Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Startup Touts All-in-One Digital Credit Card

timothy posted 1 year,8 days | from the fewer-pieces-to-steal dept.

The Almighty Buck 222

First time accepted submitter NoImNotNineVolt writes "Coin, a Y Combinator-backed startup, has started accepting pre-orders for a device as slim as a standard piece of payment plastic that can hold eight credit, debit, and gift cards in its dynamic magnetic stripe. Paired with the Coin smartphone app via Bluetooth low energy, card details can easily be swapped in and out of the device. A minimalist user interface on the device itself allows the owner to toggle between the loaded cards and then swipe just as they would their ordinary card. All card details are encrypted (both on the device and in the smartphone app), and the device's on-board battery is expected to last for two years of typical usage. No support for chip&pin (EMV) yet, so this may have limited utility outside of the USA. They expect to start shipping in summer of 2014."

Sorry! There are no comments related to the filter you selected.

Cool. (0)

Anonymous Coward | 1 year,8 days | (#45426238)

One thing to steal to be someone else!

Thats awesome.

It should be called OneCard (2)

foma84 (2079302) | 1 year,8 days | (#45426254)

To rule them all.

Re:It should be called OneCard (1)

foma84 (2079302) | 1 year,8 days | (#45426264)

Oh wait, it does.

Re:Cool. (1)

Joe_Dragon (2206452) | 1 year,8 days | (#45426650)

my precious

Great for CC scammers (4, Insightful)

hsmith (818216) | 1 year,8 days | (#45426246)

Now an all in one solution to skim and use credit cards.

But, I don't see this catching on. Tapping to pay with your device is "new" so people don't think much of it. Paying with an "all in one" credit card isn't something most will be used to. Plus, I'd expect pushback from Visa/AMEX on this.

Re:Great for CC scammers (2)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426344)

Can't skim cards [easily] with this. Apparently to "load" a new card, you've gotta snap some pictures of it and swipe it through the [included] card reader. And the card has to be in your name.

I suppose you can create an account in the name of the victim, then snap pictures of their card, then swipe it... But that's not exactly the best skimming solution I've heard of.

Re:Great for CC scammers (4, Insightful)

cheater512 (783349) | 1 year,8 days | (#45426440)

Quick little dive in to the code with a debugger and watch those limitations vanish in front of your eyes......

Re:Great for CC scammers (1)

i kan reed (749298) | 1 year,8 days | (#45426610)

Sure, but with those skills, you could program the skimmer drivers in the first place.

Re:Great for CC scammers (3, Insightful)

Amouth (879122) | 1 year,8 days | (#45427618)

I don't think the issue is so much with having a skimmer. Right now if i show up with a card that doesn't look like an actual CC the person at the counter will think something is up. But if this gets going and has blessings of the CC makers, and looks official the teller will just say "hey he has that neat new card" and not care that you are no infact using a skimmer.

Re:Great for CC scammers (1)

cayenne8 (626475) | 1 year,8 days | (#45426802)

What exactly is Chip & Pin?? It was mentioned in the article..something about it being used outside the US...

Re:Great for CC scammers (1)

fatphil (181876) | 1 year,8 days | (#45426976)

Are you being ironic? I'm guessing you are. If so, your implications are that others (in the US) might not be aware of it - in which case, they can work down this checklist, and identify where the confusion kicks in:

- You know what a chip is (in the context of IT)?
- You know what a PIN is (likewise)?
- You've seen cards (e.g. payment or identity cards) with chips in?
- You've seen people type in their PINs in order to use those cards with chips in?
- If you've made it here, then you know what chip and pin is.

It's technology from last decade (though it was growing steadily during the decade before too).

Unlike magstripe, which is 80s technology (and which too was growing steadily the decade before that).

You've got my mind wandering now - I've just persuaded myself that the dimensions of magnetic stripes must be specified in imperial units... ;-)

Re:Great for CC scammers (1)

fatphil (181876) | 1 year,8 days | (#45427018)

Aaaaaaargh, I was right!!!!!!!

"""
Tracks one and three are typically recorded at 210 bits per inch (8.27 bits per mm), while track two typically has a recording density of 75 bits per inch (2.95 bits per mm).
""" :-(

Re:Great for CC scammers (2)

khellendros1984 (792761) | 1 year,8 days | (#45427076)

The cards have a smart-chip [wikipedia.org] in them. The data on the chip is encrypted, which makes it much more difficult to counterfeit with a credit card skimmer. As a second authentication factor, the cardholder punches in a PIN. This style of card is becoming more common in Europe right now, and a lot of automated terminals won't take a card that only has a magnetic stripe, apparently.

Re:Great for CC scammers (5, Informative)

xaxa (988988) | 1 year,8 days | (#45427234)

This style of card is becoming more common in Europe right now, and a lot of automated terminals won't take a card that only has a magnetic stripe, apparently.

