EMV
Gabriel Haythornthwaite
gabriel at castelain.com.au
Tue Jul 12 19:02:12 EDT 2005
In Hong Kong a lot of people do little more than wave their bags at the
turnstile. Removing the wallet and revealing its size is unnecessary.
> -----Original Message-----
> From: owner-cryptography at metzdowd.com
> [mailto:owner-cryptography at metzdowd.com] On Behalf Of Ben Laurie
> Sent: Tuesday, 12 July 2005 8:14 PM
> To: Peter Fairbrother
> Cc: Florian Weimer; David Alexander Molnar; ? Schmidt;
> cryptography at metzdowd.com
> Subject: Re: EMV
>
> Peter Fairbrother wrote:
> > Florian Weimer wrote:
> >
> >
> >>* David Alexander Molnar:
> >>
> >>
> >>>Actually, smart cards are here today. My local movie theatre in
> >>>Berkeley, California is participating in a trial for "MasterCard
> >>>PayPass." There is a little antenna at the window;
> apparently you can
> >>>just wave your card at the antena to pay for tickets. I haven't
> >>>observed anyone using it in person, but the infrastructure
> is there right now.
> >>
> >>If you are interested in useful RFID applications, just visit
> >>Singapore. 8-) They use RFID tickets on the subway (MRT) and on
> >>busses, and you don't have to worry about buying the right ticket
> >>because the system charges you the correct amount.
> However, there's
> >>one thing that makes me nervous: if you know the card
> number (which is
> >>printed on the cards), you can go to a web page, enter it,
> and obtain
> >>the last 20 rides during the last 3 days, without any further
> >>authentication.
> >
> >
> > London Underground have a contactless system too, but it isn't used
> > much. As I remember it had a similar problem, but they may
> have changed that.
> >
> > You take out your wallet with the card in and wave it over a
> > palm-sized yellow blob on the turnstile, but you don't have to open
> > your wallet to withdraw a token.
> >
> > Muggers and pickpockets keep a close eye out to see how fat your
> > wallet is and where you keep it ...
>
> Which, of course, they would never do if you were extracting
> money to buy a ticket, or showing your season ticket. Explain
> to me how the contactless system alters this risk in any way?
>
> Cheers,
>
> Ben.
>
> --
> >>>ApacheCon Europe<<< http://www.apachecon.com/
>
> http://www.apache-ssl.org/ben.html http://www.thebunker.net/
>
> "There is no limit to what a man can do or how far he can go
> if he doesn't mind who gets the credit." - Robert Woodruff
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list