Contactless Payments - part 2

, posted: 21-Sep-2011 15:12

Yesterday I blogged about feeling uneasy with the no-authentication-for-under-$80-transactions on MasterCards PayPass implementation for ASB Bank.  See here

A number of the comments I received said "any fraud will be reimbursed", "its the bank or merchants taking the risk, not you", "they have insurance to cover that".  Yes they probably do.  I've been rung by ASB as a current customer to notify me of transaction found on a credit card I do use for internet transactions, and the process was remarkably simple and painless.  So I know it works.

But the issue is, why should something be implemented, that requires insurance and fraud protection.  Why not design it to lessen this risk.

I'm going to pull out of context some of the PCI DSS (link) requirements that service providers, merchants and banks have to adhere to:

8.2 Employ at least one of these to authenticate all users: something you know, such as a password or
passphrase; something you have, such as a token device or smart card; or something you are, such
as a biometric.

8.5 Ensure proper user identification and authentication management for non-consumer users and
administrators on all system components.

Ok, so these requirements really relate to the handling of card holder data, but why not apply this to your card.  The main piece of card holder data is your Card number, your PAN (Primary Account Number). To use the PayPass system you only have to supply one piece of card holder data - the physical card with the PAN embossed on it, why shouldn't requirement 8.2 also be applied, and a 2nd authentication criteria be used.

Pin numbers work, but can be slow when people miskey - but the really slow factor for these on EFT POS terminals is the time it takes to authenticate to the Auth Center - why not move the PIN authentication onto the chip, much faster (does potentially bring up the issue of cards being brute forced for pins).

Use biometrics - a thumbprint reader as part of the card, only a person with an authorised thumbprint can use the card - probably a little expensive, but hey it's my blog and I'm just spit balling here.

My point is, why implement something that needs some kind of fraud insurance to cover the banks and ultimately the consumer.  As the consumer you're paying for this in your bank fees and card fees.

Free $80 - come and get ur moneyz!!

, posted: 20-Sep-2011 13:11

Recently I received a letter from ASB Bank about a replacement credit card with an embedded chip.

"Great" I thought. I'd been wondering when they would come out, as chip cards are supposed to be more secure.

Part of the letter explained about a new contactless payment system incorporated as part of the cards called PayPlus. This is MasterCards implementation of Near Field Communication based payments (see ).  The Visa equivalent I understand is called PayWave.

The letter explained that for transactions of less than $80 no pin was required.  Now of course you do have to find a retailer that would support this, but I would assume these would start appearing, and the concept is similar to my Snapper card I use occasionally for the bus.

But the idea of no pin, no signature linked to my credit card had me a bit worried. 

As snapper is effectively a cash replacement - and in some ways it is more secure than your wallet (where your cash normally resides)* Because of this, the balance kept on my snapper card is akin to what I'd hold in my wallet, not much more than $20.

But the idea of up to $80 payments possible off a household credit card gave me shivers down my spine.  How many people do not check their statements?  Or if they do, only when it's sent to you?  Ok sure, the card has to be out of your possession, and generally you'd cancel the card as soon as you realise it's gone, but it still left me feeling uneasy.  With a regular credit card loss, apart from McDonalds**, there was a modicum of security, someone would have to forge your signature (probably fairly easy to do) or gain access to your pin.

But the thought of someone just having to tap the stolen, or misplaced card on a terminal to have access to your funds seemed to be a lowering security.  I like to think of this contactless technology as a cash replacement...and therefore the value of cash transactions - generally fairly low....not being linked to an account with enough money to cover the household spending for a month.

I saw another user ask @ASBBank on twitter if the limit could be (I assumed) lowered...this was something I'd been thinking of, and I asked if it could it be disabled entirely, the answer was no to both questions.

I'm all for new features, and quite like the idea of contactless payments, don't get me wrong.  But I don't particularly want it attached to a credit card that I've purposely never put on the internet, because it's used for the household, and so it's limit is appropriate for household spending.  I have another card with a $500 limit that I use for internet based transactions.  A separate, opt in, card would have been, in my opinion, the preferable way of implementing this.

