FTC to Scrutinize Contactless Payment Technology

coondoggie writes to tell us that the Federal Trade Commission (FTC) will be taking a look at contactless payment systems and the consumer protection issue surrounding them. "RFID technology provides obvious benefits, the FTC said. For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective. However, there also may be costs regarding consumers' individual privacy rights associated with it."

Hmmm

For example, the ability of producers using RFID to track exactly where in the supply chain their products are and by which retailer they were ultimately sold to a consumer has the potential to make product recalls more effective.

How about making it so that in this day and age you can actually mail a package and not have to worry about it getting lost along the way? I'd find that much more useful.

Re:Hmmm

IAACPRC (contract postal retail clerk)

Express Mail gets lost. Trust me, I've had it happen once or twice in my two years' work at a contract postal unit (meaning I work for a business which runs a USPS-funded post office) because EMS is just like any other of the "usual" services - Delivery/Signature Confirmation, Certified Mail, Insured Mail. These barcoded services are traceable, but only at certain points, and in some cases (e.g. DC and Certified) USPS only guarantees you'll get a delivery scan; intermediate scans are basically a "courtesy" to the customer. The only advantage of EMS is it includes $100 of insurance and it's scanned in at every stopping point.

If you really don't want something to get lost, send it Registered Mail. Registered stuff doesn't get lost; it's someone's job, because they can literally narrow it down to one employee who last had the item in their possession. Every employee who takes a registered item into possession has to sign for it, so there's a traceable system of receipts linking an item to an employee from acceptance to delivery.

Re:Hmmm

The time they scan it in is beside the point. (In fact there was an investigation into our branch office for doing just that -- scanning mail as delivered without actually delivering it or scanning as delivered prior to actual delivery.) The problem is that employees, contracted or federal, can steal any mailpiece except for registered mail and possibly get away with it because of how many hands it can change between scans. When every change of hands requires a physical record and signature, which only happens with reg mail, it's impossible to game the system -- USPS points the finger at the last employee who signed for the mailpiece. And yes, I've had to track down seemingly lost registered mail by calling each office where the piece stopped, inquiring based on lock and seal numbers kept in paper records. That's why I argue registered mail just doesn't get lost; no one wants a lost mailpiece pinned on them.

What I don't get...

Is why we're once again bucking the trend and doing something different?

A lot of the world is using chip+PIN, which while not perfect is still drastically better than what we've got, can't be sniffed from remote, is much more of a distinct action and has a huge install base.

I'm not sure what this obsession with RFID payment methods is.

Re:

Chip+PIN... have you noticed all of the cameras? Like one over each register at my local Wal-Mart.
I don't like entering the PIN where it can be seen.

Re:

Thats why you have two hands. Cover your PIN with your other hand. Duh?

Re:

Hey, I lost the other one in a freak RFID accident you insensitive clod!

Re:What I don't get...

Thats why you have two hands. Cover your PIN with your other hand.

No it's not. I have two hands because my ancestor who first developed a mutant hinge at the end of his stubs had two arms.

But, now that I have these two wonderful hands, covering up my PIN is one of the things I can use them for.

Re:What I don't get...

Because safety is a non-issue? You see there are two possibilities. Either you develop a safe system, or you make all your customers pay a little extra to cover for the thieving. In a huge market like the US, and with no real push to go for safety, bankers will do what bankers do best: they will think in money, not in safety (read: engineering). RFID on the other hand, has the possibility to make payments easier. With the payment going faster, shops will need fewer cashiers, customers get the impression things are going faster, everybody wins!
It is realy social security all over again. Americans have to pay less taxes, because they don't spend so much on keeping the poor of the street. The money they spend on guns, alarm systems, private security is conveniently forgotten. I mean tax is like, well..tax. The fact that you pay for armed security every time you buy a tshirt in the mall, well that is not tax now is it?

Re:

The payment is by far the fastest part of the checkout process. Put the RFID tags directly on the items (and not just the shipping crates for SCM tracking) and eliminate the actually time-consuming process of scanning dozens of bar codes. Remember that o

Re:What I don't get...

The thing is, the credit card companies don't care at all about security, but they actually do "C"---make the vendors bear the cost of security. Your card gets stolen and used, they refund the money and reverse the charge and the vendor eats the cost of not verifying the identity of their customers. In the end, everyone pays for it through higher prices for goods and services, but the CC companies don't care about that because they aren't out anything and don't have to answer to cardholders when the price of food goes up a penny due to credit card theft. The costs are so small in the grand scheme of things that for the most part, the customer doesn't notice or care. (If theft increases by two or three orders of magnitude, that will likely change, of course.)