It is almost universal in Europe (95% of terminals, 85% of cards, two years ago), and plenty of other countries. A card with a chip is almost essential if you travel to Europe -- I can't remember the last time I saw a ticket machine (or similar) accept a magstripe.

http://www.creditcards.com/credit-card-news/american-travelers-guide-emv-chip-cards-1271.php [creditcards.com] is informative. I'm not convinced by '"In fact, as a late adopter of EMV, there's a great upside for the industry in the U.S. because we can avoid much of the cost and complexity involved in deploying older-generation chip cards, while still reaping all of the benefits of reduced counterfeit fraud,"' -- the US industry has had 10 extra years of fraud! (I have to phone my bank before using my card in the US, and give them the dates I will be travelling. Numbers are stolen in Europe, and used on fake cards in the US.)

Re:Great for CC scammers (1)

c0lo (1497653) | 1 year,8 days | (#45427122)

What exactly is Chip & Pin?? It was mentioned in the article..something about it being used outside the US...

It's a colonial contraption [wikipedia.org] meant to do something nasty to America. Don't use it.

Sounds sketchy to me (1)

mcmonkey (96054) | 1 year,8 days | (#45427364)

Can't skim cards [easily] with this. Apparently to "load" a new card, you've gotta snap some pictures of it and swipe it through the [included] card reader. And the card has to be in your name.

Why does it need a picture of the card? That seems strange. RTFA, but it doesn't have any more detail than your comment. I did like this nugget:
"If it loses contact with your phone for a self-designated amount of time, Coin will deactivate itself."

Nice security feature. Until my phone runs out of charge, and suddenly I can make a call and I can't use my credit cards.

I have the same thought from all the proposed smart phone-as-wallet apps. Great, let me put all my eggs in one easy to lose, easy to break basket. This one was interesting until they made it dependant on keeping a live phone near by.

Re:Great for CC scammers (3, Informative)

fuzzyfuzzyfungus (1223518) | 1 year,8 days | (#45426394)

Is there any established precedent(either in law or in contract dickery that has come to light) about using cloned cards for transactions?

Obviously, cloned cards can be a fraud tool, and fraud is illegal; and obviously most people have neither the tech nor the interest to clone mag stripe cards; but does Visa give a damn if I clone my card and swipe the clone, instead of the one they mailed me, at the point of sale? Do they claim some sort of 'despite all appearances to the contrary, card remains property of issuer, etc, etc, yadda, just shut up and swipe' clause? Have they ever been tried on that point?

There has never been anything magic (aside from convenience, getting a full-color printed, shiny holograms, embossed characters, encoded mag stripe, card in quantity 1 costs a hell of a lot more than quantity 1 zillion) about the card itself, nor do mag-stripe cards have any secrets embedded (unlike chip-and-pin, which theoretically, like a SIM, contains values that should never leave the IC under any circumstances short of silicon-level attack), and a lot of transactions occur with nothing more than the card number, since they go over the web.

I assume that if they do care, their easiest point of attack would just be to be enormous rules-lawyering dickheads about every last detail of PCI compliance, which would likely make the server/app side of things virtually impossible; but would the card-cloning itself, if not used for already illegal fraud of some kind, be an issue?

Re:Great for CC scammers (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426552)

That's a very valid point. Hopefully not valid enough for my pre-order to be worthless :(

Re:Great for CC scammers (2)

fuzzyfuzzyfungus (1223518) | 1 year,8 days | (#45426652)

What I don't know, and a secondary question to what I was asking about the history of non-fraud card cloning, would be "Will Visa/AMEX see this thing as a threat, or an ally?"

They likely have the power to seriously derail it(at least the software side); but if they are more worried about non-CC-based competitors cutting in on their action, with phone-based payments, or paypal QR code scanning, or some such nonsense, a different variant seems to pop up about once a week, they might actually welcome somebody stepping up to make mag-stripe cards more pleasant and convenient at no cost or risk to them.

If they are in a purely defensive/reactionary mode, for its own sake, or suspect that this is just step 1 to the creation of some alternate payment scheme that cuts them out of the equation but is backwards compatible with mag stripe hardware, they might decide to play hardball, and if they do, the PCI compliance guy for this company had better stock up on vodka and valium now; because he'll need them. If not, though, these guys aren't obviously more dangerous, just more sophisticated, than leather companies that produce wallets with lots of little card pockets.

Re:Great for CC scammers (0)

Anonymous Coward | 1 year,8 days | (#45427266)

I would hope they'd see it as an ally and an eventual way to drastically cut back on mailing out cards. Imagine how cool it would be to be able to get one of the devices at the local Wal*Mart and then download your credit cards directly from your bank's online banking interface. No insecure mail followed by an IVR call to verify that you've received the card.

It would also be significantly easier to implement more expensive security features with a single card. Sure, the fingerprint scanner on the iPhone isn't entirely secure, but if it could be added as an additional security element to the card such that you needed both your phone plus a fingerprint to use the card, it would make it that much harder to use a lost card. Consumers might pay $5 for a card that allowed them to carry only that card, was more secure.

There's a ton of possibilities that are opened up by a card like this.

Re:Great for CC scammers (4, Interesting)

wiredlogic (135348) | 1 year,8 days | (#45426826)

Vendors are not supposed to accept card without a valid signature on them. That alone would place them in breach of contract with the credit issuers and card processors if they accepted a cloned card.

Re:Great for CC scammers (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426938)

I never understood the reasoning behind that. I have never signed any of the card I've ever had.

