Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
openmedia

2288 posts

Uber Geek

Trusted
Subscriber

  #524925 23-Sep-2011 10:28
Send private message

nickb800: If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


So you're at the Rugby and drop your card, by the time you realise its long after the match and you have a couple of hundred $ from some one else's bar tab. I wonder how long it would take to clear up the mess. My preference is to avoid the risk to begin with.




Generally known online as OpenMedia, now working for Red Hat APAC a Technology Evangelist and Product Manager. Still playing with MythTV and digital media on the side.


davidcole
4978 posts

Uber Geek

Trusted

  #524930 23-Sep-2011 10:33
Send private message

openmedia:
nickb800: If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


So you're at the Rugby and drop your card, by the time you realise its long after the match and you have a couple of hundred $ from some one else's bar tab. I wonder how long it would take to clear up the mess. My preference is to avoid the risk to begin with.


Exactly the point I was trying to make (not sure I succeeded)  in my follow up post.  Sure there's insurance, fraud protection etc.  But if the feature is not available on my card, then I don't have to worry about proving my activity over another persons fraudulent use. 




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


 
 
 
 


dontpanic42
1574 posts

Uber Geek


  #524932 23-Sep-2011 10:35
Send private message

I wonder if it's time to implement multi-factor authentication with all payment cards?

Sure, a pin is a form of multi-factor authentication, but maybe something further is needed?

Actually, here's another idea regarding the contact-less cards.
Why not have some form of button that has to be pressed on the card that enables the radio function to work.
That way no-one would have the ability to "skim" a card just by walking by.

sleepy
285 posts

Ultimate Geek

Subscriber

  #524933 23-Sep-2011 10:36
Send private message

What happens if you have a Visa (more than 1 ) and a mastercard in your wallet which you then press against the machine on the bar how does it know which card to take from .

Am not against the process bieng speeded up. have noticed that chip cards slow the process down.

As a retailer we dont total or do a end of day process it just takes it per transaction. We can print a total for the day but it requires no further processing and it just appears by magic in my bank account, be nice if it arrived with the sound of trumpets only problem with eftpos etc no nice till ringing sound


davidcole
4978 posts

Uber Geek

Trusted

  #524935 23-Sep-2011 10:37
Send private message

dontpanic42: I wonder if it's time to implement multi-factor authentication with all payment cards?

Sure, a pin is a form of multi-factor authentication, but maybe something further is needed?

Actually, here's another idea regarding the contact-less cards.
Why not have some form of button that has to be pressed on the card that enables the radio function to work.
That way no-one would have the ability to "skim" a card just by walking by.


I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


dontpanic42
1574 posts

Uber Geek


  #524941 23-Sep-2011 10:46
Send private message

davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.

openmedia

2288 posts

Uber Geek

Trusted
Subscriber

  #524944 23-Sep-2011 10:55
Send private message

dontpanic42:
davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.


PayPass is supposed to be an active system which is initiated when your card is placed in close proximity to the card reader. Hence the identifier for each transaction should be single use and cut down on the risk of fraud.

I'd love to see some sort of customer initiated part of the process to reduce the risk of casual fraud via lost cards.




Generally known online as OpenMedia, now working for Red Hat APAC a Technology Evangelist and Product Manager. Still playing with MythTV and digital media on the side.


 
 
 
 


davidcole
4978 posts

Uber Geek

Trusted

  #524946 23-Sep-2011 11:00
Send private message

openmedia:
dontpanic42:
davidcole:I brought up biometrics as a 2nd factor.  Only while your thumbprint is touching the card will it work...


I would imagine the problem with implementing biometrics would be the need for active circuitry within the card itself. Currently, I think the contactless systems rely on a passive method.
I suppose that would also be true if a physical button were to be implemented too.


PayPass is supposed to be an active system which is initiated when your card is placed in close proximity to the card reader. Hence the identifier for each transaction should be single use and cut down on the risk of fraud.

I'd love to see some sort of customer initiated part of the process to reduce the risk of casual fraud via lost cards.


ASB indicated to me as part of my blog post, that while losing the card you're stuffed (and this is what I'd like the 2nd factor of authentication for), simply reading the card and storing the details will not work, as the CCV is changed for each transaction, so a skimmed NFC card details will only work for that one transaction.




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


oxnsox
1923 posts

Uber Geek


  #524970 23-Sep-2011 11:41
Send private message

openmedia:
sbiddle: I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.

Ah but I want my account configured so that a PIN is required for all transactions.


