FlyerTalk Forums - View Single Post - USA EMV cards: Availability, Q&A (Chip & PIN -or- Chip & Signature) [2012-2015]
Old Mar 31, 2014, 10:32 am
  #3804  
kebosabi
 
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
Originally Posted by emvchip
What banks offer these readers? Are they a proprietary solution or standards based?
I don't know how the UK works, but Japan operates similarly for contactless cards, albeit for transit cards and reloadable prepaid cards.

Any person can buy an USB NFC card reader at any electronics store in Japan, like this, usually for around 3000 JPY:
http://www.sony.co.jp/Products/felic...l?j-short=pcrw

Pretty much all of contactless in Japan is standardized to the Felica system and since NFC supports Felica, it's a defacto standard USB contactless card reader that any contactless card in Japan can be used for it.

When one needs to access private information from their home computer, (i.e. transit cards like Suica or PASMO, contactless prepaid cards like WAON or Edy, etc.), all one needs to do is hook up this device to their computer, and place their contactless cards onto it to access vital personal information via the internet. There, they can view their transactions and make reloads to the card at the comfort of their own home. They are primarily used for stuff like transit cards and prepaid cards so that it proves that you have the card in hand right now as well.

It's not like you need it, but for those who don't want to go back and forth to the nearest train station or to a specified reload kiosk, it provides them with an option to buy this device at their own expense so that they can do it securely at the comfort of their own home.


In the context of interest that some people here are buying their own contact readers to see the CVM list of their EMV cards (I actually ended up buying the SCM 3500 model over shopping at Fry's, hoping to get it today or tomorrow), I think it's an option that banks in the US can look into as an extra layer of security: you can't log into your account info unless you stick your own card into your own computer via a USB (EMV or NFC contactless) card reader.

Any hacker can steal passwords easily but they won't be able to access it if they don't have the physical card. A burglar can steal the card easily, but they won't be able to access it if they don't have the login ID and password. Why not combine the best of both worlds? It certainly does ante up the level of security. Is it a panacea and 100% solution, no nothing is. But it raises the bar a lot that one would need both the physical card AND the login ID/password to gain entry to personal info.

The US military already does this with their CAC when they need to access confidential e-mail over the internet. CAC is basically an EMV card that provides the same level of security: need both physical card in hand and the login ID/password to gain entry to key info. It is standardized across the US military. And card readers are readily available for pickup as some here have started buying.

That being said, I don't see why not the banking system could offer the same level of optional security. Note the italics in optional.

Last edited by kebosabi; Mar 31, 2014 at 10:45 am
kebosabi is offline