If someone happens to gain possession of your card, do you also want to give them a template of your signature so they could practice their forgery?

Good luck getting a chargeback when the charge receipt has your signature on it. Fuck that.

Re:Great for CC scammers (1)

mrchaotica (681592) | 1 year,8 days | (#45427366)

My credit card signature is "See Photo ID."

Occasionally, the cashiers even check it!

Re:Great for CC scammers (2)

tlhIngan (30335) | 1 year,8 days | (#45427384)

I never understood the reasoning behind that. I have never signed any of the card I've ever had.

  If someone happens to gain possession of your card, do you also want to give them a template of your signature so they could practice their forgery?

  Good luck getting a chargeback when the charge receipt has your signature on it. Fuck that.

Technically, it's not a comparison template.

The signature on the card signifies you agree to the terms and conditions of your cardholder agreement. I.e., it's the acceptance of those terms between you and the issuer.

The signature on the slip signifies you agree to pay the amount shown on the slip. It's a contract between you and the issuer that you agree to pay the amount shown on the slip.

If one or the other isn't signed, the merchant bank could easily not pay, since the card was not valid at the time of transaction.

Of course, over time it got perverted to people thinking it was a comparison template.

Legally, if it doesn't have a signature, or if it has anything other than a valid signature, the merchant has a right to destroy the card as it's invalid.

And in theory, if your card wasn't signed, you could chargeback all the charges on it since it was invalid. But good luck finding a court who'll agree to it on technicality terms.

Re:Great for CC scammers (1)

fuzzyfuzzyfungus (1223518) | 1 year,8 days | (#45427008)

What if it were a signed clone?

I don't doubt that getting a real person to accept a blank, white, cheap 'n nasty 'n barely ISO 7813-compliant card as a "real credit card" would be a difficult task; but what I don't know is what history, backed by legal or contractual force, there is (if any) concerning not-otherwise-criminal use of cloned cards.

Do merchant contracts also require Visa/Amex logos/trademarks on accepted cards? Do the feds or any states consider cloned cards to be presumptively instruments of fraud? That sort of thing.

Re:Great for CC scammers (2)

viperidaenz (2515578) | 1 year,8 days | (#45426844)

If Visa find out you cloned your card and someone uses that clone to defraud you, you'll can bet your ass Visa will make you liable for their fraudulent charges.

Re:Great for CC scammers (0)

Anonymous Coward | 1 year,8 days | (#45427022)

does Visa give a damn if I clone my card and swipe the clone, instead of the one they mailed me, at the point of sale?

Yes, it's called card not present. [visa.com]

Re:Great for CC scammers (1)

WaffleMonster (969671) | 1 year,8 days | (#45427112)

I assume that if they do care, their easiest point of attack would just be to be enormous rules-lawyering dickheads about every last detail of PCI compliance,

With regards to PCI why would these guys have to care? PCI is not law and the only teeth PCI compliance has comes in the form of merchant relationships issuers/card vendors. If your not in that path industry can make all the rules it wants and you are free to ignore them because they can't touch you.

Re:Great for CC scammers (0)

Anonymous Coward | 1 year,8 days | (#45426942)

I was thinking of the other way, now when I give my card to the waiter, they have access to 8 credit card numbers instead of 1.

Useful with virtual credit card numbers (1)

bakaorg (870848) | 1 year,8 days | (#45427702)

Marry this to Citibank's virtual credit card numbers (or similar offerings from other companies) and now you can use one-time credit card numbers for all transactions, bonus points if you can punch in a dollar amount too like citibank offers. Who *cares* if you card # is skimmed or not. At most one person will get the amount of money you wanted to pay. Otherwise, I would stay far away from the service.

At last (1)

csnydermvpsoft (596111) | 1 year,8 days | (#45426278)

Finally - a "smart wallet" that would actually be more convenient to use (or at least no less convenient) than the credit cards I already have in my wallet.

Re:At last (1)

viperidaenz (2515578) | 1 year,8 days | (#45426868)

Why do you have more than two credit cards?

Re:At last (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426952)

Rewards programs.

United-branded VISA, free checked bags, free priority boarding.
Marriott-branded VISA, free rooms, free Silver status.
etc.

Re:At last (1)

jtownatpunk.net (245670) | 1 year,8 days | (#45427106)

Because I travel a lot (full time vagrant) and sometimes my bank will put a hold on my primary card. I think I finally convinced them to call me before putting a hold if they start to get suspicious of my spending activity but it's good to have a backup to use immediately so I'm not standing there like a chump, trying to get the hold lifted, people in line behind me getting angry. Also, my backup card is my oldest revolving line of credit. I wouldn't want to carry a balance on it because of the absurd interest rate but it's good to have a long, positive history on my credit report.

Re:At last (1)

viperidaenz (2515578) | 1 year,8 days | (#45427236)

Why do you have more than two credit cards?

