About The Blog

Debate at the intersection of business, technology and culture in the world of digital money, both commercial and government, a blog born from the Digital Money Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Getting it out in public | Main | SEPA! SEPA! SEPA! »

You say RFID, I say contactless

By davebirch posted Apr 14 2006 at 7:55 AM

[Dave Birch] The Wall Street Journal recently ran yet another contactless/privacy scare story, featuring some guy who was so paranoid about miscreants surreptitiously stealing money through his PayPass card that he smashed it up with a hammer.

The WSJ then went to MasterCard, who told them (accurately) that multiple layers of security are available to prevent MasterCard data from being stolen by electronic eavesdropping. They quote Art Kranzley, EVP of New Payment Technologies: “It is up to the companies that issue the card to decide which security measures to adopt... Customers who don't want RFID in their PayPass payment cards can ask to be issued an old-fashioned chipless card”.

Despite the fact that this is a payment product with lots of security, that customers don't have to have it and that Chase (with 7 million cards issued) say they haven't seen any fraud, the WSJ -- apparently oblivious to the fact that the ISO 14443 13.56MHz short-range PayPass interface is not the same as the EPC Class 1 915MHz long-range interface used to read retail tags, that retail tags are meant to be “open” so that anyone can read the electronic barcode, that retail tags don't contain microprocessors and that there is no cryptography in retail tags -- uncritically quotes a variety of anti-RFID sources, including the Campaign Against Supermarket Privacy Invasion and Numbering (CASPIAN),

Technorati Tags: ,

CASPIAN is run by Katherine Albrecht. I can't see how the payments industry can placate her with spreadsheets, diagrams or anything else because she thinks that RFID chips are the Mark of the Beast from the Book of Revelation. At the beginning of a video called “The Mark of the Beast, 666: a prophesy from 2000 years ago,” from Endtime Ministries she asks “How many people (know that) technological developments of the last 10 to 20 years could be combining to make the Mark of the Beast a reality, and possibly even in our lifetimes?”

Now, whether you agree with her or not isn't the point. Personally, I don't, but whatever. If merchants want to record some unique biometric characteristic of shoppers (by, for example, looking at them) or would prefer shoppers to pay with something quick (a contactless debit card, for example) rather than rooting around for change, then it's up to them. If you don't like Tesco's loyalty card programme, then don't go there.

But what to do in the payments industry? What messages should we project to the media and to consumers? How can we separate consumers entirely reasonable concerns about RFID (concerns exacerbated by a lack of attention to the consumer perspective) from the different issues around contactless payments? I have a three point plan:

1. We have to stop people from referring to contactless payments cards, and contactless passports for that matter, as RFID. RFID is about tags on cans of beans. Henceforth, I will never, ever say “RFID payments” again. They are contactless, contactless, contactless payments.

2. We should tell people what security there is in contactless payment systems and how it works. The era of security through obscurity is gone.

3. Issuers should include better information about contactless and how it works (from a consumer perspective) with the new contactless cards. A consistent, and valid, complaint from consumers is that they don't understand how contactless payment cards work. Surely this could be addressed in the mailer.

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a00d8341c4fd753ef00d8348660d353ef

Listed below are links to weblogs that reference You say RFID, I say contactless:

Comments

hmmmm interesting

I'm waiting to see how many merchants agree to pay for the contactless readers. Right now, they were pretty much subsidized for all the first phase of merchants. We've done lots of tests, and can't find how contactless is faster than a normal EMV chip card transaction (minus the PIN code of course).

"The primary benefit of contactless is much more in the business rules than in the technology"

Actually, I think I disagree with you about this. For a merchant, contactless is much quicker than cash, let alone chip or stripe without PIN or signature. It also extends the possibilities for POS into external, vending etc. I think this is why it appears to have such momentum at the moment.

The problem is that the contactless value proposition is not strong enough to make all the other worries go away. No more lines? Everyone in front of you would have to have one too. The primary benefit of contactless is much more in the business rules than in the technology. Eliminate the need for a signature or a PIN code and transactions are all of a sudden real fast. Insert an EMV chip card into the reader, wait for the bleep, pull it out, and you've achieved the same benefit without the cost of a contactless card and a special reader. And it is real secure too, because you can't manufacture a fake EMV card. I don't get it.

The comments to this entry are closed.