EMV

Gabriel Haythornthwaite gabriel at castelain.com.au
Tue Jul 12 19:02:12 EDT 2005 

In Hong Kong a lot of people do little more than wave their bags at the
turnstile.  Removing the wallet and revealing its size is unnecessary. 

> -----Original Message-----
> From: owner-cryptography at metzdowd.com 
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Ben Laurie
> Sent: Tuesday, 12 July 2005 8:14 PM
> To: Peter Fairbrother
> Cc: Florian Weimer; David Alexander Molnar; ? Schmidt; 
> cryptography at metzdowd.com
> Subject: Re: EMV
> 
> Peter Fairbrother wrote:
> > Florian Weimer wrote:
> > 
> > 
> >>* David Alexander Molnar:
> >>
> >>
> >>>Actually, smart cards are here today. My local movie theatre in 
> >>>Berkeley, California is participating in a trial for "MasterCard 
> >>>PayPass." There is a little antenna at the window; 
> apparently you can 
> >>>just wave your card at the antena to pay for tickets. I haven't 
> >>>observed anyone using it in person, but the infrastructure 
> is there right now.
> >>
> >>If you are interested in useful RFID applications, just visit 
> >>Singapore. 8-) They use RFID tickets on the subway (MRT) and on 
> >>busses, and you don't have to worry about buying the right ticket 
> >>because the system charges you the correct amount.  
> However, there's 
> >>one thing that makes me nervous: if you know the card 
> number (which is 
> >>printed on the cards), you can go to a web page, enter it, 
> and obtain 
> >>the last 20 rides during the last 3 days, without any further 
> >>authentication.
> > 
> > 
> > London Underground have a contactless system too, but it isn't used 
> > much. As I remember it had a similar problem, but they may 
> have changed that.
> > 
> > You take out your wallet with the card in and wave it over a 
> > palm-sized yellow blob on the turnstile, but you don't have to open 
> > your wallet to withdraw a token.
> > 
> > Muggers and pickpockets keep a close eye out to see how fat your 
> > wallet is and where you keep it ...
> 
> Which, of course, they would never do if you were extracting 
> money to buy a ticket, or showing your season ticket. Explain 
> to me how the contactless system alters this risk in any way?
> 
> Cheers,
> 
> Ben.
> 
> -- 
>  >>>ApacheCon Europe<<<                   http://www.apachecon.com/
> 
> http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
> 
> "There is no limit to what a man can do or how far he can go 
> if he doesn't mind who gets the credit." - Robert Woodruff
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to 
> majordomo at metzdowd.com
> 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list