Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
22507 posts

Uber Geek

Trusted
Subscriber

  # 1031655 26-Apr-2014 16:20
Send private message

coffeebaron:
Would be good to see this technology move to standard Debit cards too. I doubt the Dairy's are going to embrace this technology whilst it's still only Credit Card transactions.



If they are told to accept them or lose the ability to take any card, I expect that most would choose to take them. One dairy near here went thru a strange spell where they changed operatoir and had no eftpos for about a week. I went in once and got some stuff not knowing this, put it all on the counter, got the card out and he said no eftpos so I walked out. I expect many people will do that.




Richard rich.ms

2393 posts

Uber Geek

Trusted
Subscriber

  # 1031660 26-Apr-2014 16:27
Send private message

coffeebaron:
richms: Infact the only problem I have with paywave is the lack of universal support of it. Mind you with all the dairys still rocking those dial up terminals which only take the card on their side I think we are a long way off getting NFC capable ones in every place.

Perhaps if the banks were to disconnect any retailer with these dinosaur terminals we would see some better uptake.

Would be good to see this technology move to standard Debit cards too. I doubt the Dairy's are going to embrace this technology whilst it's still only Credit Card transactions.



My ASB Visa Debit card which is attached to my normal cheque account has PayWave. I've had it for a while now. My normal EFTPOS card for the same account however doesn't.

 
 
 
 


28263 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1031743 26-Apr-2014 18:57
One person supports this post
Send private message

Ragnor:
In a world where many things are moving to using 2 factor authentication, a 0 authentication system like pay wave seems absurd.

At the least you should have to hit the ok button on the terminal or you should be able to turn paywave on and off on the card on demand.



Paywave doesn't really have no authentication. Paywave is treated no differently to other EMV transactions where individual retailers may have different risk profiles and can be forced to use a PIN no matter the value. It's also possible to enable the ability to require a PIN randomly while contactless transactions are performed, and run risk profiling which would also require a PIN if transactions looked suspicious, ie 3 $80 transactions within a short timeframe.

People need to remember that credit card fraud with EMV had gone down massively, and Australia which is still years ahead of the rest of the world when it comes to Paywave/Paypass mass adoption has not seen any increase in credit card fraud. Because of this fraud measures such as those mentioned above aren't being used in NZ quite simply because there are no fraud issues occurring at this time on any scale that would warrant them.

The US has never required even a signature on most credit card transactions, if it's below something like $100 at most retailers you just swipe your card and you're done. This is why credit card fraud is so prevalent there because there isn't even a way of stopping it or preventing cloned cards since they don't have a requirement for EMV yet.


Being able to pay without intending too (even by accident) is terrible human interface design


I still fail to see how even an accident can really occur unless somebody is being negligent.



19282 posts

Uber Geek
Inactive user


# 1031746 26-Apr-2014 19:01
Send private message

blakamin: I still can't get over the fear people have of contactless transactions. Especially here, on geekzone.

Mind you, we do have a thread about chemtrails :-/


Classic

2566 posts

Uber Geek


  # 1031747 26-Apr-2014 19:04
Send private message

Idiot:
Ragnor:

In a world where many things are moving to using 2 factor authentication, a 0 authentication system like pay wave seems absurd.

At the least you should have to hit the ok button on the terminal or you should be able to turn paywave on and off on the card on demand.

Being able to pay without intending too (even by accident) is terrible human interface design.

Isn't paywave a one factor authentication for less than $80? You have to have the card to make the transaction. And it's two factor for over $80 (card + pin)?

I'd be more worried about someone taking note of my card details and making online purchases than getting my card and making purchases in stores with paywave. It's much easier for them to get your card details if you have to get your card out of your wallet.


how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?

28263 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1031751 26-Apr-2014 19:10
3 people support this post
Send private message

PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?

I'll let everybody on here onto a little secret that a lot of people are probably unaware of... Did you realise that your credit card contains your full number, name, expiry date and cvv code printed on it? This data is enough to enable somebody to fraudulently make online transactions with your card. How many people consider this when they hand their card over somebody in a retail outlet who would see hundreds of such cards per day and can easily record these details. This is a very high risk area any always has been - fart higher than anything else on here that people are discussing.








4197 posts

Uber Geek

Trusted

  # 1031754 26-Apr-2014 19:11
Send private message

[rant]
Sheesh. Storm. Teacup. Luddites.

I bet you all cried over the buggy whip manufacturers going out of business too!

Don't worry about the risk. Very simple economics takes care of that for you. As soon as the risk is unacceptable to the banks (You know, the businesses that like making money) they will change something... Until then they are telling you that you won't end up out of pocket.

You can whine all you like about the inconvenience, but every time I use contactless payments (and it's 7-10 times a week at least) I smile, both because it's fast, and because there are some people out there that think contactless payments are awful and seemingly one of the signs of the upcoming apocalypse. Every successful transaction I make is another one in the eye for them.

[/rant]

Cheers - N





--

 

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


 
 
 
 


BDFL - Memuneh
64652 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 1031772 26-Apr-2014 19:19
One person supports this post
Send private message

sbiddle:
PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?

I'll let everybody on here onto a little secret that a lot of people are probably unaware of... Did you realise that your credit card contains your full number, name, expiry date and cvv code printed on it? This data is enough to enable somebody to fraudulently make online transactions with your card. How many people consider this when they hand their card over somebody in a retail outlet who would see hundreds of such cards per day and can easily record these details. This is a very high risk area any always has been - fart higher than anything else on here that people are discussing.


