Transaction data stored on Contactless Credit Cards

Roland Perry lists at
Tue Sep 9 19:45:12 BST 2014

Now that Contactless Credit cards are being used as a way for paying for
travel ticketing (for example by Transport for London getting sent a
series of "swipes" that represent transitioning ticket gates at various
tube stations, then working out what fare to charge as an overnight
batch job) a question arises about what information travelling ticket
inspectors might have access to - if equipped with suitable readers.

When a Contactless Credit card is used, does the protocol include
storing *on the card* details of where and when it was last[1] used (eg:
entering the tube at Kings Cross, 19:38pm today) so that this can be
used to verify that the person proffering the card is apparently
following the rules?

As a secondary issue, does a T&C displayed in TFL's basement behind a
sign saying "beware of the Leopard" have full legal force when people
start using this payment method - specifically the way in which they
claim permission to make unspecified charges in the future.

Or is this also covered by something in the Card Company's T&C with the
user - along the lines of "Your contactless card is in effect a blank
cheque for any merchant you wave it at".

        "When you touch your contactless payment card on a yellow
        [formerly Oyster -ed] card reader, or a portable card reader
        held by staff, you are authorising TfL to charge the cost of
        your journey, including any unpaid fares, to your card account."

[1] FSVO "last", eg just the one most recent, or perhaps the most
    recent N transactions.
Roland Perry

More information about the ukcrypto mailing list