Jump to content


Attention: In order to reply to messages, create topics, have access to other features of the community you must sign up for an account.
Sign in to follow this  
Nick

contactless fare system overuse prevention

Recommended Posts

Contactless fare payment is due to come. PATH introduced something like it a few years ago and I found it deducting additional fares. While they said you had to put the card on the reader, I experimented (when I wanted to ride anyway) with books totaling 700 pages and four hard covers and the turnstile read my PATH card through all of that and let me through. Excess deductions were always pleasantly refunded by personnel on walk-around duty at every station and wearing easy-to-see red jackets, but I doubt the MTA will provide that. I asked PATH how to prevent overuse and got no useful answer. I asked the MTA how I should prevent deducting for too many rides in a single use and whether I'd need a pocket Faraday cage. The MTA replied that they don't have an answer yet but someone will see my concern. While PATH cards, at least at the beginning, were all for specific numbers of rides, the MTA, I imagine, will have both pay-per-ride and unlimited ride formats, and I use unlimited, but I wouldn't want to see "JUST USED" if I didn't intend to use the card and now can't. Does anyone have any suggestions in this regard, either on how I handle my own fare card or in how to persuade the MTA to consider this issue and not just use it as a way to increase revenue without our knowing why our cards are not lasting as long as we paid for?

Share this post


Link to post
Share on other sites

4 minutes ago, Nick said:

Contactless fare payment is due to come. PATH introduced something like it a few years ago and I found it deducting additional fares. While they said you had to put the card on the reader, I experimented (when I wanted to ride anyway) with books totaling 700 pages and four hard covers and the turnstile read my PATH card through all of that and let me through. Excess deductions were always pleasantly refunded by personnel on walk-around duty at every station and wearing easy-to-see red jackets, but I doubt the MTA will provide that. I asked PATH how to prevent overuse and got no useful answer. I asked the MTA how I should prevent deducting for too many rides in a single use and whether I'd need a pocket Faraday cage. The MTA replied that they don't have an answer yet but someone will see my concern. While PATH cards, at least at the beginning, were all for specific numbers of rides, the MTA, I imagine, will have both pay-per-ride and unlimited ride formats, and I use unlimited, but I wouldn't want to see "JUST USED" if I didn't intend to use the card and now can't. Does anyone have any suggestions in this regard, either on how I handle my own fare card or in how to persuade the MTA to consider this issue and not just use it as a way to increase revenue without our knowing why our cards are not lasting as long as we paid for?

The MTA would take forever to address your problem. Build your own Faraday cage.

  • Upvote 1

Share this post


Link to post
Share on other sites

99.9% of the time when people get multiple fares deducted when trying to enter the system, happen because they don’t read the display of the turnstile and they tape their card too many times. 

Share this post


Link to post
Share on other sites
16 hours ago, Nick said:

Contactless fare payment is due to come. PATH introduced something like it a few years ago and I found it deducting additional fares. While they said you had to put the card on the reader, I experimented (when I wanted to ride anyway) with books totaling 700 pages and four hard covers and the turnstile read my PATH card through all of that and let me through. Excess deductions were always pleasantly refunded by personnel on walk-around duty at every station and wearing easy-to-see red jackets, but I doubt the MTA will provide that. I asked PATH how to prevent overuse and got no useful answer. I asked the MTA how I should prevent deducting for too many rides in a single use and whether I'd need a pocket Faraday cage. The MTA replied that they don't have an answer yet but someone will see my concern. While PATH cards, at least at the beginning, were all for specific numbers of rides, the MTA, I imagine, will have both pay-per-ride and unlimited ride formats, and I use unlimited, but I wouldn't want to see "JUST USED" if I didn't intend to use the card and now can't. Does anyone have any suggestions in this regard, either on how I handle my own fare card or in how to persuade the MTA to consider this issue and not just use it as a way to increase revenue without our knowing why our cards are not lasting as long as we paid for?

