USA contactless credit/debit/transit (2014-2016)
Dec 9, 2014, 10:46 am
#496
Join Date: Jan 2013
Posts: 63
We now also disclose that the pre-play attack is not limited
to terminals with defective random number generators. Because
of the lack of end-to-end transaction authentication, it
is possible to modify a transaction made with a precomputed
authentication code, en route from the terminal to the acquiring
bank, to edit the “unpredictable number” to the value that
was used in the pre-computation. This means that as well as
inserting a man-in-the-middle devices between the payment
card and the terminal, an attacker could insert one between
the terminal and the acquirer. It also means that malware
in the terminal can attack the EMV protocol even if the
protocol itself is implemented in a tamper-resistant module
that the malware cannot penetrate.
to terminals with defective random number generators. Because
of the lack of end-to-end transaction authentication, it
is possible to modify a transaction made with a precomputed
authentication code, en route from the terminal to the acquiring
bank, to edit the “unpredictable number” to the value that
was used in the pre-computation. This means that as well as
inserting a man-in-the-middle devices between the payment
card and the terminal, an attacker could insert one between
the terminal and the acquirer. It also means that malware
in the terminal can attack the EMV protocol even if the
protocol itself is implemented in a tamper-resistant module
that the malware cannot penetrate.
And yeah, we should be discussing this in the EMV thread...
Dec 9, 2014, 6:22 pm
#497
Join Date: Nov 2012
Posts: 3,537
The Subway near me that was so anti-contactless has figured out how to completely disable contactless. The screen still says "slide or tap card" but the contactless logo no longer appears and there is no terminal response whatsoever. I sent them a note saying not to bother calling me again, but that I want them to know why they're losing me as a customer and that I won't ever be back.
Dec 9, 2014, 8:29 pm
#498
Join Date: Jul 2012
Location: RDU
Programs: DL(PM), UA(Silver), AA(EXP) Marriott(Ti), HH(Gold), Hertz(PC)
Posts: 2,667
The Subway near me that was so anti-contactless has figured out how to completely disable contactless. The screen still says "slide or tap card" but the contactless logo no longer appears and there is no terminal response whatsoever. I sent them a note saying not to bother calling me again, but that I want them to know why they're losing me as a customer and that I won't ever be back.
Dec 9, 2014, 8:48 pm
#499
Join Date: Nov 2012
Posts: 3,537
P.S. she told me all Subways in Montana were not allowed to accept contactless. Which is, of course, a blatant lie - it works fine at all the ones from other owners.
Dec 9, 2014, 8:55 pm
#500
Join Date: Sep 2014
Posts: 1,722
Complete and utter ignorance.. Anywho atleast one of the local Subway's here is now branded with Softcard on the MX820's screen but still takes Google Wallet with no issues. ^ I'm so glad the franchisee is not stupid here or else I'd never go to Subway.
Dec 9, 2014, 9:09 pm
#501
Join Date: Nov 2012
Posts: 3,537
They've gone well out of their way (installing customer-facing terminals awkwardly behind the counter, being rude on the phone, disabling contactless entirely in the one store I go to) to tell me they don't want me as a customer. So I'm going to listen.
On the other hand, as of a few days ago, our local Michael's still works. NO indicator (prompting, circles, logo, anything) on screen, no feedback when tapped, but it works.
Dec 9, 2014, 9:59 pm
#502
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,507
Wait, isn't Subway one of the original companies to sign onto Apple Pay? Wouldn't corporate be able to sanction that particular franchise since presumably it's required that they accept it?
Dec 9, 2014, 11:42 pm
#503
Join Date: Nov 2012
Posts: 3,537
Corporate doesn't seem to care... And what's interesting is that they figured out a way to disable contactless (or something broke and they haven't bothered fixing it but I doubt that). I don't know why something broken could remove the logo from the screen.
Dec 10, 2014, 7:10 am
#504
Join Date: Oct 2014
Programs: Skymiles
Posts: 3,251
The Japanese are usually the first in to do these things years before the world, but where they fail is marketing that technology outside of Japan.
Japan was the first one to come out with cell phones with cameras. "Selfies" were a common thing in Japan over a decade ago and only know it's catching on to the rest of the world. Japan could've introduced their phones to the outside market, but they didn't.
