New MasterCard PayPass Utilizes Contactless Card Payment Technology
 

New MasterCard PayPass Utilizes Contactless Card Payment Technology
http://biz.yahoo.com/bw/021212/122088_1.html

Perhaps I could set up one of those special readers on the left wall of a very narrow hallway, and silently extract funds from credit cards in the wallet of every man who squeezed through?

There's a severe lack of tech specs on this. It sounds like it's RFID in a way. The first thing I would do is work at getting a device is a trying to boost the range on it and just intercept credit card numbers.

I was thinking the same thing the other day.

Lots of companies use these "proximity cards" for building security, and now credit card companies are doing the same thing.

It doesn't seem like it would be too difficult for someone who knows what they're doing to set up a device somewhere and get the information out of people's wallets as they walk by.

When I was purchasing one of these systems for my company, extended range readers could read cards that were several feet away.

d

Here's a presentation about the ISO 14443 contactless card and security:

http://www.nmda.or.jp/nmda/ic-card/pdf/Vazquez.pdf

It's not a simple as the card broadcasting your CC# to anyone within earshot. For finance transactions it's an encrypted 2-way transaction with the reader authenicating your card and your card authenticating the reader.

To me, it looks at least as secure as internet credit card transactions, and definietly more secure than handing over your credit card to the sub-minimum wage guy at The Ground Round.

I know that it's not broadcasting the CC number, but engages you in some sort of transaction. It's passive authentication from the card to the reader, which is a problem for me. What's to stop someone from issuing a bill for $.02, and proceeding through the transaction while at the same time logging the card information to use down the road?

They've had somthing like this in Boise for quite a while now. It works in the drive through also.

http://www.usatoday.com/tech/news/20...e-payments.htm

Maybe we should bring this back to the top, now that we know merchants are accepting this technology and issuers are promoting it to thier customers.

see: http://www.mastercard.com/paypass

I know that Citibank is for sure issuing this with their credit and debit products -- though largely only on request and in the form of a key chain payment tag.

Are there other institutions that issue PayPass in the form of a payment tag or IN the card itself that you know of?

Any experiences with merchants that people want to share? How about use at major league baseball stadiums--that is a real plus!

Wanted to bring this to the front. I think Citibank is the largest issuer of card with PayPass and/or PayPass payment tags for the key chain now.

I am port of a mobile trial in NEw York, where we have PayPass in our cell phones. (I was given a Nokia prototype for 3 months to test it out.)

http://www.mastercard.com/us/paypass/mobile/index.html

http://www.mastercard.com/us/persona....../index.html

It is so convenient -- no signing and no wallet involved for both the phone with PayPass and payment tags.


Any one use PayPass or blink from Chase?

Is the phone version integrated into the electronics of the device in any fashion, or does the phone's case merely hold the chip?

It is integrated under the ear piece on the outside above the outside screen. (It is a flip phone) It is called NFC technology or Near Field Communications called this by Nokia). It allows 2 way communications. I can even wave my phone by select posters and download multimedia information. So I presume that the phone's chips and processors are able to operate the NFC RF chip (PayPass) since I can turn it off and on and ask for passcode to allay security concerns.

The phone is a prototype Nokia 6131, which is basically just an updated 6126. Nokia issued a press release on the 6131 model.

Japan naturally has had this technology for many years, and I believe Taiwan has it now in widespread use.

Europe has made a massive push for this technology the last couple years. Organized crime out of eastern European organized crime has been harvesting card numbers and creating fake cards.

Late 2005 VC/MC dropped most of the fraud protections for the merchant if they didn't update card terminals to take the new RF style cards.

The push to do the same in the US isn't nearly as big as fraud in the US is extremely low. Merchants are more concerned about how reward cards are costing them extra discount points.

I recently got a PayPass Mastercard. In Canada, Citibank offers PayPass as part of its Petro-Points Mastercard product that also features savings of $0.02/litre on gas at PetroCanada outlets.

It seems convenient, though given the amount of fraud at gas station card readers already, I do have my reservations about its security.

Generally speaking the RF based cards have much higher security than a traditional card. The RF based card won't transmit the card number unless a two way, encrypted security challenge has passed on both ends. This makes it hard to create bogus cards, or piggyback a mag reader to terminal/atm/etc.

The only RF system I'm aware of being hacked was an early Exxon ExpressPass system, which was since replaced.