Re:At last (1)

johnlcallaway (165670) | 1 year,8 days | (#45427408)

I have in my wallet, 12 different credit/debit cards:

1. A debit card that is used mostly at the ATM, but sometimes for small purchases. If I didn't need it for ATM access I would get rid of it because debit cards have very poor protection from fraud and mistakes. We were once double charged for groceries and it took almost a week to get $200 back. I don't use it for any large purchases anymore. Or shop at that store.
2. Amex because I think they have the best fraud division and customer service in my opinion. I also get points and use it for some of my monthly bills. Regardless, it's the one I use most often and has an absurd credit limit in my mind, one that I should never need. But it's good to know it's there if I need it. It gets paid off every month, although I don't have to. I have often considered getting rid of the rest except my debit card because I don't really need them
3. One Visa card because the account is 20 years old; long standing accounts improve credit scores. I use it once in a while just to keep it active. It has the highest interest rate and a pretty good limit. It gets paid off every month.
4. Two Mastercard cards because they have very low interest rates that I use whenever I buy something that might take a few months to pay off. The limits are pretty good, but lower than the other two above.
5. Cards for Lowes and Home Depot, because they both offer 'x months same as cash'. I use them for things around the house that are expensive that I can budget and pay off in the next 3-6 months. And I never pay any interest charges because I always pay them off on time.
6. A card for my FSA that I use to charge medical expenses to. No interest rate, and I get a tax break.
7. Four gas cards, because I like to use them to get gas. They have small credit limits and get paid off every month. I have four because that means that wherever I go in the US, the odds are that there will be one of those gas stations. Reduces fraud since the limits are very low and can only be used at limited places, and not online. I also play a game where I don't use a card the last two weeks of it's billing cycle. This lets me push off paying for gas a little bit more. Doesn't really save me any money, I just like to do it. It feels like I'm winning something.

I don't have any store credit cards, like Kohls or Macys, simply because I never buy anything there that I either pay cash for, or that I can't use my other cards for.

I keep all of the actual credit cards because it allows me to have a higher credit balance without impacting my credit score. Yet no single card, if stolen (other than the Amex) has that high a limit. Having $4000 outstanding on a $5000 card brings your score down less than having $5000 outstanding on several cards with a total limit over $15K. And if I'm hardly paying any interest on the $5000, because most of it is either paid off every month or on a 3-6 months same-as-cash incentive, why not??? Your credit score is based on how you handle credit, not whether or not you've ever been late. Keeping it as high as possible means lower rates on cars, houses, and credit cards. I usually qualify for the 0% rates on cars and most of my credit cards are in the sub-12% range. Which is irrelevant since I rarely pay interest anyway.

Just relating why someone might have lots of cards even if they pay them off every month. This may not work for many people, but I manage my money and it doesn't cause me any problems. If someone is willing to give me money for free (i.e. I don't have to pay to use it), why not take advantage of it if I can manage my ability to pay it back?

But ... back on topic ... as many times as I've been asked for my card at a store, I doubt if this would enable me to leave my cards at home anyway. So other than gas stations and self-service kiosks, I don't see it catching on until that issue is resolved.

However .. if this thing would work for rewards programs .. I'm in!!!! I'd love to get those things off my key chain.

Cute; but why? (4, Insightful)

fuzzyfuzzyfungus (1223518) | 1 year,8 days | (#45426298)

Cramming a UI and the electromagnetics required to spoof a mag stripe into something small enough to make it through a card reader is pretty impressive; but I just don't see the point.

I need another intermediary in my payment system like I need a hole in the head(and I certainly don't need any credit card details stashed in yet another OMGTOTALLY SECURE!!! server or app), and I'd need a hell of a lot of plastic infesting my wallet before a $100 piece of hardware, and BTLE-compatible smartphone become the lower-hassle alternative.

Along with a card reader, it'd probably be great fun as a tool for duplicating low security cards(eg. copier stored value cards, which commonly actually store their value in the stripe, rather than just encoding an ID that gets looked up by the payment processor), and generally fucking around with mag stripe readers; but for actual real-world financial transactions? How many credit cards do you carry on a daily basis?

Re:Cute; but why? (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426436)

For me, it's more an issue of how many cards I don't carry on a daily basis.

I have accounts with three different banks. I have four credit cards on top of that. That's already seven cards, a stack over 5mm thick, which fits in my wallet without giving me scoliosis.

I also have various hotel, airline, and car rental rewards program cards (if you travel for work and don't have these, you're seriously missing out). Store loyalty cards. Occasionally even gift cards. This is all shit that I can't be troubled to carry, because my tri-fold would explode.

With this Coin thing, I expect to have them all, right there in my wallet, at 1/7th the size of the card stack I'm currently lugging around.

Re:Cute; but why? (0)

Anonymous Coward | 1 year,8 days | (#45426806)

I'm sure you have a good reason for it, but I just can't figure it out. Why would you need to carry 4 different credit cards with you everywhere you go?

Re:Cute; but why? (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426978)

To keep them all in active status without having to remember to rotate them in/out of my wallet.

Re:Cute; but why? (1)

khellendros1984 (792761) | 1 year,8 days | (#45427138)

I don't know their exact circumstances, of course, but it's possible that the different cards have different rewards programs, and each one will gain them different benefits under different circumstances. Either that, or 2 are less-commonly-accepted cards that have lower interest rates, or something.

Re:Cute; but why? (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426460)

Also, it doesn't look like they'll be acting as an intermediary. The actual payment stuff doesn't go through Coin. The device merely stores and provides card details and is compatible with existing magstripe infrastructure.