Same with others: Japan was the first one to come out with changeable ringtones, adding a web browser (i-mode), osaifu keitai, etc.
But they all failed, or let alone they didn't even try to market those outside of Japan. Of course everyone thought it was cool. Everyone who has visited Japan knew this. Everyone who sees Japanese people at anime conventions knew this. Then why didn't they try to market it? Why did they do nothing until Apple pretty much scooped it all up and spread it throughout the world?
Simply, the Japanese cell phone companies didn't care about marketing those outside of Japan and were satisfied purely by the Japanese market alone. Of course, Japan using a propietary PDC format also was a factor, but that's not really a good excuse as Samsung and LG were also using the PDC format in South Korea for years yet were capable of marketing successfully in mainly GSM markets abroad.
Furthermore, osaifu keitai again, is still a proprietary format used only in Japan. You can't like use osaifu keitai and use it CVS Pharmacy stateside for example. That's what Japan should've done. They didn't see a need to.
So Apple took it one step further. They did what the Japanese couldn't do: put it into a worldwide product that can be used worldwide. People have a iPhone 6 that's sold worldwide, it's loaded with Apple Pay which can be used worldwide. iPhone 6 loaded up with an US issued credit card, tap away everywhere from your local 7-Eleven, riding the HKMTR subway, paying for goods at Watson's or renting a bike in Prinsengracht, Amsterdam, or whatever.
Basically what the Japanese should've done but didn't do (failure to see the massive marketing importance), Apple did it. And practically overnight, Apple introduced a product which is sold worldwide, with a contactless payment system that can also be used worldwide.
Japan was the first one to come out with cell phones with cameras. "Selfies" were a common thing in Japan over a decade ago and only know it's catching on to the rest of the world. Japan could've introduced their phones to the outside market, but they didn't.
Same with others: Japan was the first one to come out with changeable ringtones, adding a web browser (i-mode), osaifu keitai, etc.
But they all failed, or let alone they didn't even try to market those outside of Japan. Of course everyone thought it was cool. Everyone who has visited Japan knew this. Everyone who sees Japanese people at anime conventions knew this. Then why didn't they try to market it? Why did they do nothing until Apple pretty much scooped it all up and spread it throughout the world?
Simply, the Japanese cell phone companies didn't care about marketing those outside of Japan and were satisfied purely by the Japanese market alone. Of course, Japan using a propietary PDC format also was a factor, but that's not really a good excuse as Samsung and LG were also using the PDC format in South Korea for years yet were capable of marketing successfully in mainly GSM markets abroad.
Furthermore, osaifu keitai again, is still a proprietary format used only in Japan. You can't like use osaifu keitai and use it CVS Pharmacy stateside for example. That's what Japan should've done. They didn't see a need to.
So Apple took it one step further. They did what the Japanese couldn't do: put it into a worldwide product that can be used worldwide. People have a iPhone 6 that's sold worldwide, it's loaded with Apple Pay which can be used worldwide. iPhone 6 loaded up with an US issued credit card, tap away everywhere from your local 7-Eleven, riding the HKMTR subway, paying for goods at Watson's or renting a bike in Prinsengracht, Amsterdam, or whatever.
Basically what the Japanese should've done but didn't do (failure to see the massive marketing importance), Apple did it. And practically overnight, Apple introduced a product which is sold worldwide, with a contactless payment system that can also be used worldwide.
Same goes for POS terminals, while the rest of the world goes for your typical Verifone or Ingenico, Japan had to homegrown build their own with a number of flashing colored lights and 400 beeps and music. Looking too fake futuristic and annoying really.
Also interface design seems to be last on their list. And let's not forget nobody cared about contactless on a flip phone in a smartphone world.
Dec 10, 2014, 7:15 am
#505
FlyerTalk Evangelist
Join Date: Jan 2014
Location: San Diego, CA
Programs: GE, Marriott Platinum
Posts: 15,507
BTW if anyone runs into a similar issue and use a Visa card with Apple Pay, this link might be helpful: https://usa.visa.com/checkoutfees/contact.jsp. "The merchant displayed an improper Visa acceptance mark, did not display Visa signage or displayed Visa signage but refused to accept your Visa card" would probably be the correct option to select.