If the credit card companies cared at all about security, they would have solved the problem completely by now; it is trivially solvable. Instead of using a static RFID chip with an identifier on it, they would use an active device. When you make a transaction, the reader would make the request to the CC company. The CC company would generate a large random number. The card would then encrypt that random number with a secret key and return the result along with a card number (which should NOT be the same as the number on the card to prevent people from using the data to make fake non-RFID cards). The CC company, knowing the private key, would then encrypt the number with the secret key, and if the values match, the card is the real card. At that point, only physical theft would matter, and the whole theft-by-wire would cease to be an issue..

More to the point, such a system would also not be vulnerable to interception and replay attacks because the CC computers would send a different random number every time. In effect, if deployed universally, such a solution would eliminate all credit card theft except for that which occurs through physical assault or somebody leaving a card at a restaurant. Of course, for online purchases, this would mean that everyone would need some sort of home equivalent of the transaction device, but that could be as simple as a $10 USB dongle and some software.

The fact that most (all?) cards still don't work this way is ample proof that the CC industry doesn't care. The whole design of the current system is to basically have the RFID data stream look almost exactly like a credit card magstripe so that they don't have to do any extra work and can pass the data through existing legacy systems without bringing them into the 21st century. As long as the primary focus of RFID-based credit cards is on minimizing the cost of upgrading the infrastructure, they will always represent a security hole the size of a planet.

Re:What I don't get...

How is waving a closed wallet (holding a tagged card) over a sensor in any way whatsoever more secure or distinct than having to pull out that card and swipe it though the magnetic strip reader? Some more recent readers prompt me to punch in a ZIP code or some sort of PIN rather than scribble any random thing on a signature pad which I consider a vague improvement, but I don't find holding a card over a sensor any more convenient than swiping it through and do feel it less secure.

Re:

We can send a man to the moon, but we can't make a reliable number pad? The failure rate of the 9 buttons should (hopefully) be extremely small.

Re:

Actually, we're currently technically not capable of sending a man to the moon. Check back around 2020 though, then we can start saying that again.

Re:Lower repair costs.

Problem is that the cost of Credit card and Debit card fraud is incredibly small compared to the cost of even giving slightly improved security to the system we have now. The number pad could have dynamic numbers. the numbers on the pad change for every use, scrambled so a camera off axis cant see the numbers from the pattern. Even changing to the smart-card based cards is far more expensive than the amount lost to fraud.

Banks, contrary to what they advertise and tell you, do not give a rats ass if someone steals your money or identity. So they will do as little as possible to make sure information is secure. If it costs them money, they will do everything possible to not do it.

The RFID based card system has even died. Most banks did not offer the cards and almost every store and restaurant I saw that had the readers installed now have them removed, almost everyone is abandoning it. Glad to see the government researching a dead technology. I wonder when they will research if the 6809 processor is safe for use in space.

We are too lazy..

When doing anything that requires something to physically touch is considered too much work and we'd rather risk our financial info being wirelessly transmitted than have to swipe a card, we have serious issues.

And all this about inventory tracking is kind of an orthogonal point to payment isn't it? I for one certainly don't mind them being able to wave rfid wands around a vague area and account for an entire big package without having to scan a unique barcode for every item. I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item). However, I don't see the big benefit of avoiding physical contact with my payment device (which I wish was more technically secure than my mag-stripe credit card).

Re:We are too lazy..

Are you crazy?! Payment devices like PIN pads are cesspools of dangerous germs! They have 3,000 times more germs than a toilet seat, and touching them quintuples your chances of contracting horrible diseases like West Nile virus or the Bubonic Plague.

PIN pads are the next great threat facing your health and the health of your children. Did you hear me? These things could KILL your CHILDREN! You mustn't touch them! You must carry around the econo-size hand sanitizer and use it every time you come within 30 feet of a PIN pad or anyone who has recently used a PIN pad.

For more on this and other everyday items that can KILL your CHILDREN, watch Action News at 10, with weather from Skip Stormy and the DopplerXtreme 6000.

Re:We are too lazy..

However, I don't see the big benefit of avoiding physical contact with my payment device.

I think the (only real) benefit is the ability to get away from card-shaped items and allow key-fobs and the like. Technically, the RFID chip could be put in a ring, bracelet, or on a key chain, etc...

I'm not saying all this is/would be better and I certainly don't have any problem yanking out and swiping my CC when I want to buy something.

Re:We are too lazy..

Heck, I still use cash most of the time, mainly because I hate those damn Visa commercials that make it look like if you don't use your card you are just holding everyone else up. I was using my debit card all the time until those started, now I use cash just because I can and I'm an ornery bastard.

