Contactless cards ‘will succumb to newer technology’


#1

Had a read of this earlier (nothing particularly groundbreaking I shouldn’t think).

This stood out to me though, as I don’t remember seeing it anywhere else.

For those consumers still worried about the potential for drive-by theft from contactless cards, biometric technology could help quell these fears. Gemalto has developed a payment card with a built-in fingerprint sensor, which could also lift the ceiling on transaction limits.

The cardholder’s biometric data is enrolled at their bank, and the fingerprint reference data is securely encrypted and stored in the card’s secure chip, not on the bank’s servers. Better still for merchants, no upgrade is required for their POS systems as the biometric check is directly performed on the card​.

I still probably use my card more than my phone to be honest - I find it easier!


(Nick) #2

Seems there are still failure modes to this sort of thing…


(Jamie 🏳️‍🌈) #3

God help us when someone works out how to hack our biometrics.

Slightly more inconvenient to get replacements.


#4

I would have thought that physically forcing someone to use their card in a public place would be a little harder than using their finger whilst asleep (and still more secure than just taking the card and using the contactless/knowing the pin anyway).

It’ll be retina scans before too long!


#5

Or DNA sensors - Gattaca here we come…


(Neil M) #6

Anything involving a fingerprint is highly insecure. For example


He was the guy who was responsible for the German defence ministry hack.
@DaveTMG highly unlikely I did my Undergraduate thesis on the feasibility of DNA cryptology as a security system. As part of it I looked at Biosensor etc. Unless sequencing technology gets much better and they get smaller there is no way a DNA sensor would work.
But any security measure is highly insecure due to the external variables. At the end of the day some one will just find something else to attack the finger pad. The sensor that reads the fingerprint. Also gemalto and even RSA crypto will be obsolete when proper quantum computers become a reality.


#7

When are we getting these cards inserted into our fingers so we can just place that on the readers? Would be so much easier…


#9

Pretty sure they have done this in Sweden (?) - As a trial at least for certain cards (not sure debit cards were used).


#10

I’m happy with my kerv - now k-ring. It’s fun to see the cashier’s face when I pay as they’ve generally not seen one before.


(MikeF) #11

Is that still a thing? I haven’t heard it mentioned in quite a while.


#12

(Neil M) #13

If we’re talking about ways to pay, this is very interesting
https://www.kaspersky.com/about/press-releases/2017_data-dollar-the-new-currency-based-on-the-value-of-personal-data


#14

@DaveTMG this looks awesome! I’m too lazy to Google at work, will look into it tonight.

Quick pros/cons?

Compatible with Monzo/ApplePay/GooglePay?


#15

Would that be any worse than a hack on a bank currently?


#16

It’s a prepay card that you top up (I have auto top up enabled)

Pros: really cool to use as very rare, much quicker than getting a card or phone out (apart from having to explain it to interested onlookers), tapping the tube gates to open them is fun.

Cons: seems to fail a bit more than I’d like - not in terms of failing to read, but more that there are some terminals that simply won’t accept it. The local Micky Ds and KFC are a problem. They appear to have brought in charges for new users and it is more expensive to buy - I got mine in the original kickstarter round so paid less than half what they are charging now, and I haven’t yet had any ongoing charges.


#17

Very interesting - will need to research fully.

@monzo we need wearables integration in our lives!


(Jamie 🏳️‍🌈) #18

Yes, of course it is.

Currently, security tokens, passwords and personal identifiers (like card numbers and PINs) can all be replaced if someone finds a way to use them.

Your fingerprint, or iris, can’t be replaced. Someone finds a way to hack those, and you’re compromised forever. In a world which has switched over to using those kinds of things as identity confirmation, and you’re never able to identify yourself ever again. Anywhere.


#19

I guess one way to do this would be to alter it randomly and store the alter version on the card and have a complex mathical function to transform between the two