BTW this probably isn't so much a dig at ASB Bank, and I think this would be part of their membership to the card schemes, and I'd imagine all the NZ banks would be doing similar.  And all have the same sort of implementation.

* if you lose your snapper and it's registered, it can be stopped and/or refunded.  If you lose your wallet, you've probaby lost your money.

** McDonalds (and maybe others) has allowed no pin or signature on transactions valuing less than $15  Correction, apparently it's $35 - which I think is worse.

Is there an App for that Scam

, posted: 5-Mar-2010 08:20

I had a thought while riding in this morning about a new potential financial scam.


If you're one of these people with one of those fancy new fangled phones that use apps for everything instead of mobile sites, them how do you know it's not stealing your information and sending it to a third party?


Did you check that app when getting it? Just like domain sitters, that sit on a misspelled versions of a popular site, the same could be done with an app. "Nationa1 Bank app", "A5B Bank app", while they show your all of your financial information faithfully, utilising information pulled from their mobile web sites', the app is, in fact, sending your user name and password to a third party that can then log on and play mischief with your financial details.


Now having not actually ever looked at these apps I assume a safe guard such as never storing login details could be used on the official apps, but again, if it's a non official version (and would Apple's vetting process pick this up?) then the user could blindly add in their login details and then wonder why their bank account is emptying....


Just a thought, you be careful out there....

Little Boys and their Sewing Machine Cars

, posted: 27-Dec-2009 11:09

I live on a main street and close to an intersection with a well used street.  What this means is a get a lot of idiots in their sewing machine sounding cars accelerating and decelerating right outside my door.
I must be getting old, I can’t understand why you’d want your car to sound this stupid.  It’s not a rumble like a V8, or growl like a good twin motorbike (Ducati Anyone?), but a whine, especially on the smaller cars, and don’t get me started on the annoying whiny rattle of a Wankel based engine like the old RX7s and RX3s
And why is it these cars are normally driven by idiots that think the rev limiter cutting the engine out  is the sign that they need to change gear?  Hello, this isn’t Gran Turismo here, or Mario Cart.
Many a time I’ve thought “I wonder if I can buy some road spikes off the cops” and lay them out right outside my house. That and thoughts of sitting outside with a high powered rifle.  Or more likely a camera to record the db rating and their license plate number...yeah I like that one, wonder if the cops would accept that....
I don’t understand how these guys get warrants, do they take their noisy mufflers off for warrant time and put them back on when they get home?  And do the cops ticket for excessive noise? I’m assuming by the amount of noisy cars around they don’t or that it’s hard to police.
One final thing, I refuse to call them “boy racers” they’re not, that just glamorises them.  They’re “little boys with sewing machines”.... it doesn’t quite roll off the tongue as well, but I feel much more accurate.

Breast is not always best.

, posted: 3-Jul-2009 08:31

Recently my wife and I had a little boy. Due on the 7th of May he came two days early by emergency caesarean. Because of the emergency c-section my wife didn't go through many of the traditional labour experiences (labour pains etc) some would say that's fortunate. What relevance that may have I'm not sure.

Anyway. Being a c-section birth means you stay in hospital longer while they make sure the major surgery the mother has been through heals properly. For this we were thankful.

The nurses and midwives at Lower Hutt hospital were excellent, from taking our unsettled baby in the middle of the night so my wife could sleep, to the burping tips and positions, to the countless pieces of advice on breast feeding. Which brings me to my point....

New Zealand and it seems Wellington in particular have very low breast feeding rates. So much so that the New Zealand government has a advertising campaign running at the moment (targeting Maori and Pacific Islanders it seems) to encourage breast feeding. Also the world health organisation is very pro breast feeding as well.

I Don't have a problem with this. If you can why not, it's free, nothing to sterilise, they're always with the mother in their handy and rather attractive containers.

But the problem comes if for whatever milk production is slow in coming. Remember how I said we didn't go through a lot of the normal labour process? Well this may have been a factor as the body releases hormones during birth to tell the body its having a baby.  Any way, short version after trying for the first three days to breast feed and struggling somewhat, the baby was weighed he had lost 10.6% of his birth weight. 10% is the magic number they want the baby to stay under, as pretty much all babies loose some weight at birth.

