Transaction data stored on Contactless Credit Cards
Roland Perry
lists at internetpolicyagency.com
Tue Sep 9 19:45:12 BST 2014
Now that Contactless Credit cards are being used as a way for paying for
travel ticketing (for example by Transport for London getting sent a
series of "swipes" that represent transitioning ticket gates at various
tube stations, then working out what fare to charge as an overnight
batch job) a question arises about what information travelling ticket
inspectors might have access to - if equipped with suitable readers.
When a Contactless Credit card is used, does the protocol include
storing *on the card* details of where and when it was last[1] used (eg:
entering the tube at Kings Cross, 19:38pm today) so that this can be
used to verify that the person proffering the card is apparently
following the rules?
As a secondary issue, does a T&C displayed in TFL's basement behind a
sign saying "beware of the Leopard" have full legal force when people
start using this payment method - specifically the way in which they
claim permission to make unspecified charges in the future.
Or is this also covered by something in the Card Company's T&C with the
user - along the lines of "Your contactless card is in effect a blank
cheque for any merchant you wave it at".
"When you touch your contactless payment card on a yellow
[formerly Oyster -ed] card reader, or a portable card reader
held by staff, you are authorising TfL to charge the cost of
your journey, including any unpaid fares, to your card account."
[1] FSVO "last", eg just the one most recent, or perhaps the most
recent N transactions.
--
Roland Perry
More information about the ukcrypto
mailing list