The farepayment entry process is a dual component implementation.  The passenger applies their fare, then enters the system via turnstile, high entry exit turn style, or service gate. 

As of right now, the system is a combination of digital and analog circuit allowing access.  The digital circuit comprises of how the passenger applies their faremedia to the entry access, the analog circuit comprises of how the passenger enters the system.

The superior solution would be to prevent the digital circuit from reading and deducting a fare from the faremedia until the analog circuit has been completed.  It sounds simple on paper, however there are two major pitfalls to consider.

1. The technology used is currently outdated and how much would it cost, if it can even be done, to apply this new function to technology about to be tossed wayside?

2. How can they accomodate emergency or employee access which often times needs immediate multiple persons to enter through a limited ingress/egress site?

We can foresee the change of the digital technology, however are they ready to remove and install a new analog circuit that will ultimately change the accessibility behaviour of nearly 6 million daily riders?  

Edited by Dave2836

Share this post


Link to post
Share on other sites

@INDman, you're right about not checking the feedback, although not in my case with PATH, because they had changed the feedback signal and even after I knew the signal extra deductions still happened because I had the card a distance from the machine before I was going to swipe and I'd get the feedback when I didn't think the card would register. One turnstile was broken, deducting 7 times before acknowledging only one (the 6 were refunded).

@CenSin, it's annoying, but you're likely right on the money.

@Dave2836, nice, but I'm not sure that would cope with a premature deduction or a deduction because you walk past a machine with a card in your hand but not swiping (I might have my wallet in my hand). I suppose they could design into a new system even if they don't into today's contact-based system. I don't know if an employee needs to be able to let unrecoognized people enter fast, but emergency people (medics, police, fire, & MTA executives) do, and perhaps there could be a supercard that one emergency person could use to let entry systems let everyone in with a risk that after everyone intended to be let in is let in other people could follow without permission or payment, but perhaps nonuse of an entry for a period (say 2 minutes) would end the supercard's particular use. Logging and supercard expiration/replacement (with overlapping terms) would add security but only if the fare system is reliably connected to an authoritative database of supercards.

Share this post


Link to post
Share on other sites

On a side note, I love that you can log in and check your card's balance and see where you swiped. I remember one time I thought they deducted an extra fare from me, but I checked the card and saw where and when all the swipes took place and it turns out they took out the right amount. 

I never used it, but I see they also offer web-based replenishment, so you don't have to stop by a machine as you're rushing for your train.

Share this post


Link to post
Share on other sites
On 4/14/2018 at 3:53 PM, Nick said:

Contactless fare payment is due to come. PATH introduced something like it a few years ago and I found it deducting additional fares. While they said you had to put the card on the reader, I experimented (when I wanted to ride anyway) with books totaling 700 pages and four hard covers and the turnstile read my PATH card through all of that and let me through. Excess deductions were always pleasantly refunded by personnel on walk-around duty at every station and wearing easy-to-see red jackets, but I doubt the MTA will provide that. I asked PATH how to prevent overuse and got no useful answer. I asked the MTA how I should prevent deducting for too many rides in a single use and whether I'd need a pocket Faraday cage. The MTA replied that they don't have an answer yet but someone will see my concern. While PATH cards, at least at the beginning, were all for specific numbers of rides, the MTA, I imagine, will have both pay-per-ride and unlimited ride formats, and I use unlimited, but I wouldn't want to see "JUST USED" if I didn't intend to use the card and now can't. Does anyone have any suggestions in this regard, either on how I handle my own fare card or in how to persuade the MTA to consider this issue and not just use it as a way to increase revenue without our knowing why our cards are not lasting as long as we paid for?

This is actually considered a feature, not a bug.

In Hong Kong so much time is saved because instead of fumbling out a pocketbook or what have you, you can literally just have the card detected through a gigantic Louis Vuitton purse full of crap.