Dec 10, 2014, 9:56 am
#506
Join Date: Aug 2008
Programs: HHonors Gold, Marriott Lifetime Gold, IHG Gold, OZ*G, AA Gold, AS MVP
Posts: 1,874
Japan also doesn't like using tech from other countries, I'm very surprised that NCR still had a great self checkout prescence there. Their ATMs are very ugly and look like washing machines- and ones from every other country looks the same but Japan's looks like a machine from the 1980s.
Same goes for POS terminals, while the rest of the world goes for your typical Verifone or Ingenico, Japan had to homegrown build their own with a number of flashing colored lights and 400 beeps and music. Looking too fake futuristic and annoying really.
Same goes for POS terminals, while the rest of the world goes for your typical Verifone or Ingenico, Japan had to homegrown build their own with a number of flashing colored lights and 400 beeps and music. Looking too fake futuristic and annoying really.
As for POS terminals, I don't know which ones you've been looking at, pretty much all the ones I've seen in Japan are pretty no-nonsense. And what does it hurt to have a bit of competition instead of being a Verifone/Ingenico duopoly?
Dec 10, 2014, 10:27 am
#507
Original Poster
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
It's actually more of the Japanese government's economic policies and the Japanese market intentionally doing so to keep their engineers employed.
It creates a modern form of sakoku. And it's understandable; they graduate more engineers than we do, we OTOH shell out more lawyers and MBAs.
The downside is that because of this, Japan tends to venture off into areas years, sometimes decades before the rest of the world is ready.
Solar panels for example, were made by Casio in the 1960s, way too early for its time) and inevitably makes them veer off into what's known as the Galapagos syndrome. And surprise, some wikipedia editor noted the US is also a Galapagos syndrome nation because of its usage of mag-stripes over EMV! LOL.
And by the time the rest of the world gets ready, it swallows up the Japanese market due to the strength of the worldwide market.
Japanese cell phones were years ahead of the world in the late 1990s and early 2000s. Another interesting trivia: Japan had already sold touchscreen cellphones back in 1999, way ahead of it's time too. It was developed by Pioneer:
But that time, the rest of the world wasn't ready yet; it still had no widespread mobile infrastructure like Japan to do all sorts of things like mobile wallets, mobile webs, photo sharing, etc. There's a big difference in setting up mobile data towers all over a (relatively) small country like Japan vs doing the same thing for a large country like the US and the rest of the world.
It creates a modern form of sakoku. And it's understandable; they graduate more engineers than we do, we OTOH shell out more lawyers and MBAs.
The downside is that because of this, Japan tends to venture off into areas years, sometimes decades before the rest of the world is ready.
Solar panels for example, were made by Casio in the 1960s, way too early for its time) and inevitably makes them veer off into what's known as the Galapagos syndrome. And surprise, some wikipedia editor noted the US is also a Galapagos syndrome nation because of its usage of mag-stripes over EMV! LOL.
And by the time the rest of the world gets ready, it swallows up the Japanese market due to the strength of the worldwide market.
Japanese cell phones were years ahead of the world in the late 1990s and early 2000s. Another interesting trivia: Japan had already sold touchscreen cellphones back in 1999, way ahead of it's time too. It was developed by Pioneer:
But that time, the rest of the world wasn't ready yet; it still had no widespread mobile infrastructure like Japan to do all sorts of things like mobile wallets, mobile webs, photo sharing, etc. There's a big difference in setting up mobile data towers all over a (relatively) small country like Japan vs doing the same thing for a large country like the US and the rest of the world.
Last edited by kebosabi; Dec 10, 2014 at 10:40 am
Dec 10, 2014, 10:32 am
#508
Join Date: Oct 2014
Programs: Skymiles
Posts: 3,251
It's actually more of the Japanese government's economic policies and the Japanese market intentionally doing so to keep their engineers employed.
It creates a modern form of sakoku. And it's understandable; they graduate more engineers than we do, we OTOH shell out more lawyers and MBAs.
The downside is that because of this, Japan tends to venture off into areas years, sometimes decades before the rest of the world is ready (solar panels for example, were made by Casio in the 1960s, way too early for its time) and inevitably makes them veer off into what's known as the Galapagos syndrome (and surprise, some wikipedia editor noted the US is also a Galapagos syndrome nation because of its usage of mag-stripes over EMV! LOL). And by the time the rest of the world gets ready, it swallows up the Japanese market due to the strength of the worldwide market.
