1. Download our Official Android App: Forums for Android!

Mobile PayPass Tag - spin on NFC tech

Discussion in 'Off Topic' started by Roze, Sep 13, 2011.

  1. Roze

    Roze Hiding behind a mystery
    Thread Starter
    Rank:
    None
    Points:
    333
    Posts:
    9,814
    Joined:
    Jan 20, 2010

    Jan 20, 2010
    9,814
    2,183
    333
    Where the Sakura grows
    My credit card has a chip (PayPass) that allows me to quickly swipe it against a 'Paypass' terminal and instantly pay any goods under $50 quickly and painlessly (no signature or pin number required). Now the bank/credit card has come with a sticker version where the same chip is embedded into it (Mobile PayPass). You can put the sticker on your phone and swipe your phone against the 'PayPass' terminals.

    [​IMG]

    So it's a spin off of the NFC tech. If your phone doesn't have NFC, you can still make these quick purchases.

    My concern is that with NFC, I think your phone ask you to confirm after you swipe the phone across a terminal (can someone who use it clarify). With the sticker Mobile Paypass, your phone is sent an email confirmation. I just feel that security is an even bigger question with this sticker.

    I am really tempted to try it out as I carry my phone EVERYWHERE with me. Security is my predominant fear. I have a habit of losing my phones so if anyone that gets a hold of my phone, they can go on a spending spree :<

    Your thoughts? Is this something you'd use if you don't have the NS with NFC?

    The thing I like about the paypass is that it's very convenient. 3/4 merchants I buy from have this feature in their stores.

    Source: BMO brings mobile payments to the forefront, rolls out the "Mobile PayPass Tag" | MobileSyrup.com
     

    Advertisement

  2. zuben el genub

    zuben el genub Android Expert
    Rank:
     #52
    Points:
    443
    Posts:
    7,413
    Joined:
    Jan 24, 2011

    Jan 24, 2011
    7,413
    2,654
    443
    I wouldn't use it. The terminal you showed looks just like the ones that the Michael's chain uses, and someone managed to get a skimmer on it. Until there is more security, I don't think I'd care for it.

    Even an Linux type accept with password could be faked, and judging from the posts about what apps allow what from market, and most people accepting blindly, that isn't much of a solution, but gives the merchant/card issuer an out.

    Not only could your charge card be endangered, but a 2 way stream of info could probably be accomplished.
     
  3. Roze

    Roze Hiding behind a mystery
    Thread Starter
    Rank:
    None
    Points:
    333
    Posts:
    9,814
    Joined:
    Jan 20, 2010

    Jan 20, 2010
    9,814
    2,183
    333
    Where the Sakura grows
    I've used the machine if a merchant I buy from use the paypass terminal and I have no issue so far (I audit all of my bills).

    I'll follow the development and see if they'll put any other security measures on this that might make it safer.
     
  4. cds0699

    cds0699 Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    1,545
    Joined:
    May 22, 2010

    May 22, 2010
    1,545
    347
    163
    Shenandoah Jct WV
    I might consider it if I was able to conceal the sticker a little better (Going along with security). A couple thoughts on how to do this depend on size of the sticker.

    1) Remove the back cover and stick the sticker on the inside of the cover, then put it back on. As long as doing this wouldn't affect the battery or operational features of the phone, this way looks ideal.

    2) If you're one of those that uses a case on your phone, then it would be hidden by the case.
     
  5. 9to5cynic

    9to5cynic Android Expert
    Rank:
    None
    Points:
    633
    Posts:
    4,873
    Joined:
    Feb 20, 2011

    Feb 20, 2011
    4,873
    1,766
    633
    /home/
    Security by obscurity, I like it.

    However, I do not like the idea of RFID chips (or whatever tech they are using, same concept) to be in charge of any purchases. Don't trust it. With something like thirty bucks you can buy all the parts to build a scanner. It'll rip the info right from those chips and some even have read/write capabilities....
     
  6. novox77

    novox77 Leeeroy Jennnkinnns!
    Rank:
     #59
    Points:
    413
    Posts:
    3,965
    Joined:
    Jul 7, 2010

    Jul 7, 2010
    3,965
    3,257
    413
    One should not be universally scared of NFC. Current passive NFC tech (the kind that can always be read from, like a credit card or this sticker) is a huge security risk because anyone with a scanner (cheap to buy) can bump you and get that data, which they can then use to clone another passive RFID/NFC chip. The only reason you don't hear about thieves doing this already is because the tech is not widely used, and thieves are having great success getting access to CC info via other means. The return is simply too low.

    When NFC comes to our phones, the RF chip in our phone will not be able to be passively read. It has to be enabled. Furthermore, you the user will control when it can be read, and which "card" the phone should make available. No one will be able to bump scan your phone.

    Now, if someone gets a hold of your phone, and assuming you have no credential check set up (pin, password, pattern, etc), then they can get to your NFC data. But that's no different from someone stealing your wallet and getting the magnetic stripe info off of your traditional credit card.
     
    cds0699, Roze and 9to5cynic like this.
  7. Roze

    Roze Hiding behind a mystery
    Thread Starter
    Rank:
    None
    Points:
    333
    Posts:
    9,814
    Joined:
    Jan 20, 2010

    Jan 20, 2010
    9,814
    2,183
    333
    Where the Sakura grows
    Thanks Novoxx for the explanation, you always have the right answer to everything :)
     
  8. zuben el genub

    zuben el genub Android Expert
    Rank:
     #52
    Points:
    443
    Posts:
    7,413
    Joined:
    Jan 24, 2011

    Jan 24, 2011
    7,413
    2,654
    443
    Would solve one problem. New tactic at ATM is infrared. It records the heat from your fingers when you enter the PIN. Suggested solution was press all the keys after entering. The hot image doesn't last that long, so if you swipe all the keys after the transaction there's too much info.
     

Share This Page

Loading...