Transaction data stored on Contactless Credit Cards
lists at internetpolicyagency.com
Tue Sep 9 19:45:12 BST 2014
Now that Contactless Credit cards are being used as a way for paying for
travel ticketing (for example by Transport for London getting sent a
series of "swipes" that represent transitioning ticket gates at various
tube stations, then working out what fare to charge as an overnight
batch job) a question arises about what information travelling ticket
inspectors might have access to - if equipped with suitable readers.
When a Contactless Credit card is used, does the protocol include
storing *on the card* details of where and when it was last used (eg:
entering the tube at Kings Cross, 19:38pm today) so that this can be
used to verify that the person proffering the card is apparently
following the rules?
As a secondary issue, does a T&C displayed in TFL's basement behind a
sign saying "beware of the Leopard" have full legal force when people
start using this payment method - specifically the way in which they
claim permission to make unspecified charges in the future.
Or is this also covered by something in the Card Company's T&C with the
user - along the lines of "Your contactless card is in effect a blank
cheque for any merchant you wave it at".
"When you touch your contactless payment card on a yellow
[formerly Oyster -ed] card reader, or a portable card reader
held by staff, you are authorising TfL to charge the cost of
your journey, including any unpaid fares, to your card account."
 FSVO "last", eg just the one most recent, or perhaps the most
recent N transactions.
More information about the ukcrypto