Share this post


Link to post
Share on other sites

@bobtehpanda: Feature to some. Bug to some. Say a parent buys the cards for the family and is carrying them while near a turnstile. What card gets deducted from? All the cards? My guess is that Faraday-cage wallets should become common but won't. I didn't see them at PATH station newsstands, at least not prominently. It'll be a specialty item found on the Internet and a few upscale stores (I think some passports have a similar problem of remote readability but threatening personal security), because by the time a MetroCard Faraday cage would be in enough demand for popular sales the MTA would have been hearing lots of complaints about the cards, and if contactless works elsewhere well enough for most people it probably will for the MTA, too, and it'll mainly be watchful cheapskates like me who'll kick in for a Faraday cage or make one.

@checkmatechamp13: But challenging a deduction for a ride because you didn't ride is likely going to be nearly impossible in most cases, unless you're still outside the turnstile, like the case today.

Share this post


Link to post
Share on other sites
Just now, Nick said:

@bobtehpanda: Feature to some. Bug to some. Say a parent buys the cards for the family and is carrying them while near a turnstile. What card gets deducted from? All the cards? My guess is that Faraday-cage wallets should become common but won't. I didn't see them at PATH station newsstands, at least not prominently. It'll be a specialty item found on the Internet and a few upscale stores (I think some passports have a similar problem of remote readability but threatening personal security), because by the time a MetroCard Faraday cage would be in enough demand for popular sales the MTA would have been hearing lots of complaints about the cards, and if contactless works elsewhere well enough for most people it probably will for the MTA, too, and it'll mainly be watchful cheapskates like me who'll kick in for a Faraday cage or make one.

@checkmatechamp13: But challenging a deduction for a ride because you didn't ride is likely going to be nearly impossible in most cases, unless you're still outside the turnstile, like the case today.

The technology has existed for 20+ years at this point. Clearly the rest of the world is fine with the outcome.

(Hong Kong's Octopus card was introduced in 1997, the same year as Metrocard.)

Share this post


Link to post
Share on other sites

The MTA partnered with the same company that does London's OysterCard. There, the only issue is if you have the oystercard and another contactless credit card in the same wallet it can potentially read them both. 

Hopefully, they contract the vendor for customer service and maintenance as well in which case service will almost assuredly be better. 

 

Share this post


Link to post
Share on other sites
On 4/16/2018 at 4:31 PM, Nick said:

......Say a parent buys the cards for the family and is carrying them while near a turnstile. What card gets deducted from? All the cards? ........

 

The answer is none of them. The system knows if multiple cards stack on each other. 

Share this post


Link to post
Share on other sites

@HenryB, okay; at least that should reduce that particular risk. I assume it doesn't matter how the cardholder stacks them but only that the machine detects multiple cards, but I guess that would still be a problem if a user has one card in a front pocket and another in a briefcase (e.g., an employer's card), only the wrong one is detected, and so the wrong one gets charged because the user doesn't understand how the system works (most users won't). I guess it's a Faraday cage for me.

Share this post


Link to post
Share on other sites

Worth noting you shouldn't need much of a faraday cage. A simple anti-static bag should do. We're talking about miniscule amounts of flux and negligible dBmv on the RF front. 

Furthermore, the readers are going to support two standards, one within the bounds of NFC and the other RFID. NFC or "Near Field Communications" is what a phone or watch or other POWERED device uses to talk to a contactless credit card reader. 

RFID is quite similar, and generally you see this deployed in an ARPT configuration or "Active Reader Passive Tag". A tuned coil in the reader induces a charge in a similarly tuned coil in the tag, which then has power and transmits a code at a specific frequency.

Most of what we're talking about here is RFID, since NFC devices generally require user interaction to transmit their unique code. 

RFID readers can be tightly controlled. If you want, say, a 6 inch box in front of the reader with a spread angle of 15deg, no problem. You can tightly define the read area. 

I don't think a card in your pocket will be errantly read, though if you have a stack of cards in your wallet, that might be an issue - this is solvable in software. 