So after finding his weight had dropped a little too much the midwives wanted my wife to express to give the baby some extra after breast feeding. This all sounded logical. But what followed was 5 hours of 'stuff being done to my boobs'.

Expressing can take three forms, and from most effective to least effective is the baby suckling, a breast pump and hand expressing.  Over the course of the next 5 hours my wife had all three of these methods applied. There had been earlier attempts to hand express from some of the other midwives but the one that did it this day was particularly rough. Leaving my wife very sore. And so at the end of 5 hours when she offered to hand express again my wife said NO!

'We want to top him up with formula'.

You would have thought that we said we wanted to boil and eat the boy. After trying to talk us out of it and persist with the had expressing/breast pump, we were told 'there is a form to fill out'.  Ya what!?! You're kidding right??!?!? No.  Well bring it then and lets get going.

40mls he drank, the poor little guy was starving! 40 mls is a lot when your stomach is the size of a 20 cent coin (about 15mm).  So for the next 24 hours he was topped up after breast feeding, having 10 - 20mls at a time.  And when he was weighed 24 hours later he had put on weight.  Another 24 hours and another weight gain - time to leave the hospital.  Now he is breast fed exclusively, so even though we skirted the dark side by using formula we continue to breast feed the baby (I'm using the collective 'we' here btw!!).

The trouble is this isn't an isolated incident, why is it so difficult use formula, even to the point where it is detrimental to the baby.  I know of another story where twins has lost of 20% of their birth weight.  Still the hospital would not feed formula.  In this particular story, the parents checked out of hospital early and put the babies on formula, where they now thrive.

A third story I just heard where the baby was taken to special care with a rash, turns out the mother had no breast milk and the baby had not fed.  When the nurses came back into the mothers room she sat her down and said "your baby has not fed to 2 days", in shock the mother didn't reply, the nurse repeated, "your baby has not fed in 2 days", and just stood there, what is she to say, FEED HER THEN!!.  Thank you the nurse says, 'we cannot offer formula, but you can ask for it' - I mean WTF is up with that.  Here is a baby that is obviously sick, dehydrated, mother is in distress, and yet still she has to ask for.  This is what I don't agree with.

The ad campaign and posters that surround you are fine, antenatal classes also push breast feeding, so you hear it all through the pregnancy.  But to make any other option so difficult I find to be a very bad practice.  You are made to feel a failure (well not me, but the mother is), and this isn't good either, it's not always the mothers fault she cannot breast feed.

Anyway, rant over, our boy is a healthy breast fed baby, still growing, still putting on weight, and that's all that matters.

The ongoing Epuni Train Station saga

, posted: 14-Apr-2009 08:49

So if you look at previous blogs (Train Station) you've seen me blogging about the train station I go to. We've had a train station in various states of disrepair since May 2008 when the roof was removed.  I understand the reasons for it's removal, it was all to do with asbestos discovery and I did have it explained to me why it had taken so long to get a new roof put back on.

About 3 weeks ago a new plastic roof was put on. It wasn't perfect but everyone was relatively protected.  So imagine my surprise when I read that over Easter they intended to demolish the station and put up to temporary 3m shelters.  Later on putting up a 5m shelter

Now I only get on the one train each morning, the 7:11. There are regularly 20 to 25 people waiting for this train.  Where are they going to stand when its raining? 20 people will not fit under these tiny plastic shelters. Do these people have no concept?

The old station was about 12m long with a 3m overhang, that added a nice big roof that was able to accomodate everyone.  These 3m shelters are a joke, and even the 5m one is not going to provide too much shelter in a howling Wellington southerly.

To put it in perspective one side of the old station was about 12m x 3m. These new shelters are 3m x 1m

God help us the first time it rains. 

I have a death wish - riding home from Wellington City

, posted: 26-Mar-2009 08:40

Well not actually death wish, but it feels like it sometimes......

