on the volume of data that is transferred. Part of the announcement was that PayPass terminals would be installed at Eden Park and Westpac stadium in time for the Rugby World Cup. Despite the deal to launch NFC terminals in stadia for the RWC now being over four months old, Radio NZ thought they were onto a winner, boldly claiming that RWC patrons would "have to have to use cash or buy a new Mastercard prepaid card" for purchases during an game. I'm sorry Radio NZ, what was the news again? It's obviously a slow news day when your lead story is a rehashed four month old story that does nothing but spread FUD. I guess impartiality wasn't in the vocabulary today.
Radio NZ then called upon Massey University senior lecturer in banking Claire Matthews to comment "New Zealanders have taken to eftpos with such delight and make such great use of it, that to try and persuade them to use something else which doesn't offer any significantly better convenience or efficiency - there's simply not the argument for them to use it.". About now might have been a good time to do what a journalist does well and ask a question, such as " why do we not have EFTPOS in stadia today?".
Here in New Zealand today if you attend an event at a major stadium you'll find it's still very much cash environment. Despite our love for EFTPOS it's not commonly found. Why not you ask? The simple answer is that the transaction times are considered to be too slow and will create bottlenecks. This is a view that is certainly open to argument, with the average time for an EFTPOS transaction being in the vicinity of 15 seconds. Regardless of whether or not you think that's a problem it's an issue we just have to accept - and have done, as the lack of EFTPOS terminals at most major events will be readily apparent to anybody who regularly attends. Instead of handing over their plastic at the till, people either bring cash, or queue at ATM's inside the stadium and pay for their hotdogs and beer with cold, hard cash.
One interesting piece of history for buffs is that when the Westpac Stadium in Wellington was opened in 2000 it featured Visa Cash terminals at every kiosk. Visa Cash was a prepaid chip card that required no PIN or signature, however the hardware was withdrawn after the Visa Cash product failed to gain traction in the global marketplace, and was replaced by trials of NFC cards that began around the same time.
Here in New Zealand ANZ bank have been issuing NFC based MasterCard cards since mid 2010 and launched these officially in November 2010. A growing number of retailers now feature NFC capable EFTPOS terminals, and if you stand at a McDonalds store for long enough you will see probably see somebody using one. While not commonplace yet in the New Zealand market, the Australian market now has 5.3 million PayPass cards, and over 35,000 retail locations with PayPass enabled terminals. By October 2012 all Mastercard cards issued by banks in both New Zealand and Australia will feature PayPass, and by 2014 all EFTPOS terminals in both countries must be upgraded to support NFC cards. Sources tell me that ANZ will very shortly begin issuing NFC cards as standard, and that at least one or two other bank in New Zealand will roll out NFC cards over the coming months meaning there will be a growing numbers of cards in regular use by the time the RWC starts.
The "new" NFC terminals were installed late last year at both Eden Park in Auckland and Westpac Stadium in Wellington. If you're lucky enough to already have a NFC card you've probably already used it. If you had were expecting some flash new terminals to be installed just in time for the RWC you'll be sorely disappointed. The very same infrastructure and payment methods that are in place today will be exactly how things are during the RWC.
The hatchet job on Mastercard continued with blogger Lance Wiggs launching a scathing attack saying the decision is "stupid". Comments such as the one from Lance saying that MasterCard need to "roll out the NFC/EFTPOS terminals across New Zealand so that tourists and locals alike can experience the technology" shows a lack of knowledge of the product and industry. NFC terminals are now reasonably commonplace in NZ, with a huge number of Ingenico terminals having been deployed in recent months as retailers upgrade to new EMV version 6 capable terminals as required by the 1st June 2011.
Issues were also raised in the media as to why Visa cards couldn't be used. In Part ANZ and MasterCard as RWC sponsors obviously see value in selling their brands, however more import is a key issue that Visa's PayWave NFC cards have not yet been launched in New Zealand. Using something that doesn't exist in our market isn't easy!
In recent months there have been some very exciting developments in the NFC field. Cellphones with NFC capabilities have been trialled meaning that your cellphone becomes your wallet. Want to see your current account balance or transaction history? It'll all viewable on your phone screen. NFC is the future of payments, and the capabilities of such an exciting technology are very cool.
It's been a long time since I've heard a rehashed news story about payment terminals that were installed months ago, NFC credit cards cards that are already in use by thousands of New Zealanders (and not to mention foreign tourists who will visit) and shock words such as "paying by cash" cause such a fuss!
Disclosure: Before somebody flames me I neither work for, or have any association with any bank, credit card company or terminal vendor.
What is cool about the technology is how it can be exploited in ways that mobile carriers do their hardest to prevent. Because a femtocell is the size of a router and can work anywhere with an internet connection there is nothing physically stopping you taking it with you to a foreign country, plugging it in, and enjoying zero rated roaming.. But this breaks many rules, including the fact you're illegally transmitting on spectrum in a country what you aren't legally allowed to use, which means carriers implement methods to prevent this.
The most common is IP whitelisting, where a mobile network restricts the devices to working with a fixed range of IP addresses, typically their own. Vodafone NZ appear to have adopted this method, restricting usage to customers using only a Vodafone broadband connection. Of course any network engineer out there will suddenly hear the word "VPN" jump into their head, and suddenly the opportunities are endless...
Please note that I neither condone or encourage breaking the law to exploit overpriced roaming charges!