And pre-order is only $50 (+$5 shipping).

Re:Cute; but why? (0)

Anonymous Coward | 1 year,8 days | (#45426544)

I certainly don't need any credit card details stashed in yet another OMGTOTALLY SECURE!!! server or app

As far as I can tell, if I were a user, this would not be my problem. As you can call up Visa or MasterCard to cancel transactions that are not yours -- if this actually catches on, either the security will be good enough, or the credit card companies will come down on this like a ton of bricks, even if it means lobbying to get a law to make these things illegal -- they would have to.

Re:Cute; but why? (1)

viperidaenz (2515578) | 1 year,8 days | (#45426902)

Visa or Mastercard can tell you to fuck off if someone made the transactions on a card you cloned.

Re:Cute; but why? (0)

Anonymous Coward | 1 year,8 days | (#45426622)

Eight. I carry exactly eight.

Re:Cute; but why? (1)

jtownatpunk.net (245670) | 1 year,8 days | (#45427196)

I've got a crap-ton of mag-stripe cards. Debit card, credit card, backup credit card, and AAA card are always in my wallet. I have about 10 different "loyalty" cards and I rarely remember to grab the ones I need when I run errands. It'd be nice to have all of my mag-stripe cards available in a single card. Then I could carry more cash in my wallet. MrBurnsStuffingWallet.jpg

A simpler solution... (1)

Anonymous Coward | 1 year,8 days | (#45426306)

Just use one card. Who needs 8?

Re:A simpler solution... (1)

bensyverson (732781) | 1 year,8 days | (#45426502)

People who have separate business and personal debit cards, to start.

Re:A simpler solution... (-1)

Anonymous Coward | 1 year,8 days | (#45426658)

People who have separate business and personal debit cards, to start.

HINT: Not everybody has this problem.

No, seriously, not everybody is given a wonderful funderful magical business expense account at birth. In fact, I'd say a comparatively small amount of people do.

Re:A simpler solution... (1)

_merlin (160982) | 1 year,8 days | (#45427650)

I wouldn't want to go there. I prefer to have three cards - it would be too easy to forget to switch to the correct account, or fuck it up when you're half drunk. Also you'll never be able to use this with ICC/Chip&Pin as the systems are designed to make it impractically difficult to extract the keys.

Security (2)

Isomorphic (241771) | 1 year,8 days | (#45426350)

I've read the articles, watched the video on their site, and read the FAQ. It is unclear whether the app actually sends your card information to their servers. As I posted over on Hacker News:

No, Coin, I'm not going to store all of my credit and debit cards in a single spot on the Internet.

Your app has to work without Internet, or it's a security risk.

Re:Security (1)

bensyverson (732781) | 1 year,8 days | (#45426538)

I doubt they would send the CC#s to the server, since it's not needed for the Coin to function. You swipe a card, it stores it locally, then sends it to the Coin via Bluetooth. Why would you need the internet for that?

Re:Security (2)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426628)

On the other hand, the CNET article states "On the security side, Coin uses 128-bit and 256-bit encryption on both its server and mobile app, as well as on the card itself."

Encryption... on its server... ehhhhh...

Well, that's what chargebacks are for, right?

To bad it's way less secure than chip and PIN (3, Insightful)

seifried (12921) | 1 year,8 days | (#45426366)

To bad it's way less secure than chip and PIN. Mag stripes can be trivially copied and then used. In Canada a lot of the payment terminals are configured to not allow mag stripe usage if the card has a chip (I disabled the chip on one of my cards to see what happens, only place that would let me swipe is Home Depot, and even then the machine wouldn't accept it, they had to pull out an old physical ka-chunker machine and do it manually, haven't seen those in ages).

Re:To bad it's way less secure than chip and PIN (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426518)

Every time I travel abroad, I'm reminded by how outdated the USA's financial shit is.

We use paper checks for everything.
We hand credit cards to waiters/waitresses, who then carry them off to the card skimming room, I mean the cash register, to pay for meals at restaurants.
Chip&pin does not exist.

Just a few months ago, one of my credit cards finally moved to chip&pin. In my social circle, I'm the first to have a chip&pin card. It's fucking 2013.

That being said, this card seems no less secure than any other common credit card in the USA. Which isn't saying much, but still.

Re:To bad it's way less secure than chip and PIN (1)

Saethan (2725367) | 1 year,8 days | (#45426710)

We use paper checks for everything.

Really? I've had the same check book since I first opened my account, 10 years ago. It still has around 10 checks left... might actually have to order another sometime in the next few years.

Re:To bad it's way less secure than chip and PIN (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426778)

Same. I didn't buy this fancy 101 key keyboard just to bust out the Bic.

But let's say you wanted to send me some money and we shared a mutual hatred of paypal. I suppose you could use your bank's online billpay feature, add me as a payee, and then shoot over some money. But on my end, since I'm not a major corporation with all sorts of electronic banking shit, all I get is a nicely printed check, mailed from your bank.

Same ol' paper check, it's just that you didn't have to bust out the ol' pen to write it.