What is it about 5pm drivers that makes them more obnoxious and aggressive than their 4pm counterparts?  Is it because they're more angry they have had to work that extra hour??

Yesterday i left work on the bicycle at 5pm. Normally i try to leave if cycling between 3 and 4, because there is less traffic on the road.  but yesterday it was 5pm.

Ok well the Terrace will always be 'fun' regardless of the time. Just the amount of traffic and pedestrians. So last night traffic was banked up and pedestrians have a wonderful habit of waking between the stopped cars. I don't have a problem with that, I'd do it myself. But try looking both ways you idiots. I locked my rear wheel twice and got very close to one chap who blindly walked in front of me. Now I'll hear you all bitch at me that it was my fault for riding faster than the traffic, even when not doing that, pedestrians blindly walk out after the cars had passed. One advantage of bumper to bumper traffic is no taxis or couriers trying to u-turn in front of me. the terrace is a go slow zone because of all this.

Next point of issue is just the amount of traffic to while trying to keep left. Coming from Thorndon quay to the Hutt road there is a cross over where traffic from the ferry or Aotea quay merges. Normally there is no problem here as there is very few cars coming from Aotea but after 5 it is full and pm you rely on somebody, a, seeing you, b, slowing down to let you cross. I was fortunate last night a blue Nissan let me in. I will always wave thanks if I'm able to (sometimes it's just not possible to wave/indicate explain later).    

But while riding down the Hutt road here, just before the traffic lights I get a honk from some woman in the bluebird, and she points to the side of the road.  This is the type of person that really pisses me off.  There was no other traffic around her, I was just on the white line (at the side of the road), maybe a little on the right of it, as the road is pretty crappy/bumpy/dirty at that point, and she honks like she owns the road.  WELL LISTEN UP!! I pay road taxes as well for my car that I CHOOSE to leave at you snobby bitch.  You should be dropping to my feet and kissing them (I wanted to say something else, but this is a family show) for choosing to take a form of transport that takes another car off the road.  Its people like this that makes me want to catch up to them and rip their mirrors off. 

Now I'll get just as angry when I see a group of arrogant cyclists riding 2 - 3 abreast using the road, I think it's bad manners and a bad image, but a single cyclist, you is probably just trying to avoid a crappy section of road is a different thing, and they should be cut some slack.  Again, while you may have to slow down to get around us for 3 seconds isn't it better than me being a selfish tin box driver and clogging the roads!!

On to the motorway is pretty uneventful, well apart form the Mana/Newlands buses, some of those guys have a particular dislike of cyclists, pulling out in from of them, passing them then pulling into a stop, and cutting it very close when they pass.

The only other areas of note are on the surface streets on Lower Hutt, being after 5pm people are more likely to take stupid risks at intersections as they are impatient and have been sitting at the intersection a while, and what this means to a cyclist is they are less will to wait, and more likely to pull out in front of you.  This may surprise you but a bicycle - especially a road bike - doesn't stop that much quicker than a car.  Our tires are so thin they just lock don't be surprised one day to find a cyclist on your bonnet if you are one of these impatient assholes.  Mountain bikes with knobbly tires are pretty similar to stopping distance.

So there you go, a ride from Wellington to Lower Hutt, after 5pm, remind me not to do that again in a hurry and leave at a less congested hour. I'm fortunate that this is an option to me, for most people it is probably not.

The Credit Crunch merri-go-round.

, posted: 16-Mar-2009 08:17

Recession, depression, credit bubble, credit crunch. I don't know what you want to call it, but it seems to be the latest bogey man to upset to the world. Yes there are businesses affected, and some (or is it many?) will have noticed a downturn. But how much of this is real and how much of this would be self imposed based on media speculation.

Case in point- I'm looking for a video camera at the moment. Do you think I can find one? I went to Wellington photographic supplies yesterday in the vain hope the might have some working cameras (don't get me started on that policy of non working cameras in the store so you can sell it later). Now as I looked through the shelves I noticed they had no or very little Canon or Panasonic cameras. When the shop assistant came over I asked him about it...

"We can't get any, because of the (insert noun for the crunch here) so the manufacturer isn't manufacturing as many as they think "people are not buying".