I've only this year started using a PIN on my cards.... but none had a signature on them. Instead I have written 'Photo ID required'.  That gives me the power to disown an unauthorised transaction, I feel. Even with a PIN it still safeguards against the fraudulent use of a dropped card.

But, dropping your NFC card at at bar....  What's really different here than dropping you cash filled wallet, or dropping your sign/pin card. As currently you still have the option of signing or entering a PIN so a lost card can still be used with a forged signature. And I suspect a busy bar won't really care how the transaction is authorised.

Ultimately you're the card owner and responsible for not losing it.
Or is the real issue the inflexibility of the $80 amount? 

richms
23681 posts

Uber Geek

Trusted
Subscriber

  #525024 23-Sep-2011 14:09
Send private message

There are videos of people that are able to read the number off the cards in peoples pockets etc on youtube.

I really dont see any benifit in these since I will still have to pull the card out and put it on the reader as there are at least 3 other RFID type cards in my wallet for accesscontrol so none of them read while the others are present.

IMO they should seperate the RFID from the card and make it a keychain dongle type thing, no reason at all that it is built into a card.




Richard rich.ms

davidcole
4978 posts

Uber Geek

Trusted

  #525028 23-Sep-2011 14:18
Send private message

richms: There are videos of people that are able to read the number off the cards in peoples pockets etc on youtube.

I really dont see any benifit in these since I will still have to pull the card out and put it on the reader as there are at least 3 other RFID type cards in my wallet for accesscontrol so none of them read while the others are present.

IMO they should seperate the RFID from the card and make it a keychain dongle type thing, no reason at all that it is built into a card.



Admit it, you want a chip in your arm right? 




Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


richms
23681 posts

Uber Geek

Trusted
Subscriber

  #525030 23-Sep-2011 14:20
Send private message

davidcole:

Admit it, you want a chip in your arm right? 


Thought about it a while back, but when it gets compromised as these things do, upgrading would be rather painful. Plus there is some strange reason why I cant just get one RFID loaded onto doors at several different places to do with something about a site code on them, so it wouldnt help with the excess number of cards either.




Richard rich.ms

StarBlazer
961 posts

Ultimate Geek

Trusted

  #525032 23-Sep-2011 14:26
Send private message

I agree with the OP on this. My concern is loss/theft of my wallet. In the hours it takes for you to become aware that you no longer have your credit card, how many tap n' go transactions under $80 could be performed? Sure shops will have CCTV, but the chances are the perps will be out of area on a spending spree. Even then we presume the police have the time to follow up on these grainy pixelated images. It doesn't have to be high value items, just something that could be offloaded easily through TradeMe or Cash Converters.

In the past, banks made you liable for the spending up to the point where you reported the card as lost/stolen. It wouldn't take even a stupid criminal long to run up quite a bill and you would be left holding the debt until you were somehow able to prove that it wasn't you making the purchases. In the meantime you could be left with no cards and no money to buy even food (cue melodramatic swoon).

Unfortunately, the banks or credit card companies are going to force this upon us whether we like it or not which eventually we will have to accept one way or the other. I just hope their fraud protection leans towards the customer and not only their bottom line.





Procrastination eventually pays off.


richms
23681 posts

Uber Geek

Trusted
Subscriber

  #525036 23-Sep-2011 14:33
Send private message

You dont have to accept this, you can choose to cancel your credit card if they force this onto you and you dont want it. I asked a bank and there were no plans to force chip or NFC onto eftpos cards, just the visa/mastercard ones.

Or you could - shock horror - pay with MONEY.




Richard rich.ms

StarBlazer
961 posts

Ultimate Geek

Trusted

  #525053 23-Sep-2011 14:52
Send private message

richms: You dont have to accept this, you can choose to cancel your credit card if they force this onto you and you dont want it. I asked a bank and there were no plans to force chip or NFC onto eftpos cards, just the visa/mastercard ones.

Or you could - shock horror - pay with MONEY.


True - but banks could very quickly introduce those plans.  My debit card from England soon got chips in them - which I thought was great anyway.

Cash?  The strange look you get from shop assistants when you use cash because all of a sudden they have to count the change out to you.  My favourite is the look you get when you present a $20 for a chocolate bar.  The thing is, you will still need a card to get money from the ATM. 

I'll bet you all the tea in China that they won't offer tap 'n' go on the ATM's  - too much risk!!! (you'll probably tell me they already do in America).




Procrastination eventually pays off.


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.