Re:To bad it's way less secure than chip and PIN (1)

mrchaotica (681592) | 1 year,8 days | (#45427442)

I use paper checks to transfer funds between my and my wife's accounts. Using a cellphone to photograph and deposit a check actually makes the funds available faster than any of the various other transfer money mechanisms would. Ridiculous, but true.

Re:To bad it's way less secure than chip and PIN (0)

Anonymous Coward | 1 year,8 days | (#45427610)

It sounds awesome, something along the lines of "print, put on a wooden table, photograph, print, scan". I have read about Americans using checks for sending money, but I cannot imagine how it can be easier than regular wire transfer. Can you elaborate on it? Does it take that long in the US, or cost a lot?

The last time I saw a paper check was in 2005. Here in the EU when I forget cash for lunch I borrow from a colleague and return it by wire transfer, depending on the bank it can take from 5 seconds to several hours. Even international transfers usually arrive within two working days.

Re:To bad it's way less secure than chip and PIN (1)

michelcolman (1208008) | 1 year,8 days | (#45426898)

I couldn't agree more. It's actually funny to see how with this new 8-in-1 card, the US now has the latest and greatest in obsolete financial technology.

Re:To bad it's way less secure than chip and PIN (1)

TangoMargarine (1617195) | 1 year,8 days | (#45427120)

A lot of places don't accept paper checks anymore.

Re:To bad it's way less secure than chip and PIN (0)

Anonymous Coward | 1 year,8 days | (#45427712)

Where did you get a Chip & PIN card from? I've not been able to get one.

Re: To bad it's way less secure than chip and PIN (0)

Anonymous Coward | 1 year,8 days | (#45427058)

Exactly, can't even remember the last time I used the magnet stripe. Everything is chip here as well (Sweden).

idiots paying by check were bad? (1)

alen (225700) | 1 year,8 days | (#45426380)

imagine idiots using this contraption trying to show themselves off and changing out credit cards at the register or setting their phone up to pay

I already have something that holds 8 credit cards (1)

JoeyRox (2711699) | 1 year,8 days | (#45426430)

My wallet.

Re:I already have something that holds 8 credit ca (0)

Anonymous Coward | 1 year,8 days | (#45426638)

And if you drive a lot, probably a kinked back from the fat wallet.

Re:I already have something that holds 8 credit ca (1)

TangoMargarine (1617195) | 1 year,8 days | (#45427140)

First World Problems

Going to be a bummer. . . (1)

Anonymous Coward | 1 year,8 days | (#45426464)

. . .when your credit is declined and the clerk whips out the scissors.

Re:Going to be a bummer. . . (1)

c0lo (1497653) | 1 year,8 days | (#45427074)

. . .when your credit is declined and the clerk whips out the scissors.

In what parts of this worlds somebody can destroy my card without my permission?

Why not just use the app (2)

Gothmolly (148874) | 1 year,8 days | (#45426512)

If you load all that stuff into your card via the phone, why not just use NFC in the phone to pay? Oh wait, because people won't do that either.

Re:Why not just use the app (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426582)

I don't know where you live, but <sarcasm>out here in the boonies of NJ</sarcasm>, magstripe readers are commonplace but I have yet to see a single vendor that does NFC payment processing.

Re:Why not just use the app (1)

viperidaenz (2515578) | 1 year,8 days | (#45426796)

It's getting more and more common.
Visa call is "Paywave" and Mastercard call it "Paypass".
When the rentals on the terminals expire, the merchants will have no choice but to get an NFC compatable terminal.

Re:Why not just use the app (1)

Choad Namath (907723) | 1 year,8 days | (#45427332)

The hardware may be getting out there for accepting payments, but as far as using your phone to pay, in the US the cell phone carriers are doing everything they can to screw things up for everyone. I bought a phone with NFC and foolishly assumed that I'd be able to use Google Wallet with it. I didn't realize that most of the major carriers (pretty much everyone but Sprint) are working on their own so-far stillborn alternative (http://en.wikipedia.org/wiki/Isis_%28mobile_payment_system%29), so they don't allow Google Wallet to function.

No EMV, not going to be useful by 2015 (3, Informative)

noc007 (633443) | 1 year,8 days | (#45426514)

I hear they're working on one that's EMV compatible, but there's no point in releasing sometime in 2014 what they've proposed now as Chip+PIN/EMV will be rolled out en-mass in the US. The networks (Visa, MC, AMEX, Discover) are starting a liability shift and most will go into effect in Oct 2015: http://en.wikipedia.org/wiki/EMV#United_States [wikipedia.org]
What this means is the liability of any card fraud that occurs after that date with be moved to the entity that hasn't implemented EMV. That includes the card issuing bank, the merchant acquirer (the entity that the merchant uses to process cards), and even the merchant itself if they refused to update their terminals or POS systems. If fraud does occur and everyone is up to date with EMV, the procedure is the same as it is today supposedly.

I personally have my reservations about the system since there have been a string of compromised terminals in the past and the banks incorrectly blamed the card holder because the system was "fraud-proof" according to them. Hopefully those shenanigans don't happen in with US banks as this rolls out.

Re:No EMV, not going to be useful by 2015 (0)

Anonymous Coward | 1 year,8 days | (#45426696)

I don't think EMV support will be as easy as they think. That is sorta the promise of EMV.

