All is good, but...
Does it have an app store?
Toppan Printing has demonstrated a credit card with a colour screen and keypad, claiming that you don't need a mobile phone to manage mobile commerce. The card, which at 3.9mm thick squeezes into the definition of such, has a 2.2-inch colour screen with a 320x240 resolution, but most importantly Toppan Printing reckons it will …
Who needs a card? As you already carry your phone everywhere anyway, why not download the as yet non-existent VISA or MasterCard apps onto your phone, activate them over the phone, and then use that to pay for things.
I can already buy parking/public transport and ciggies with an SMS - why not join the dots guys?
Alternatively, add phone capability to the credit card - sorted ;-)
Surely a 320x240 colour LCD is a little over the top for a credit card, something that'll spend 99.5% of it's time out of sight in your wallet, and the other 0.5% of the time half inserted into a card reader? (though I understand this card would spend it's 0.5% being held against a NFC reader).
A medium resolution, e-ink display would be thinner and consume MUCH less power making the card last longer between charges, as well as leaving your balance on the screen at close to zero power consumption.
I wouldn't put a 50-inch flatscreen TV where it was easily visible by someone walking past my house lest I tempt a break-in; why in Ghoo's name would I want my bank balance visible at all times on my interactive, keypadded, bank/debit/credit card?!!?
This just strikes me as an account-vacuuming waiting to happen... or am I missing something?
On a separate note, how flexible are those 3.9mm cards? Things in my wallet tend to get a bit bent from having my fat butt sat on them all day -- my regular cards can stand it and either bounce back or work even WITH a bit of a bend in them. I wonder about these ones, though.
... could be avoided if a different entry scheme was used... for example display a random number on the display and use the buttons to move each digit up & down... or give the buttons a display so they can be randomised too... just two of many possible ways to even the wear pattern.
Could run into patent issues. It would cost the company next to nothing to simply train the user/card holder to pad their PIN with enter ANY 3 non-sequential numbers before and andy 3 non-sequential numbers after the PIN code. So, however long the PIN is, hopefully there will be enough button presses to obscure the PIN. No patent threats there that i can think of at this moment.
Not sure I like the idea of near-field comm payments.
Card skimming is already on the rise, with counterfeit readers attached to all matter of devices, from ATMs to video rental kiosks.
But at least with physical magstrip readers, there's a chance that you'll notice something isn't quite right about the device (i.e., the keys "look wrong" or the card slot "grabber" sticks too far out of the front of the machine).
With the security of many popular RF-based transit cards (MIFARE Classic, etc.) already in doubt, adding NFC credit/debit payments to the mix just doesn't seem like a good idea. Side-channel attacks are too difficult to spot; a directional, tuned, high-gain antenna can be mounted almost literally "anywhere" in the surrounding environment, making RF-based attacks very difficult to detect, even for experts.
I recently ditched one of those Swiss Army credit card utility things from my wallet because it was too thick, at a few mm. I currently have seven assorted bits of financial plastic in my wallet, making nearly 3cm thickness of cards at 3.9mm each.
So that's not going to happen. Still, maybe they'll get thinner.
Just why would you need a screen on a card? The readers have keypads and screens for a reason .... Another case in point of technology being applied to something pointless . I don't like the idea of contact less payment either . How longs it going to take for some bright spark to figure out how to trigger a payment and sit themselves down in a busy shopping centre and fleece anyone that goes near them . Pickpocketing without moving a muscle . I suspect the more techno they make card transactions the more the risk of getting fleeced will be .
A screen attached to the card reader shows you what the scammer wants you to see: a low price and the name of the restaurant you are in. A screen on the card will tell you how much you are really paying, and who to. Likewise, the keypad must be on the card - a key pad on the card reader is a key logger.
These cards have two of the minimum necessary requirements for electronic payments. The missing part is public key cryptography. Without proper cryptography, a man in the middle controls the display on the card, can log keys on the keypad and can transfer your bank balance to a mule.
When banking services are provided by mutually owned and managed organisations, such as the Building Societies, Swiss WIR and the Irish Credit Unions it becomes feasible for these trade and credit accounting services to be the servant of the economy and not its master. With banking services provided by and for private shareholders banks will always be the master of the economy - just look at recent bonuses paid to bankers if you don't believe me.
Currently every plastic purchase you make results in the vendor paying a percentage to the bank. You, the customer, are not supposed to see this, because cash purchasers will normally see the same price. But the vendors have to charge their customers for this by upping prices. You the vendor are supposed to see this as a commission the bank gets for the sale, as if you couldn't get this sale without the bank's assistance. If your credit bill isn't paid in full at the end of the month, you the purchaser get to pay a very high rate of interest compared to what the bank has to borrow money at. It's not as if the bank has to borrow this most of the time anyway, because this money doesn't exist before you spend it - it's your IOU and not that of the bank, because the collateral is your ability to repay it, the bank just insures the very small risk that you can't or won't. The bank also meets payment calls required for clearing differences with other banks and whatever minimal fractional reserve rules the regulators might impose, but these payments made by the bank are minor compared to what the banks lend and charge you for when you spend.