So surely if there is no stock then people can't buy either? Which means the manufacturer doesn't meet their sales targets which they them blame on the credit crunch which means they start laying off jobs.

Sounds like a flawed business model to me where the manufacturer cares more about the profit sheet than any real result like the number of sales.  If you fudge around with the numbers enough then you can make whatever story you want. It doesn't even have to be the truth. And what is worse is that this manufacturer will cut jobs of good people just to drop their wage bill to keep their net profit a similar number to last year, therefore the CEO will meet his numbers and be given a bonus so large that he could of paid the wages of the aforementioned jobs losses.

And round and round it goes......

Got a new phone...

, posted: 28-Jan-2009 08:50

Hello, it's been a little while since I last posted

Bought myself a Nokia 6210 Navigator.  Replacing the K-Jam.

Advatanges - much smaller, and lighter.  Has A2DP Bluetooth profile for Bluetooth stereo.  And has GPS, my new favourite toy.

I signed up to Nokia Sports Tracker, it's a program that you run on your S60 based Nokia phone, and with the gps it keeps track of where you are, great for on the bike.

Then once you've completed your workout, or drive, or walk, you upload it to the website and it overlays the course with Google Maps.  You can also export gpx, kml files for use in other apps.

Also on this phone I have MobiReader for reading eBooks, Mobbler for scrobbling, mIRGGI for IRC (so I can Geekzone Chat), and Google Maps for S60.

So expect my next blogs to be about GPS toys/sites/services that interest me.

Return of the Mammoth - could we? Should We??

, posted: 22-Nov-2008 18:37

Saw this on the news and then found the link:

As per Jurassic park where the Dinosaurs are resurrected from "stored DNA" - they say they may be able to bring back the Mammoth from hair balls.

If you're not familiar with the movie Jurassic park, prehistoric mosecuitos found in fossilised sap have blood extracted out of them, and hey presto you have the DNA of dinosaurs, mix that with the DNA of frogs, and you can create a park with living dinosaurs.

While the scientists at the time said there was no possibility of doing this, recently, using hair balls found around the Wooly Mammoths lifted from the ice, scientist have said that this may be possible.

So in 10 years could we be seeing wooly mammoths walking the Earth again??

The questions is though, should we do this.  Should we bring back annimals that for whatever reason, failed to stay alive during their own time, should we bring back the dinosaurs? Should we bring back the mammoths??

I think not.  These animals had their time, and for whatever reasons didn't survive.

But on the other hand, if though lack of education, malice or mis-management, humans kill off a species, then I think we should try to bring that species back.  Since it was not killed off by natural means but by the hand of man.

davidcole's profile

davidcole Cole
Lower Hutt
New Zealand

Been thinking it would be nice to have a blog but not sure if I have enough to say.

I'm an I.T worker from Wellington New Zealand.

I like my toys so this will probably have posts about my dealings with those.

My Cellphone is an iPhone 5s

I run a NextPVR based PVR at home to replace my video recorder, DVD player and to host all my music. I'm also really big on Plex, for centralising all my music, videos and I've written a plugin or two for it for accessing live TV and for storing recordings with metadata.

Wemos D1 Mini Door Contact (pl...
(16-Nov-2017 07:58, 13016 views)
TVNZ Ondemand App behind Unblo...
(27-Feb-2013 19:39, 12739 views)
OpenHAB and Bluetooth beacons ...
(19-Dec-2016 21:39, 11160 views)
Controlling a 12v fan from a r...
(17-Jan-2017 07:49, 10285 views)
eReceipts - Why don't we have ...
(12-Jan-2012 10:01, 10110 views)
PDF Forms - why you no boxes?...
(26-Jun-2012 09:04, 8550 views)
Free $80 - come and get ur mon...
(20-Sep-2011 13:11, 8313 views)
RM3's also - but this time wit...
(16-Jul-2017 20:16, 7684 views)
Paradox IP150 and Home Automat...
(6-Mar-2019 21:57, 7522 views)
Contactless Payments - part 2...
(21-Sep-2011 15:12, 5869 views)