Re:No EMV, not going to be useful by 2015 (1)

radarskiy (2874255) | 1 year,8 days | (#45427404)

EMV is not necessarily Chip+PIN. Chip+Signature Prefered and even Chip+Signature Only still complies.

My card from Bank of America is Chip + Signature Only, so I can't buy train tickets from kiosks in Euopre bu I can use ATMs in Europe because they fall back to mag stripe + PIN.

Pointless without EMV (2)

taustin (171655) | 1 year,8 days | (#45426548)

No support for chip&pin (EMV) yet, so this may have limited utility outside of the USA. They expect to start shipping in summer of 2014."

Considering that all US merchants have to be capable of using EMV[1] by October of 2015 [burlingtonbankcard.com] , perhaps that two year battery life is about right, because that's all the longer they will be useful. And most merchant services are pushing hard to have everyone capable of taking EMV by the middle of 2014.

Mag strip cards will be around for as long as the current ones out there last, but most new cards being issued now are EMV capable, and very soon, all of them will have to be. Without EMV support, this is, at best, a short term fad. And eventually, mag strip cards will just disappear, and merchants will have no reason to be able to take them.

[1]Technically, not required to stop taking mag strip only, but those who don't become 100% responsible for all fraud, automatically, regardless of the circumstances. As a carrot to go with the stick, those who get EMV up and going are not longer resopnsible for the sometimes pain-in-the-ass (and often expensive for small operations) requirements for PCI compliance [pcisecuritystandards.org] .

EMV is designed so you CAN'T copy it. (1)

Ungrounded Lightning (62228) | 1 year,8 days | (#45426790)

Pointless without EMV

Don't expect it soon. The whole point of EMV is to be IMPOSSIBLE to clone. To the credit card chip designers, this thing is exactly the same as a clone-and-spoof attack.

They put a little computer on the card and run encrypted protocols with the store terminal.

The details of the computer are closely held. (I was once asked to work on hardware for one, but it would have required a major security clearance investigation and a contract that, IMHO, would have made it difficult to work on anything else cryptographic afterward.)

They also do their best to avoid designing in things that might make its operation or storage subject to tapping or observation by electrical or mechanical means.

$100 for two years of life? (1)

danudwary (201586) | 1 year,8 days | (#45426672)

Q. How long does a Coin last? Do I recharge it? What happens when my Coin’s battery dies?
A. Coins are designed to last for 2 years under normal usage and do not need to be recharged. Once the battery dies you will need to replace your Coin.

For $100? I don't think so.

Re:$100 for two years of life? (1)

NoImNotNineVolt (832851) | 1 year,8 days | (#45426714)

How about for $50? That's what I paid to pre-order it. (+$5 shipping)

Re:$100 for two years of life? (1)

viperidaenz (2515578) | 1 year,8 days | (#45426776)

In 2 years they will be obsolete. Since mag strips won't be mandatory and every terminal will accept chip cards. Those that do accept a mag strip will be liable for fraud.

Re:$100 for two years of life? (1)

omnichad (1198475) | 1 year,8 days | (#45426824)

$4/mo. isn't insane, but it's way too much for me. On the other hand, I'm tired of having so many cards. Is it worth $4/mo. to not have to carry them all? No. $1/mo., maybe.

Maybe the second generation will be under $20.

Too late. (1)

viperidaenz (2515578) | 1 year,8 days | (#45426698)

Cards are moving to chips and NFC.
If I swipe my credit card in a terminal with a chip reader, it rejects and tells me to insert the card.

This isn't new... (1)

mlts (1038732) | 1 year,8 days | (#45426726)

A few years back, I remember a startup which had a card that was programmable with any magstripe ID, but instead of Bluetooth, it had a few small wires between the main handheld apparatus and the card itself.

It went over like a lead balloon, and I don't even remember the name of the contraption maker.

Intead, I'd much rather see the smartphone itself be the payment device using Bluetooth between it and the register [1]. The register sends a signed transaction, the device validates the signature and asks if you want to pay it, you tap a fingerprint or PIN code on your device, payment is confirmed, and one is on their merry way. Of course, there are still security loopholes (someone copies the app with the card repository, etc.) However, it isn't that much worse than an average piece of plastic with an easily forged magstrip.

[1]: Of course, the weakness would be the same as any CA based system... compromise the head CA, and all hell breaks loose, but it does get rid of skimmers as a potential attack, and those are far cheaper to make than hacking a SSL private key.

Card Not Present (2)

TheSpoom (715771) | 1 year,8 days | (#45426822)

Wouldn't retailers be required to treat these transactions as "Card Not Present" transactions [wikipedia.org] , meaning that far fewer would accept them?

I believe the liability is increased to the merchant if they just accept a CC number + expiration + CVV, to which accepting this would be functionally equivalent.

Re:Card Not Present (2)

hurfy (735314) | 1 year,8 days | (#45427438)

Can you do a real 'card-not-present' transaction with it?

So i loaded all my cards into this thing and i want to buy something online. It looks like it displays part of the CC # so can it scroll the whole number to enter? What about the CCV on the back of trhe card? Most online stuff won't process without it and it isn't stored or is it?