 

  • Like 1

Share this post


Link to post
Share on other sites
On 4/21/2018 at 5:21 AM, itmaybeokay said:

Worth noting you shouldn't need much of a faraday cage. A simple anti-static bag should do. We're talking about miniscule amounts of flux and negligible dBmv on the RF front. 

Furthermore, the readers are going to support two standards, one within the bounds of NFC and the other RFID. NFC or "Near Field Communications" is what a phone or watch or other POWERED device uses to talk to a contactless credit card reader. 

RFID is quite similar, and generally you see this deployed in an ARPT configuration or "Active Reader Passive Tag". A tuned coil in the reader induces a charge in a similarly tuned coil in the tag, which then has power and transmits a code at a specific frequency.

Most of what we're talking about here is RFID, since NFC devices generally require user interaction to transmit their unique code. 

RFID readers can be tightly controlled. If you want, say, a 6 inch box in front of the reader with a spread angle of 15deg, no problem. You can tightly define the read area. 

I don't think a card in your pocket will be errantly read, though if you have a stack of cards in your wallet, that might be an issue - this is solvable in software. 

 

That's an interesting comment. Why would you say RFID will be used for payment? NFC is used on contactless Credit/debit/transit cards not RFID. It is the same as the NFC used in phones. If it is anything like the TFL underground system in London then it is NFC. I'd be interested to see documents showing the NYC Transit system will be using RFID?

 

Taking payment from an alternate card than the one you intend is a probability. Generally having multiple cards together can affect the reader, it can display a read error, however it can depend on the card and reader. These cards are mass produced they aren't particularly tuned (certainly the cards aren't) you can therefore encounter a situation where you have two cards same bank for example and one will read 5cm (2") from the terminal and the other 1cm (1/2"). Whilst in theory multiple cards can present read issues, if one is more sensitive (ie the card reading at 5cm) it can interact with the reader before the second card has had chance to power up and respond. Relying upon multiple cards to somehow shield you is not recommended.

Equally yes a static shield which some like to call a faraday cage (which it is not strictly) is a way to shield your card, the issue comes when you want to use your card. You have to remove it from the shielding to allow it to work..

The idea of contactless NFC payments is speed convenience, a system to replace cash electronically. Unfortunately NFC is based on technology not originally designed for payment systems, thus the security is limited and it is run by the banks on a loss reward basis, they figure the losses are mitigated by the rewards and underwrite the losses themselves to get the system adopted.

 

In the UK London making the Undeground (subway) contactless spurred a significant uptake in contactless as an accepted payment platform, I am sure the same will result from NYC Transit adopting the same. The issue is the same here as there:

How do you truly make the payment operation safe, secure and fast?  

Getting your phone out and ready to pay, time, authorising the phone to make payment, ensuring you have enough battery power at the end of the day to get you home....

Using an NFC bank card, taking out of your wallet or purse to place it on the reader, then putting it back, is not a singlehanded operation, it leaves your card vulnerable to theft in your hand If it is safe in a RFID secure wallet you would have to take it out or place it in a pocket that isn't protected (kind of defeats the point of having the protected wallet?) what if you don't want to use that card but a different one you'd have to swap it again a two handed operation and time..

 

For Contactless payments to truly be effective we don't want to be worrying about lack of batteries, we need the card to be safe until the moment of payment. It needs to be able to make a payment single handedly so whilst holding a coffee or your phone with the other hand, and it needs to be fast, no good fumbling around at the terminal with fellow commuters backing up behind you! and you want to immediately decide between the two cards you could pay with at the last moment...

That's making a payment that gives choice, security from miss-reading or cloning, can be carried out singlehanded in either hand and fast.. plus no batteries to worry about! Then we would have something that is both easy and safe to use which makes it convenient..

Share this post


Link to post
Share on other sites
On 7/24/2018 at 9:59 AM, RFIDSecur said:

That's an interesting comment. Why would you say RFID will be used for payment? NFC is used on contactless Credit/debit/transit cards not RFID. It is the same as the NFC used in phones. If it is anything like the TFL underground system in London then it is NFC. I'd be interested to see documents showing the NYC Transit system will be using RFID?

