A2H GO
Member
Registered: 14th Sep 04
Location: Stoke
User status: Offline
|
Pretty cool, not sure they've understood no one swipes cards anymore...
https://onlycoin.com
[Edited on 15-11-2013 by A2H GO]
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Everyone in America swipes cards.
|
Russ
Member
Registered: 14th Mar 04
Location: Armchair
User status: Offline
|
quote:
Originally posted by John
Everyone in America swipes cards.
|
A2H GO
Member
Registered: 14th Sep 04
Location: Stoke
User status: Offline
|
Really? And they bang on about being at the forefront of technology.
|
Kyle T
Premium Member
Registered: 11th Sep 04
Location: Selby, North Yorkshire
User status: Offline
|
Most places in the US don't take your PIN (or a signature) for less than $50, so they just swipe your card and you're off.
Lotus Elise 111R
Impreza WRX STi
|
A2H GO
Member
Registered: 14th Sep 04
Location: Stoke
User status: Offline
|
I guess our chip makes something like this impossible over here. 
|
Gary
Premium Member
Registered: 22nd Nov 06
Location: West Yorkshire
User status: Offline
|
Whys that?
|
Nic Barnes
Member
Registered: 5th Apr 04
Location: nowhere near ginger people
User status: Offline
|
You don't use a pin at maccys with the touch card to screen thing.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
That's different from swiping.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by A2H GO
I guess our chip makes something like this impossible over here.
Apparently they're working on a EMV/Chip'n'Pin variant, so it should work over here if it manages to pass regulations.
Like the idea, although it'd be nice to see some form of wireless rechargeable battery implemented and security seems to be key issue especially when the FAQ starts mentioning "our servers" 
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Nic Barnes
You don't use a pin at maccys with the touch card to screen thing.
You mean, contact-less payments?
|
A2H GO
Member
Registered: 14th Sep 04
Location: Stoke
User status: Offline
|
quote:
Originally posted by Dom
quote:
Originally posted by A2H GO
I guess our chip makes something like this impossible over here.
Apparently they're working on a EMV/Chip'n'Pin variant, so it should work over here if it manages to pass regulations.
Like the idea, although it'd be nice to see some form of wireless rechargeable battery implemented and security seems to be key issue especially when the FAQ starts mentioning "our servers"
How does it communicate with their servers, via your phone? So leave your phone at home and you can't buy anything? No signal and you can't buy anything?
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by A2H GO
quote:
Originally posted by Dom
quote:
Originally posted by A2H GO
I guess our chip makes something like this impossible over here.
Apparently they're working on a EMV/Chip'n'Pin variant, so it should work over here if it manages to pass regulations.
Like the idea, although it'd be nice to see some form of wireless rechargeable battery implemented and security seems to be key issue especially when the FAQ starts mentioning "our servers"
How does it communicate with their servers, via your phone? So leave your phone at home and you can't buy anything? No signal and you can't buy anything?
No, once programmed (stores 8 cards apparently) it works standalone but obviously without a phone then the bluetooth 'security' feature won't work.
You have to sign up for an account with them, no quite sure why but it's a bit fishy considering they they mentioned 256bit encryption with the servers in the FAQ - makes you wonder if your card details are stored remotely 
[Edited on 15-11-2013 by Dom]
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
Encrypted stuff clearly isn't secure any more anyway depending on who wants to look at it. Could see the NSA collecting their metadata straight from the internet connection wherever Coin servers are hosted.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by John
Encrypted stuff clearly isn't secure any more anyway depending on who wants to look at it.
I'd say that's quite a broad statement.
Certainly if the encryption protocol is broken or has a 'backdoor' implemented then you've got issues from the get-go. Otherwise with encrypted connections you're open to MITM attacks or backdoors at server or client ends (as well as brute forcing but that's last resort).
I'd say encryption, depending on protocol, outside of the internet is mostly secure (ie - using TrueCrypt; although there's now a project to get it independently audited for reassurance) and unless the systems used to encrypt/decrypt are 'open' or the used protocol is broken then brute forcing is about your only option.
It could be completely trivial but it does sound a little odd them mentioning encrypted connections to their servers.
|
pow
Premium Member
Registered: 11th Sep 06
Location: Hazlemere, Buckinghamshire
User status: Offline
|
Why could anything think it's a good idea to store their credit card numbers on someone elses server? 
[Edited on 15-11-2013 by pow]
|
Doug
Member
Registered: 8th Oct 03
User status: Offline
|
You should just assume that no technology is truly secure. There are some that are more secure than others simply due to the complexities of exploiting them, but everything can be cracked.
Contactless has been exploited so if I am in USA (esp in a big city) I keep them in a little faraday pouch so limit the risk.
|
Doug
Member
Registered: 8th Oct 03
User status: Offline
|
I should explain why I mention USA. It's because you can read the cards mag stripe data wirelessly with a skimmer and then clone a fake card. In USA the card just gets swiped so no need to have to clone a chip and pin thing. Real security risk really.
|
Dom
Member
Registered: 13th Sep 03
User status: Offline
|
quote:
Originally posted by Doug
....read the cards mag stripe data wirelessly....
That's a new one; you can skim contactless cards due to the RFID but never heard of skimming the mag strip remotely before.
|
Ian
Site Administrator
Registered: 28th Aug 99
Location: Liverpool
User status: Offline
|
I thought the US were behind, no chip and PIN, just took signatures.
Not given a signature in the UK for years.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
quote:
Originally posted by Dom
quote:
Originally posted by Doug
....read the cards mag stripe data wirelessly....
That's a new one; you can skim contactless cards due to the RFID but never heard of skimming the mag strip remotely before.
Definitely what Dom says, can't read the magstripe data like that.
|
Doug
Member
Registered: 8th Oct 03
User status: Offline
|
Poor choice of wording on my behalf, yes it can be read via RFID. It is a wireless technology but was not a great descriptor of the process.
|
Doug
Member
Registered: 8th Oct 03
User status: Offline
|
The contents of the mag strip are stored in the contact less RFID chip. So in USA when you capture someone's RFID data you can clone the card and use it as a traditional swipe card as they don't ask for a chip and pin transaction.
|
Cole
Member
Registered: 11th Nov 02
Location: eastbourne Drives:zafira sold now a qashqai
User status: Offline
|
Doug your knowledge amazes me.
|
John
Member
Registered: 30th Jun 03
User status: Offline
|
That's pretty common knowledge.
|
