Contactless VISA Cards
Andrew T
cybergibbons at gmail.com
Fri Sep 25 18:00:25 BST 2009
They've incorporated a clever security feature into the cards, being
that the only thing you could buy with these is 10 copies of the
Evening Standard.
Has anyone seen the terminals in place anywhere else? Why are they
going to considerable expense replacing contact cards with hybrid
contact/contactless?
I've not seen a good analysis of the many security implications of
such a system:
* How does a user ensure that the terminal is genuine? I know that an
Oyster reader is an Oyster reader. I know my buildings card reader is
my companie's card reader. But how do I know if some guy on the street
is genuine or not?
* How are the funds transferred from the terminal to the vendor's
account? Is each payment signed?
* Is there any reconciliation performed at all?
Andrew
On 25/09/2009, Richard Jones <rich at annexia.org> wrote:
> On Fri, Sep 25, 2009 at 07:44:39AM +0100, Peter Tomlinson wrote:
>> Personally, if one of these cards is mailed to me, I will claim that I
>> did not agree to the change and will ask for an old type card. But can
>> those of you who got one tell us if there is an activation process that
>> you have to follow before the contactless interface is enabled?
>
> Not one that I'm aware of, at least, my bank didn't tell me to do
> anything except sign the card.
>
> Having said that, I don't think I've ever seen a retailer who takes
> these sorts of payments either, so I can't test the contactless
> element of the card.
>
> Rich.
>
> --
> Richard Jones
> Red Hat
>
>
--
Sent from my mobile device
Andrew
More information about the ukcrypto
mailing list