Contactless bank cards
Roland Perry
lists at internetpolicyagency.com
Wed Nov 17 20:04:45 GMT 2010
In article <20101117165351.GJ2834 at snowy.squish.net>, Jon Ribbens
<jon+ukcrypto at unequivocal.co.uk> writes
>No you haven't, you just said "except if it's cordless" without
>explaining why they don't count for whatever it is we're talking
>about.
In previous postings, I doubted whether there were any Paywave cordless
terminals, and wondered about merchants rubbing such terminals against
random victims.
>> Is a "stand-alone" unit something different?
>
>I meant "stand-alone" as in "not relying on a till to enable the
>transaction". I don't see how it matters if the terminal's connection
>to the bank is wired, WiFi, bluetooth, GSM or whatever.
Because you still have to make a data connection between a card in
someone's pocket the other side of the shop, and the paywave pad on this
terminal.
>As to how you could connect a victim's contactless card to a terminal
>that is "far away", surely it is not hard to conceive of a device
>which you hold near the card which does nothing but receive and
>transmit to the card, and then forward this conversation on via,
>e.g. WiFi, to a terminal further away -
That's the problem I have (and also my answer to Ian Mason's enquiry).
How to make something which imitates an RFID card over a two-way data
link.
>even assuming that for some reason you couldn't put a wireless PDQ
>terminal in your pocket.
See "rubbing against victims" above.
--
Roland Perry
More information about the ukcrypto
mailing list