 

Taking payment from an alternate card than the one you intend is a probability. Generally having multiple cards together can affect the reader, it can display a read error, however it can depend on the card and reader. These cards are mass produced they aren't particularly tuned (certainly the cards aren't) you can therefore encounter a situation where you have two cards same bank for example and one will read 5cm (2") from the terminal and the other 1cm (1/2"). Whilst in theory multiple cards can present read issues, if one is more sensitive (ie the card reading at 5cm) it can interact with the reader before the second card has had chance to power up and respond. Relying upon multiple cards to somehow shield you is not recommended.

Equally yes a static shield which some like to call a faraday cage (which it is not strictly) is a way to shield your card, the issue comes when you want to use your card. You have to remove it from the shielding to allow it to work..

The idea of contactless NFC payments is speed convenience, a system to replace cash electronically. Unfortunately NFC is based on technology not originally designed for payment systems, thus the security is limited and it is run by the banks on a loss reward basis, they figure the losses are mitigated by the rewards and underwrite the losses themselves to get the system adopted.

 

In the UK London making the Undeground (subway) contactless spurred a significant uptake in contactless as an accepted payment platform, I am sure the same will result from NYC Transit adopting the same. The issue is the same here as there:

How do you truly make the payment operation safe, secure and fast?  

Getting your phone out and ready to pay, time, authorising the phone to make payment, ensuring you have enough battery power at the end of the day to get you home....

Using an NFC bank card, taking out of your wallet or purse to place it on the reader, then putting it back, is not a singlehanded operation, it leaves your card vulnerable to theft in your hand If it is safe in a RFID secure wallet you would have to take it out or place it in a pocket that isn't protected (kind of defeats the point of having the protected wallet?) what if you don't want to use that card but a different one you'd have to swap it again a two handed operation and time..

 

For Contactless payments to truly be effective we don't want to be worrying about lack of batteries, we need the card to be safe until the moment of payment. It needs to be able to make a payment single handedly so whilst holding a coffee or your phone with the other hand, and it needs to be fast, no good fumbling around at the terminal with fellow commuters backing up behind you! and you want to immediately decide between the two cards you could pay with at the last moment...

That's making a payment that gives choice, security from miss-reading or cloning, can be carried out singlehanded in either hand and fast.. plus no batteries to worry about! Then we would have something that is both easy and safe to use which makes it convenient..

Actually I made an error in my assessment before - NFC is basically a Subset of RFID. NFC is a set of specifications for 13.56 high frequency passive RFID meant to pass fairly high-bandwidth data over a short distance. 

I had assumed that NFC required an "active" tag, as it requires processing to be done on the tag, not just transmission of a number - but as it happens, NFC credit cards, while wirelessly energized by the reader, do that processing on board. Neat stuff. 

Incidentally, one of the the things that's happening amongst that processing on board is verification of the reader. Modern EMV credit cards actually encipher their communications and cryptographically check the reader. As I understand it: Any contactless credit card that also works in a chip reader can - even in mag emulation mode - dynamically generate cryptographically secure mag emulation data - so long as it's programmed to do so. 

The only way to clone an NFC credit card is to happen upon one that indeed does broadcast it's raw magstripe data when challenged by a false reader that claims not to support EMV - and even then, you're only getting a clone of the mag stripe data, and most NFC payment terminals are gonna want EMV... 

TL;DR - contactless payment is way more secure than I had assumed. 

  • Like 1

Share this post


Link to post
Share on other sites
On 7/26/2018 at 7:44 PM, itmaybeokay said:

you're only getting a clone of the mag stripe data, and most NFC payment terminals are gonna want EMV... 

 

..this data is enough to make purchases online though. http://uk.businessinsider.com/black-hat-talk-hacking-emv-card-2016-8

However this doesn't address card clash or payment from the wrong card either 

 

However I guess the thrust of the argument I made is Contactless is not common in the US as much as say Canada your nearest neighbour, given the uptake in the UK since the TFL oyster payment system do readers expect the same in the US.

