... wireless pickpocketing era
Sergei Lewis
ukcrypto at chiark.greenend.org.uk
Wed, 09 May 2007 09:29:25 +0100
>Moreover, I've paid for two meals now with no authorisation on my
>credit card: hand it over, they pop it in a machine and hand it
>back.
I've seen tube and train ticket machines around London that work like this too.
>I couldn't convince a Shinkasen ticket machine that claimed to do
>C&P to take my cards last night at Shinagawa station
All the post office machines are happy with a Cirrus C&P card. Don't
know whether they're actually doing C&P or fallback to magstripe though.
>I'm not in Japan :), and I'm a little confused - they pop it in a machine?
>then it isn't a contactless card, I guess.
It's contactless - you're supposed to touch it to a pad, like Oyster,
but it can be read through a wallet. Don't know what the transaction
limit is, but a lot of shops have Suica pads and the top-up machines
have menu options for adding the equivalent of several tens of pounds
to it. Presumably the transaction limit is low enough to make "you're
not paying for what you think you're paying for" attacks not be
worthwhile, or we'd be seeing some by now.
--
Sergei Lewis (who gets digests, so has probably been beaten to saying
all that by other people and hasn't seen it yet)