Change this to a mutual money model avoiding the dead hand of government and parasitical shareholder influence, keep risk-taking capitalist investment banking at arms length from mutual retail banking, and you get a deal much closer to that offered by WIRBank in Switzerland ( http://www.wirbank.com ) You'll see very much lower rates on offer there (you'll understand these better if you can read German, French or Italian).
But the mutual accounting operation does have base overheads to pay for (cost of staff and branches mainly), though these can be kept modest. In practice the fairest way to provide for most of these is through annual fees.
Then why not power it by supercap or something similar? With battery management and e-ink it should even last a while. Charge it through the "smart card" chip interface... and do away with the RFID bit altogether.
The "oh contactless payment!!!oneone!!eleventy!" fanboiism of the industry is getting a bit tiring. Some things I just don't want to do "over the air", and for good reason. And yes, this looks a lot like it can be done equally well with a "smart card" chip interface. Or show me that the RFID addition is a sound technical requirement. From everything I've seen so far, it isn't. In fact, it mostly gets in the way.
eInk is surely the correct display technology to be used here! The thinner and lower powered the better. It doesn't even need to be capable of showing greyscales, and the odd duff pxiel won't matter either.
I'm sure that someone else will come along, shrink it to 1mm thick and $10 a piece. In the meantime I guess it's a neat tech demo. Should be able to run space invaders too, it has the buttons.
What problem are they trying to solve with this? My credit card with the mag strip on the back costs pennies to produce and works year after year without having to recharge it or worry about a cracked display. Sure, I have to take it out of my wallet and swipe it in order to use it but is this really such an inconvenience to many people?
Easier credit card payments? No! They are way to easy already. Witness the personal debt boom.
If the thing is to have any built in intelligence it should analyse the current purchase against the users income/personal debt/lifestyle and tell the user that they do not need and cannot afford this phone/netbook/gadget/pair of shoes/mini-break or whatever.
I'm sorry, this Microsoft Windows powered ATM cannot read the iOS card you have inserted.
...or consider this situation....
"Hello, bank of money. How can I help?"
"Hi there. I'm afraid I've lost my card/card's been stolen/card has worn out. Could I please get a replacement."
"Certainly. Now my records indicate you had a super-duper card with built in cleverness. A replacement card will be £65 plus VAT at 20%, that's £78 in total. How would you like to pay for that? We accept most major clever cards."
"Go to hell."
It's the wrong format to my mind. My company VPN system uses a keyfob with a keyboard and a PIN to get you the one time password with a single line LCD. I'm not sure what the point of a colour LCD is (yet more advertising), but I'm pretty sure all the required components could be put into a keyfob format as a 4mm thick credit card is just too big.
However, can I make a plea - if we are going down the electronic identity device line, can the various bodies involved all make sure we only have to carry one? It's bad enough having half-a-dozen 0.5mm think cards for stores, debit, credit and so on. If we had to carry the same number of electronic devices then it would cause chaos.
ps. a small, and oh-so-cheap way of detecting credit card fraud that the banks might want to implement. Just give us the option of receiving an SMS message whenever there is an attempted approval of a payment. That way people will very rapidly find out if their card has been cloned or is using you card number. Just how difficult can it be?
The feature missing from this card, and the winning argument for putting NFC in the mobile phone, is remote management: OTA downloading of applications ('cards') to the secure element (most likely the SIM), remote updates (ticket purchases, account lock/unlock, etc).
Anyway, it is much more difficult to play card skimming attacks against this kind of devices than against magnetic stripes: the secure element will not exchange any information until the NFC reader has authenticated itself.
If your OTA idea has but the tiniest flaws, it is that it enables hijacking of the card. It /could/ be secured, of course, but security is /hard/, so it's always easier to go the simpler route which *doesn't* leave holes to be patched with cryptography. That applies both when using RFID and GSM. So far the only real use for GSM hijacking has been racking up phone bills with cloned SIMs. And yes, they're clonable. But once that changes, the incentive changes too.
Moreover, crypto is finnicky and hard to get right. So, to incease the chances your securing efforts will not be hopelessly subverted at the first try, you first reduce the need for crypto to the bare minimum and then work your damnedest to make sure that little bit of crypto is rock solid.
Perhaps putty is an apt anology: It can do things that're hard to impossible to do otherwise, but it can only do so much, so you only use it when you can't use anything else. You don't just pour more putty on the window so you can make pretty pictures with it too.
The comparison to magstripe cards is a bit disingenious, as the tradeoff isn't straight-forward. A better trade is from magstripe to chipcard (without RFID or phones attached), which gives /the client/ or so you will /the user/ the same sense of "now I'm using the card... and now I don't". That experience is belied and made needlessly more complex by RFID and NFC. To the point of enabling all sorts of fancy new scammery needing preventing that in turn causes yet more complexity that could've easily been not needed with a different setup. That is the real complaint against "paying by waving some device in the air, like you just don't care".
All of that, by the by, has been argued by scores of people here before, and indubitably elsewhere too. Are we listening, banks? Or are we chasing another bail-out with a record bonus payout on top?
Biting the hand that feeds IT © 1998–2019