People don't need to do much. Idiots post photos of their debt cards on Twitter anyway. Just follow this one to see the constant flow of people doing it... Yes, there's no cure for those. For example:


 

 

 

 





28263 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1031786 26-Apr-2014 19:23
Send private message

And "risk" is the key word here. The entire banking industry revolves around risk, and banks managing that risk. Whether it's the amount of capital they require or managing fraud, every single decision revolves around risk management.

The convenience of Paypass and Paywave far outweigh any risks involved with them, and much of what is being fed to us from media who quote YouTube videos and so called security researchers showing people reading card numbers off cards is FUD. Try that in the real world and put that number on a card and you'll find you'll be able to make precisely one transaction before DDS blocks it.

2566 posts

Uber Geek


  # 1031792 26-Apr-2014 19:28
Send private message

sbiddle:
PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?

I'll let everybody on here onto a little secret that a lot of people are probably unaware of... Did you realise that your credit card contains your full number, name, expiry date and cvv code printed on it? This data is enough to enable somebody to fraudulently make online transactions with your card. How many people consider this when they hand their card over somebody in a retail outlet who would see hundreds of such cards per day and can easily record these details. This is a very high risk area any always has been - fart higher than anything else on here that people are discussing.


Don't they currently 'skim' cards for this info anyway... with paywave they could do this without ever handling your card (and linking where the card has been used seems the only way police seem to be able to narrow down where the skimming occurred anyway)

So I get 'bumped' in the train, they just ripped my card details, walk away, 'clone' it, and then use it wherever/however without needing to authenticate AT ALL unless single-purchasing over the $80?

28263 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1031794 26-Apr-2014 19:30
Send private message

PhantomNVD:
Don't they currently 'skim' cards for this info anyway... with paywave they could do this without ever handling your card (and linking where the card has been used seems the only way police seem to be able to narrow down where the skimming occurred anyway)

So I get 'bumped' in the train, they just ripped my card details, walk away, 'clone' it, and then use it wherever/however without needing to authenticate AT ALL unless single-purchasing over the $80?


Clone it to what and use it where? America? Because you can't use it in NZ because of the chip+pin requirements. You also can't clone it to a NFC card because that's still currently impossible to do.

Regardless of what you do DDS will also kick in because the cloned card won't have the correct sequence key on it.

You're talking about a highly theoretical hack which comes back to... risk.

 



15151 posts

Uber Geek


  # 1031795 26-Apr-2014 19:31
Send private message

sbiddle:
PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?

I'll let everybody on here onto a little secret that a lot of people are probably unaware of... Did you realise that your credit card contains your full number, name, expiry date and cvv code printed on it? This data is enough to enable somebody to fraudulently make online transactions with your card. How many people consider this when they hand their card over somebody in a retail outlet who would see hundreds of such cards per day and can easily record these details. This is a very high risk area any always has been - fart higher than anything else on here that people are discussing.










This is possibly where apples new payment system may come in, to get around these security flaws with those forms of payment. Their next gen range of devices will likely all have finger print readers built in, which is very difficult to fake. All you would need to do is make the payment over the Internet while instore, no need to use scanning technology like that. 

22507 posts

Uber Geek

Trusted
Subscriber

  # 1031798 26-Apr-2014 19:31
Send private message

No it doesn't work like that. The communication with the card is 2 way so you can't just copy them and replay.

Much better than a magstripe which can be replayed again and again.

The sooner the mag stripe goes from cards the better.




Richard rich.ms

2458 posts

Uber Geek


  # 1031802 26-Apr-2014 19:57
Send private message

sbiddle:
PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?


Ah, this is technically possible right now! (Though unlikely)
See http://www.forbes.com/sites/andygreenberg/2012/07/27/hacker-demos-android-app-that-can-read-and-use-a-credit-card-thats-still-in-your-wallet/ 

I seem to recall something where if you could somehow read someones NFC card at the same time as someone else is making a transaction, you could simply proxy the traffic between two phones.
(As in. Terminal -> NFC phone -> Network -> 2nd NFC phone reading victims CC right there and then). This attack is a bit impractical though.


28263 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 1031803 26-Apr-2014 20:00
Send private message

kyhwana2:
sbiddle:
PhantomNVD:
how long do you think it will take before scammers can just walk close/bump you to cop your card details and 'skim' $79.99 a time from your account though... just being near a card to get money from the account is a BAD move I'd say. if i can't be bothered to type my pin, do I really want the product anyway?


Exactly how do you propose they do this? By signing up and getting a merchant account which would immediately be blocked when they tried to do this?


Ah, this is technically possible right now! (Though unlikely)
See http://www.forbes.com/sites/andygreenberg/2012/07/27/hacker-demos-android-app-that-can-read-and-use-a-credit-card-thats-still-in-your-wallet/ 

I seem to recall something where if you could somehow read someones NFC card at the same time as someone else is making a transaction, you could simply proxy the traffic between two phones.
(As in. Terminal -> NFC phone -> Network -> 2nd NFC phone reading victims CC right there and then). This attack is a bit impractical though.



But DDS minimises the risk, as pointed out in the story.



1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.