What makes the payment process simple for users, removing the card and making the payment then returning the card to the wallet, having a plastic wallet to use for the card payment, thus perhaps two types of wallet being carried? Using a phone carries with it the need to ensure the batteries are charged.

 

Sorry the post was to long for you, you clearly don't read NYT news articles lol

Share this post


Link to post
Share on other sites

I hope these won't be stored-value cards. In other words, I assume the MTA will keep on its servers and not on the card the authoritative record of the balance on a pay-per-ride card or how much of the between-rides wait period is left on an unlimited card. Otherwise, having a contactless card get read by a non-MTA reader could reduce my remaining balance or impose a wait, probably without a notice we'd recognize. Faraday cage for me. Carrying two wallets is acceptable.

Entering efficiently is nice, but I'd rather make everyone wait while I get my card out of its Faraday cage. Or I'll get it out only a moment before, enter, and put it away. I won't get the efficiency but entry shouldn't be slower than now, unless the plan is to have fewer turnstiles because entry would be faster and then we fumblers will take longer than now.

@RFIDSecur: Cards being untuned, sensed at no more than half an inch away or possibly up to two inches away, may not depend on the gap being empty airspace. In my PATH experiment (above), a gap of nearly 2 inches filled with paper (700 pages) and 4 book covers was scanned through. I did not run the same experiment on multiple cards or at multiple turnstiles.

@RFIDSecur: Instituting contactlessness for the MTA won't, by itself, spread contactlessness to many other institutions. I think I've seen only two brick-and-mortar retailers that won't take cash. One other retailer said about half of its transactions were with plastic, so the other half weren't.

@INDman: "99.9% of the time when people get multiple fares deducted when trying to enter the system, happen because they don’t read the display of the turnstile and they tap . . . their card too many times." Yes; but the system should be designed for how people would use it rather than demanding more from people than they understand. Most people are not geeks. Occasional users, such as some retirees and most tourists, will have the overcharge problem more. A conflict is that a pay-per-ride card may be usable for multiple immediate rides, perhaps for families; so we may not want to prevent multiple uses in a short time front. Perhaps a solution is that a person with this problem who does not need multiple use can be allowed to preset the card to forbid two rides in a short time frame, even better if the owner can reverse that later at will.

@checkmatechamp13: Whether "you can log in and check your card's balance and see where you swiped": I asked a customer service rep (and I think the MTA online) about that and was told it can't be done by someone like me (a passenger who has a MetroCard) or even by the customer service rep in a station booth. But I don't buy using a credit card, and maybe it can be done for some MetroCards, albeit not all. I assume police, MTA auditors, _et al._ can get the history at public terminals, like if a passenger tells an inspector that they paid before boarding as required for a few MTA bus lines but has lost the paper proof of payment.

Share this post


Link to post
Share on other sites

Want to know how the MTA will react to overuse? Look at their history of refunding Bus- Subway transfers. Send in card, waited one month only for them to tell me, nope no problem, you were charged properly. NY'ers already are used the taking a L when it comes to getting money back from the MTA. I expect this to continue.

Edited by Mtatransit

Share this post


Link to post
Share on other sites
On 4/17/2018 at 3:17 PM, itmaybeokay said:

The MTA partnered with the same company that does London's OysterCard. There, the only issue is if you have the oystercard and another contactless credit card in the same wallet it can potentially read them both. 

Hopefully, they contract the vendor for customer service and maintenance as well in which case service will almost assuredly be better. 

 

Dunno why they did that instead of PATH's SmartLink, or why PATH won't join into (MTA)'s system...

Share this post


Link to post
Share on other sites
1 hour ago, Deucey said:

Dunno why they did that instead of PATH's SmartLink, or why PATH won't join into (MTA)'s system...

Possibly because Oyster was set up and operational long before PATH so a greater degree of knowledge and experience of operation, it is the largest operator in europe I believe.

