Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Baby Get Shaky!
1647 posts

Uber Geek

Trusted
Subscriber

  # 1031804 26-Apr-2014 20:10
One person supports this post
Send private message

mattwnz:

This is possibly where apples new payment system may come in, to get around these security flaws with those forms of payment. Their next gen range of devices will likely all have finger print readers built in, which is very difficult to fake. All you would need to do is make the payment over the Internet while instore, no need to use scanning technology like that. 


It's already been proven just how easy it is to breach the fingerprint protection or iOS and Android devices sporting current finger print technology. It took less than 48 hours for iPhone5s fingerprint reader to be hacked and rendered useless and less than 4 days for Samsung's S5 to have the same fate. Yes, its currently slightly more difficult than swiping someones CC out of their wallet but it's not hard for someone in the know.

Sbiddle has summed things up perfectly IMHO and the "security concerns" around contactless payments has been done before on GZ and flogged to death.



3885 posts

Uber Geek

Subscriber

  # 1031811 26-Apr-2014 21:04

Simple way to increase your card security - Memorise the 3 digit CVV code then scratch it off your card. Means that if someone tries to write down the card details, they can't write down something that is not on the card. Also makes it harder for someone to use it if it gets stolen.

 
 
 
 


gzt

10907 posts

Uber Geek


  # 1031823 26-Apr-2014 22:12
Send private message

Ragnor:At the least you should have to hit the ok button on the terminal or you should be able to turn paywave on and off on the card on demand.

Being able to pay without intending too (even by accident)is terrible human interface design.

Good points there.

The advantage for the consumer in no pin entry and account selection is obvious.

However, the inability to disable benefits only the provider (and merchant service impact to a degree).

15161 posts

Uber Geek


  # 1031839 26-Apr-2014 23:08
Send private message

kingjj:
mattwnz:

This is possibly where apples new payment system may come in, to get around these security flaws with those forms of payment. Their next gen range of devices will likely all have finger print readers built in, which is very difficult to fake. All you would need to do is make the payment over the Internet while instore, no need to use scanning technology like that. 


It's already been proven just how easy it is to breach the fingerprint protection or iOS and Android devices sporting current finger print technology. It took less than 48 hours for iPhone5s fingerprint reader to be hacked and rendered useless and less than 4 days for Samsung's S5 to have the same fate. Yes, its currently slightly more difficult than swiping someones CC out of their wallet but it's not hard for someone in the know.

Sbiddle has summed things up perfectly IMHO and the "security concerns" around contactless payments has been done before on GZ and flogged to death.




Sure, anything is hackable, but in order for them to breach apples system, you need quite elaborate tools. Those systems however will only get better. It is better than having a card, which contains all the details needed to make s purchase visable on it, which a retail worker you could video all the details with a hidden cell phone when they take a customers credit card. 

6358 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 1031844 26-Apr-2014 23:26
Send private message

PhantomNVD: ... if i can't be bothered to type my pin, do I really want the product anyway?


Think small purchases like (yes I'm biased here) coffee and a muffin from your local cafe.  If you're in a rush, speed is a great thing.

3102 posts

Uber Geek

Trusted
Subscriber

  # 1032074 27-Apr-2014 15:14
Send private message

richms: No it doesn't work like that. The communication with the card is 2 way so you can't just copy them and replay.

Much better than a magstripe which can be replayed again and again.

The sooner the mag stripe goes from cards the better.


Even with magstripes, the risk can be minimised.  E.g. BNZ credit cards, did you know that every time you insert it into a BNZ ATM, the ATM will actually rewrite the magstripe with new details, and then invalidate the old ones across the network?  Obviously this is useless against someone cloning the details so they can get the card number (which is encoded in the clear, as opposed to NFC where it is encrypted).

To be honest, I would be more worried about someone getting close enough to clone your passport (which is also NFC) and signing up for infinite credit cards than someone cloning the credit card.

856 posts

Ultimate Geek


  # 1032163 27-Apr-2014 19:04
Send private message

Kyanar: To be honest, I would be more worried about someone getting close enough to clone your passport (which is also NFC) and signing up for infinite credit cards than someone cloning the credit card.


As I understand it, passports work off a challenge-response basis.  You need to know the passport number, DOB and one or two other details to actually decrypt the data from the passports, which is the main reason you need to insert your passport into the Smartgate machines, - the only way a machine can get this data is by reading the machine-encoded data along the bottom of the cover page.

Additionally, some passports apparently (according to Wikipedia anyway) have shielding in the cover pages now to create a mini Faraday cage it seems.

Some reading:  3rd to last Q on http://travel.state.gov/content/passports/english/passports/FAQs.html and http://en.wikipedia.org/wiki/Biometric_passport which also includes fancy diagrams.

 
 
 
 


2122 posts

Uber Geek

Trusted

  # 1035391 2-May-2014 12:36
Send private message

Well I tried out paypass today buying some Sushi for lunch. I'd estimate my distance from the terminal at 4-5 cm, so next time I'm going to try being a bit further way.




Generally known online as OpenMedia, now working for Red Hat APAC a Technology Evangelist and Product Manager. Still playing with MythTV and digital media on the side.


Banana?
4855 posts

Uber Geek

Subscriber

  # 1035444 2-May-2014 14:00
Send private message

I love Paywave. Use it whenever I can, not had an issue.

I can't stand Countdown's pinpad placement. If you are using EFTPOS, you need to hold the wobbly pinpad with one hand, and swipe/enter PIN with the other. I hold the Pinpad with the hand my wallet is in, I am waiting for the day it reads a paywave card from inside my wallet before I have swiped my EFTPOS card. Hasn't happened yet, but I am aware of it and try to keep the wallet away.

Why can't they tighten up the pinpads so they don't flop around everywhere? It is all Countdowns (at least all I have been to).

2157 posts

Uber Geek


  # 1035580 2-May-2014 16:23
Send private message

Kyanar:
richms: No it doesn't work like that. The communication with the card is 2 way so you can't just copy them and replay.

Much better than a magstripe which can be replayed again and again.

The sooner the mag stripe goes from cards the better.


Even with magstripes, the risk can be minimised.  E.g. BNZ credit cards, did you know that every time you insert it into a BNZ ATM, the ATM will actually rewrite the magstripe with new details, and then invalidate the old ones across the network?  Obviously this is useless against someone cloning the details so they can get the card number (which is encoded in the clear, as opposed to NFC where it is encrypted).

To be honest, I would be more worried about someone getting close enough to clone your passport (which is also NFC) and signing up for infinite credit cards than someone cloning the credit card.


the NFC isnt encrypted though

I was able to get my name and card number and maybe even the expiry date using my phone

22519 posts

Uber Geek

Trusted
Subscriber

  # 1035644 2-May-2014 18:25
One person supports this post
Send private message

You can't get the csc off the back of the card and any merchant that accepts cards without it deserves to be ripped off.




Richard rich.ms

15161 posts

Uber Geek


  # 1035650 2-May-2014 18:42
Send private message

I have heard that in the US, people go around with hidden scanners, scanning people handbags, and wallets. Not sure if ther eis security to stop that, but a pretty big flaw if true.

2157 posts

Uber Geek


  # 1035797 2-May-2014 23:58
Send private message

richms: You can't get the csc off the back of the card and any merchant that accepts cards without it deserves to be ripped off.


Except its not the merchant that gets ripped off its the card holder

2157 posts

Uber Geek


  # 1035810 3-May-2014 01:12
Send private message

freitasm: The cardholder is protected by the bank/credit card company.



True, but surely the card number shouldnt be readable by anyone with an NFC enabled phone

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.