Shitipedia: C is for Contactless Card Wallets

One of the things I love about marketing men is that they invent a problem that you didn’t know you had and then sell you a product to solve it. Ingenious, isn’t it?

Take, for example, Near Field RFI Connection commonly known as contactless. Some bright spark incorporated it into credit and debit cards to avoid the necessity of placing the card into the reader and entering a PIN number. This is, of course, massively inconvenient so now you just wave your card at the reader and it takes the money.

Fantastic! A perfect example of technology being used to do something totally unnecessary just because it can be done. But I digress because here comes the problem we didn’t know we had. Crooks can simply wander up to you with a reader and steal your money just by standing next to you. What shall we do? Well, thankfully we’ve identified the problem and come up with an appropriate solution.

Enter the RFI proof card wallet to keep your contactless cards in. Brilliant! Cards we don’t wan’t using technology we don’t need protected by special wallets that would otherwise be unnecessary.

All yours in a selection of colours for a mere £9.99 or 2 for £14.99. I kid you not.

Wouldn’t it have been cheaper and easier just to give the user the option of a Chip and PIN car instead? Oh, but I forgot the other marketing man’s mantra : it’s all been done for your convenience…

Advertisements

9 responses to “Shitipedia: C is for Contactless Card Wallets

  1. Absolutely spot on! Is there any real evidence that credit card fraud has been reduced by the introduction of chip and pin? As for this RFI bollocks, what can I say, other than it's a criminals dream come true? The older I get the more I think my dad's got it right when he says things were better when we used “pen and paper” and kept information written down rather than in digital formats.

    On a slightly similar note, I had cause recently to get hold of a single €50 note. I went to the post office to obtain one and asked if I could pay using my debit card. The girl said that I would need another form of identification due to “money laundering”. When I offered to pay with cash she said that would be okay and I would not require any proof of ID – go figure!

  2. Bankers are phasing out chip and pin for all bank cards. They want us all to get used to the contactless method of payment. The next stage is getting us familiar not using cash by phasing that out too. When we are a cashless society, the government will start phasing in oh so convenient chip and pin of humans to replace the bank cards (just wave your arm, with the embedded micro-chip in it, at the contactless pay point to purchase your shopping). The banks will also start to phase out the use of bank cards and finally end them.

    You heard it from me first.

  3. Mick Anderson

    It should be possible to configure the semiconductor in the cards to disable the RFid function – at the very least the protocol could be tweaked so that the card couldn't be recognised. If the banks wanted to, they could update the ATMs so that we can turn the function on or off as required. I sometimes have this argument with the bank when they send me a replacement card with RFid in it.

    The banks claim that the system is fraud-limited because you can only spend up to a limit of £20 by contactless payment. However, that assumes that the only type of reader in existence is owned by genuine, honest retailers. They don't seem to care that anyone standing next to you in a bus queue could rip off all the cards in your pocket and use the data elsewhere.

    I did consider x-raying my cards and drilling out the antenna to disable the RFid, although then all the cards would look distinctly dodgy and would probably end up being refused whenever offered.

    There was a signature recognition system developed in the mid-eighties that required you to sign on a pad. This not only looked at the shape of your mark, but the speed and style that it was done. It was very good at weeding out forgeries, and didn't often decline genuine signatures. I understand that it wasn't rolled out because it would not have been practical to implement it world-wide. Far more secure than RFid or chip-and-pin, though.

  4. To prevent bank card thieving and fraud the chip and pin method should be a scanner system with a two stage log in. Enter your pin AND then press your thumb on the screen for a print scan. As part of the process to apply for and get accepted for a new bank card you go to any bank or post office with ID to get your thumb print scanned and registered on your bank card account, before it can be activated. The savings to be made with resultant less fraud will off set the costs of setting up and running the new thumb print security system.

    But that's too much security for the greedy banker-owners who are themselves thieves and fraudsters..

  5. Mick Anderson

    If you're not careful you can wind up with a system that is so “secure” that if it goes wrong you are completely fubar'd. What happens when someone hacks into the bank computers and corrupts all the fingerprint records? What about the simple ways of forging thumbprints with impressions made out of Gummy Bears or a simple photograph?

    Chip-and-pin isn't especially secure, but it's good enough for the public to tell the banks that any fraud is their responsibility assuming we've taken reasonable precautions, ie. not writing the PIN number on the card.

  6. There ain't no such thing as “too secure” when it comes to protecting money and people's private information.

    If the too secure banking system develops a gremlin and closes itself down, then tough, it's just like a London Tube train drivers strike – millions of people are seriously inconvenienced for a short period, but still manage to get on with their lives without the transport service. Ditto a banking service.

    No, I didn't think through the scanner security system properly and realise the negatives such as hacking into the program software to steal data or the criminal's art of finger-printing forgery.

    How about “eye” scans then? – I'm, this time, just suggesting an idea knowing I have not thought through it.

  7. Mick Anderson

    I'm betting that all of my cards have a thumbprint on them somewhere just from normal handling….

    As for eye prints, what about when you have conjunctivitis, or bloodshot eyes from a heavy night? Different contact lens prescription? Or a lens with a fake print? Some opticians take photos during an eye exam for future comparison. Seems to me that they are anticipating change….

    How about DNA testing everyone? Well, for a start there are different grades of DNA testing, and the more robust ones take longer and cost more money. Do you fancy waiting two days for your cash at an ATM while the results come in? And all those unnecessary injections to draw blood are bound to cause infections.

    Anything that can be invented can be defeated, either accidentally or by the Ungodly.

    The thing is that you are contradicting yourself in asking for both money and private information to be “completely” protected. In order to unlock your money you have to give up something private. At the moment it's a simple PIN, but if you just pinch my wallet you only have a 3/10000 chance of guessing the number before an ATM keeps the card (yes, I do know about the things they stick on the front of the machines). You're more likely to have luck with a foreign mail order transaction, but what are you going to buy that isn't delivered to your address?

    The weakest link in the chain is probably that cards are accepted all over the world simply by giving a matching string of numbers. How are you going to make that completely secure? You'd have to start by banning all internet and mail-order purchases just because you wouldn't have the necessary technology to prove you were the correct card-holder in every home. Even if you have a foolproof way to persuade your computer who you are, what's to stop the certificate from being intercepted on its electronic way around the internet?

    If my PIN numbers are discovered (good luck with that, they're not written down) I can change them. I can't change my fingerprint, eye-print or DNA if those are cloned or the records are corrupted.

    As for whether people are prepared to put up with being locked out of their bank accounts by over-secure systems, look at the abuse dished out to HSBC today about IT problems, or the longer time that NatWest caused problems for.

    There is a simple way to stop people from stealing your money – don't have any to take.

  8. Good informative information and wisdom from you Mr Anderson, Thank you.

    I'll work on my contradiction weakness…

    Although I hate private bankers for their thieving usary and monetary systems. I can not complain about their mistakes, because I use them (and their products) out of free choice for my own convenience. Complaining about their long time to resolve such things as IT problems would be hypocritical. I should really go with things like cryptocurrency Bitcoin or Credit Union banks where my money will be with a not-for-profit enterprise.

    In the end banking, bank cards and money is all about trust. And nobody should trust their money to a butch of hidden banker owner strangers.

  9. Can't remember which film it was (I refuse to say movie. Fucking Amricanism!) but there was a vault which checked iris recognition to allow entry. The villains killed the bloke and cut out his eye so they could present it to the scanner and get access.

    I used to think that a thumbprint was a pretty safe idea until I saw that and realised that someone could just cut it off…