Secondonly Path still require adobe flash plugin for their site so clearly security isn't high on the agenda lol 😉 

Share this post


Link to post
Share on other sites
2 hours ago, Deucey said:

Dunno why they did that instead of PATH's SmartLink, or why PATH won't join into (MTA)'s system...

SmartLink is a first-gen smartcard system, which only works with those specific cards. MTA is not interested in that because they want to exit the payments business as much as possible; Oyster is based on an open standard that can work with contactless bank cards. 

Port Authority, like pretty much every other agency and subagency in the region, is very territorial, and is probably not interested in linking PATH to MTA. Plus PATH is already their biggest money sink, there's not much reason as to why they would throw more money into that fire pit. 

 

Share this post


Link to post
Share on other sites

London’s system requires a proximity of < 1cm.

There’s no sitation where you get charged just by wandering near a gate.

If the MTA will be using the same tech, you don’t have anything to worry about.

Share this post


Link to post
Share on other sites
On 8/11/2018 at 6:27 PM, bobtehpanda said:

SmartLink is a first-gen smartcard system, which only works with those specific cards. MTA is not interested in that because they want to exit the payments business as much as possible; Oyster is based on an open standard that can work with contactless bank cards. 

Port Authority, like pretty much every other agency and subagency in the region, is very territorial, and is probably not interested in linking PATH to MTA. Plus PATH is already their biggest money sink, there's not much reason as to why they would throw more money into that fire pit. 

 

I figured that since PATH already takes MetroCards with fare on them, and a good number of riders use (MTA) and PATH, that they'd both make sure the systems are compatible so folks don't have two "smart" farecards.

Share this post


Link to post
Share on other sites
1 hour ago, Deucey said:

I figured that since PATH already takes MetroCards with fare on them, and a good number of riders use (MTA) and PATH, that they'd both make sure the systems are compatible so folks don't have two "smart" farecards.

That would require either agency to actually care about its customers.

Share this post


Link to post
Share on other sites
On 8/2/2018 at 10:25 AM, RFIDSecur said:

..this data is enough to make purchases online though. http://uk.businessinsider.com/black-hat-talk-hacking-emv-card-2016-8

No. It isn't.

Track 2 magstripe data can't on it's own be used for online purchases, because it lacks the CVC code - which is neither stored on the magstripe nor transmitted via NFC, and is printed on the card non-embossed letters - the concept here is this code, only needed for "card not present" transactions - is not 'Skimmable'. It's an attempt to increase security to ensure that intercepted card data cannot be used to make card-not-present transactions. 

Read carefully. "The captured data, which is sent unencrypted, can then be used to create a normal magstripe card for use on older, offline systems."

 

Also, that article is 2 years old - note I said "EMV can be encrypted if the card supports it". I'm not denying the existence of security holes - I'm saying many of the concerns you denounced are already - or in the process of - being addressed. 

On 8/2/2018 at 10:25 AM, RFIDSecur said:

However I guess the thrust of the argument I made is Contactless is not common in the US as much as say Canada your nearest neighbour, given the uptake in the UK since the TFL oyster payment system do readers expect the same in the US.

Establishments which accept contactless cards, in so much as I've seen, are steadily increasing in number. 

 

On 8/2/2018 at 10:25 AM, RFIDSecur said:

What makes the payment process simple for users, removing the card and making the payment then returning the card to the wallet, having a plastic wallet to use for the card payment, thus perhaps two types of wallet being carried? Using a phone carries with it the need to ensure the batteries are charged.

I am not sure I understand the question here. Removing the card from the wallet rather than tapping the wallet doesn't seem like a huge burden. I guess there's a space in the market for a "mostly faraday" wallet that lets one card sit in the readable position and shields the rest. 

But in reality, most people will probably use their phones, and have the card which is on the phone also in their wallet as a backup. Heaven forfend their lithium polymer runs shy on electric potential, they can take their card out of their wallet. 

Seems pretty simple to me. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.