I wouldn't mind contactless payment via RFID, as long as the chip in each item I bought is disbled as I check out and leave the store.

You sir are my hero...

Doing something just because a commercial tells you not too.

I'm the same way..

Sean

Re:We are too lazy..

I wouldn't mind a checkout system where they didn't even need to find the upc (or for that matter, could scan the whole cart in one go instead of item by item).

I'd be bothered by that. Well, not me, but my wife would. She watches as each item goes by to make sure that the price they are charging is the price that was on the shelf. I just let it go, but it seems that nearly every time she does the shopping at least one item is priced higher at checkout than on the shelf, and because they do it one item at a time, she can catch that easier.

Maybe with RFID being used the entire trip from maker to deliverer to stock boy to shelf to checkout then they can keep the prices updated better, but until I see it, I doubt my wife or people like her will end up using any less time at the checkout for this reason.

Personally

I won't use any contactless methods of payment. I know there are ways to capture info from a swiped card, but it's at least harder to get away with that just sniffing for RFIDs in the area. I'd rather not have my financial info available no matter where I go, as opposed to it being available when I use my magnetic strip once per payment. It's selling point is ease and quickness of use, but I've never heard anything about security.
And yes, I abhor the idea of RFIDs in passports too. I'll cover it in tin foil, along with my head.

Re:Personally

the danger of an RFID tag in your wallet being randomly sniffed is almost nothing. . . . [they] have an extremely limited range - a couple inches

Actually, the range depends almost entirely on the antenna and power of the reader, not the card. You can do a lot more than a couple inches (though the reader will be directional and may need to be aimed).

It's not until you start working with battery-powered active transmitters (highway EZ-Pass boxes for the fast toll lanes, etc) where there would be a realistic security risk

Another example of what I just said, in Atlanta the toll passes are now just the inductive-powered cards, thin paper you stick on your windshield. No card-side power and it's read >70mph. Quite like how someone could read your credit card while you pass by on the interstate.

Octopus

While I have serious misgivings about the privacy and security issues surrounding RFID (or other) contactless payment systems, I have to say that they can be extremely convenient. On a recent trip to Hong Kong, my wife's aunt (resident of HK) gave us each an Octopus card pre-loaded with a few dollars when we arrived.
Super convenient. My wife put hers in her purse, I put mine in my wallet. Going somewhere on the subway? Just pull out my wallet, slap it on the reader, and I'm through the gate. My wife could just wave her purse across the reader without even taking it off her arm (assuming the card was in her wallet near the bottom of the bag - it seemed to have a useful range of only 3-4 inches). No searching around for the right card, no worrying about losing the ride card between stops, just slap it down and it automatically calculates the fare and deducts from the amount on the card. When you need to increase or recharge the value on the card, you just take it to the recharge machine, pop it in, and put in a few dollars (or credit/atm card, whatever).
In HK the cards are accepted on pretty much all forms of mass transit (trains, subway, buses) as well as at an increasing number of convenience (too many 7-Elevens) and other stores (and supposedly taxis are supposed to be accepting them soon).

I think this is really the ideal use for contactless payment. Basically a replacement for carrying cash around, used to pay for the multitude of small-ticket items and services that you make use of during the day. We do it here in California with FasTrak for paying tolls, but there are a lot of other potential uses. It also makes particular sense for transit, where it not only works to make the actual payment but also replaces the need for a fare ticket, doing the journey tracking by itself. These types of uses also in many respects counter some of the privacy concerns - if you're worried about someone tracking what you are doing, you can always just use cash to increase your balance on your card, or even get a new card every time rather than recharge (though that seems wasteful). Requiring recharge, rather than tying it directly to a bank account, also means that you only ever have to worry about the amount you put on the card. Just like carrying cash around, but more convenient.

On the other hand, I really don't see any reason to have an RFID-enabled credit card. If I could use a cash card for small purchases then I'd only be using a credit card for larger ones; the few times a week (or whatever) I'm doing this it really isn't a hardship to have to pull out a card.

I think there are some awesome, efficient, all-around great reasons to introduce contactless payment systems for some purposes. However, due to privacy and security concerns (and the lack of any real advantage) I don't see why anyone would want something like an RFID-equipped credit card. Too much potential for abuse, with little or no real benefit (to the individual - no doubt businesses would find all sorts of fun uses for cards tied to individual people that they can remotely sniff).

Re:Octopus

We do it here in California with FasTrak for paying tolls...

Beware, if you or a loved one leaves their FasTrak (or other automatic toll device) behind when they move/get a new car, think twice about shipping it to them...
luckily I didn't learn this from experience, but word of mouth.