Japanese cell phones were years ahead of the world in the late 1990s and early 2000s. But that time, the rest of the world wasn't ready yet; it still had no widespread mobile infrastructure like Japan to do all sorts of things like mobile wallets, mobile webs, photo sharing, etc. There's a big difference in setting up mobile data towers all over a (relatively) small country like Japan vs doing the same thing for a large country like the US and the rest of the world.
It creates a modern form of sakoku. And it's understandable; they graduate more engineers than we do, we OTOH shell out more lawyers and MBAs.
The downside is that because of this, Japan tends to venture off into areas years, sometimes decades before the rest of the world is ready (solar panels for example, were made by Casio in the 1960s, way too early for its time) and inevitably makes them veer off into what's known as the Galapagos syndrome (and surprise, some wikipedia editor noted the US is also a Galapagos syndrome nation because of its usage of mag-stripes over EMV! LOL). And by the time the rest of the world gets ready, it swallows up the Japanese market due to the strength of the worldwide market.
Japanese cell phones were years ahead of the world in the late 1990s and early 2000s. But that time, the rest of the world wasn't ready yet; it still had no widespread mobile infrastructure like Japan to do all sorts of things like mobile wallets, mobile webs, photo sharing, etc. There's a big difference in setting up mobile data towers all over a (relatively) small country like Japan vs doing the same thing for a large country like the US and the rest of the world.
This is a write up from 2011 of what someone thought Japanese technology was like. It seems though is Americans view them as high tech, they're very backwards outside of the city. Kind of like how the rest of the world thinks of NYC when they think of America, and nowhere else.
That being said, do credit cards in Japan have EMV? According to this write up they even go as far as claiming they don't have a stripe! I think something's a little off with this article.
Dec 10, 2014, 10:51 am
#509
Original Poster
Join Date: Jul 2006
Location: LAX
Programs: AA EXP 1.5MM, Asiana Club Silver, KE Morning Calm, Hyatt Platinum, Amtrak Select
Posts: 7,161
This is a write up from 2011 of what someone thought Japanese technology was like. It seems though is Americans view them as high tech, they're very backwards outside of the city. Kind of like how the rest of the world thinks of NYC when they think of America, and nowhere else.
Mitsubishi UFJ: http://www.cr.mufg.jp/
Rakuten: http://card.rakuten.co.jp/
Sumitomo: http://www.smbc-card.com/index.jsp
Kyoto DC: http://www.kyotodc.co.jp/card/
Resona: http://www.resonacard.co.jp/aa/
Mizuho: http://www.mizuhobank.co.jp/mmc/card/syurui.html
JCB, Japan's own credit card network signed onto the EMV idea in 2004, 5 years earlier than AMEX did.
http://partner.jcbcard.com/security/jsmart/index.html
If I can quote wikipedia on their article on EMV
Originally Posted by wikipedia
JCB (formerly Japan Credit Bureau) joined the organization in December 2004, and American Express joined in February 2009. In May 2013 China UnionPay was announced as member[1] and in September 2013, Discover joined the corporation.[2] The EMVCo members MasterCard, Visa, JCB, American Express, China UnionPay, and Discover have an equal 1/6 interest in the standards body
As for Japanese credit cards that don't come with mag-stripes, I have never seen one. Many Japanese tend to take vacations to places like Guam and Hawaii; without a mag-stripe how will Japanese tourists make payments while they're in the US?
Bank ATM cards (which Japanese banks rarely come with VISA/MC Debit feature) and is quite incompatible with the rest of the world, it's quite possible some do not come with mag-stripes.
Last edited by kebosabi; Dec 10, 2014 at 11:16 am
Dec 10, 2014, 11:29 am
#510
Join Date: Jul 2012
Location: Canada
Programs: BA Gold (OWE), Star Alliance Gold, Hilton Diamond
Posts: 2,194
Thats not quite true. Amex was the only network that has actually issued EMV compliant cards before it joined EMVCO. They were issuing EMV cards the same time as other UK banks for example.