PS, OK slashdot I'll change systems or browsers already. God, this site runs slower than my XT. Actually feels like I am typing on a 300 baud modem with the display half a line behind. Need more memory but other forums aren't nearly as bad.

Too late? (0)

Anonymous Coward | 1 year,8 days | (#45426836)

I believe that CC is dying so I really don't understand why create a new technology to solve a "problem" (ie have a couple of cards in your wallet) for something that seems it's not going to be in the market for much longer.
I think that only people who can't afford buying an smartphone will keep using CC in the near future, but at the same time these people usually hold only one CC...
Virtual currencies looks much prominent that this product imho.

Re:Too late? (1)

viperidaenz (2515578) | 1 year,8 days | (#45427178)

I use a credit card to save money.
I get over a month interest free. That's over a month of interest I don't have to pay on my mortgage if I used cash.
The cash back rewards also pays for the annual fee several times over.

Re:Too late? (1)

glitch0 (859137) | 1 year,8 days | (#45427616)

Those cash back rewards come from the credit card processing fees that merchants charge. The merchants must raise their prices to include those fees and still make the same profit, so really, you're paying extra every time you make a purchase and then you're waiting for them to give it back to you in the form of a "reward".

Limited outside USA? (1)

houghi (78078) | 1 year,8 days | (#45426856)

How about unusable outside the USA? In many stores in Belgium the staff does not even know how swiping works. If it doesn't accept the chip and pin, the are lost and will not be able to complete the purchase. Or they just not accept swiping, because they do not trust it.

The whole world that uses the metric system also uses chip instead of the magnetic strip. Perhaps it is related?

Some pre-paid cards just have a chip and the numbers are not even embossed anymore or in the standard landscape form http://s1.djyimg.com/i6/1202131251562133.jpg [djyimg.com]

Swiping? (1)

CanadianMacFan (1900244) | 1 year,8 days | (#45427050)

Can't remember the last time I swiped a credit card. It's been the chip and pin system for years or the RFID system where you just tap your card against the reader. Next thing you'll tell me that you have to sign your credit card transactions too!

EMV IC Cards (1)

Steve Newall (24926) | 1 year,8 days | (#45427116)

As most of the world has moved to EMV smart cards to reduce fraud (the US still has to move), this is a "solution" to a problem that doesn't exist for most of us. Also, the EMV standard already supports multiple applications on a chip card.

Looking suspicious? (1)

ndrix (3427753) | 1 year,8 days | (#45427130)

I'm not sure how clerks will look when, instead of me showing a credit card; I whop out an electronic device that is my mode of payment and swipe it. Wouldn't they feel "hacked"?

Great security feature... (1)

viperidaenz (2515578) | 1 year,8 days | (#45427150)

If it loses contact with your phone for a self-designated amount of time, Coin will deactivate itself.

So when you phone battery goes flat (and it will go flat quicker, with this app in the background waking up periodically and communicating with the card), you can't buy a new charger to charge it.

AMEX and DISCOVER would probably love this (1)

slew (2918) | 1 year,8 days | (#45427218)

Some establishments actually do accept AMEX and DISC cards but swipe subtly attempt to dissuade customers from using them because of their higher swipe fees. With this device and the way most bill are handled, the cashier would probably need to swipe this generic card and now it's generally too late to go back to the customer to change negating this specific fee avoidance strategy***

***I suppose they could swipe the generic card charge, note that the charge was AMEX, reverse the charge, return the card back to the customer and have them switch the card to be VISA/MC and then reswipe, but I'm sure the POS terminals won't make that very easy for the overworked cashiers.

Good idea, wrong approach. (1)

dgatwood (11270) | 1 year,8 days | (#45427304)

This would be a great thing for cloning all those obnoxious loyalty cards that clog your billfold, if it could clone those, but I'm guessing it is only for credit cards.

IMO, the right solution for credit cards is entirely different. What someone needs to do is work with Visa/MC/Amex to create a card that serves as a proxy card for multiple cards. It should have its own number, and each charge is treated as a preauthorization on your default card. Then, at any time before midnight on the day you make a purchase (possibly longer), you should be able to route the actual charge to the card of your choice.

Because the proxying would be handled by a real server with real compute power, you could even specify that, for example, all purchases made at a gas station during the months of May, June, and July should be routed to your Chase card (for example) because that's the bonus category for that period. You could automatically make Amazon purchases go to your Amazon card, make Amtrak purchases go to your Amtrak card, make air travel purchases go to your airline miles card, etc.

And because it would be a real card in its own right instead of a clone of an existing card, it could even have its own chip (or even chip and pin). You could assign an arbitrary billing ZIP code to make it far less likely for anyone to be able to use it to make significant purchases if it gets stolen. You could instantly cancel it from your mobile phone if it gets stolen without causing you to lose access to any actual credit. And so on.

Tout (0)

Anonymous Coward | 1 year,8 days | (#45427470)

Tout is such an annoying word.

Wasn't there a kick starter project doing this exa (0)

Anonymous Coward | 1 year,8 days | (#45427540)

But with an iPhone case for the card as well? Seems like they would own the patents to this...

No C&P! (0)

Anonymous Coward | 1 year,8 days | (#45427658)

Of what use is a credit card without Chip and PIN?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?