Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Handhelds The Almighty Buck Hardware

DoCoMo Starts Cell Phone Smart Card Trial 130

Posted by michael from the swipe-and-run dept.
virtualXTC writes "The Japanese phone company NTT DoCoMo and electronics giant Sony will begin a trial of cell phones with embedded smart cards with speed pass-like capabilities that will allow the user to purchase anything from travel passes to movie tickets just by placing their cell phone near an electronic reader. Potentially the smart card 'can serve as an ID card, travel pass, or login for a corporate computer network, all at the same time'. If they'd just attach a money clip to it, I could get rid of my wallet entirely."
This discussion has been archived. No new comments can be posted.

DoCoMo Starts Cell Phone Smart Card Trial More

DoCoMo Starts Cell Phone Smart Card Trial

Comments Filter:

  • Me, I'm keeping my wallet (Score:5, Insightful)

    by Anonymous Coward on Tuesday December 16, 2003 @05:14PM (#7738992)
    Sure, electronic payment is convenient, but nothing says anonymous like cash.
    • Welcome our new SMARTER cellular overloards

    • Re:Me, I'm keeping my wallet (Score:5, Funny)

      by trentblase ( 717954 ) on Tuesday December 16, 2003 @05:21PM (#7739077)
      Just don't get any dna on your bills

      • Re:Me, I'm keeping my wallet (Score:2, Insightful)

        by Anonymous Coward
        I'm sure there's a lot of other DNA on the bills. They wouldn't be able to track you with it (unless maybe the bill was fresh, and even so).

        Sure it's *technically* possible.
      • Not to worry, they can't identify my. I mean it's not like they can get DNA from a little nose bleed.
    • Not really. How many bank robbers have been caught by the serial numbers on the stolen cash? All it takes is a TIA-like DB that records all serial number transactions, and voila! instant lack of anonynimity! Sure, it'd make mistakes, but who cares? Certianally not corporations or the gov't...
      • Bank robbers are not caught using serial numbers. They are convicted with serial numbers. When I was a teller (many years ago now so it may have changed) they used to have a stack of 100's that we kept logged in our drawer. If we were robbed the log of numbers went to the cops to aid in conviction. There are far too many places to pass off bills for it to be an effective way to actually catch anybody.
      • Who the heck wants to type in the serial number of every dollar they accept into some remote terminal to a giant government database? Especially given that making bills hard to counterfit also makes them hard on OCR software, and how worn and abused (written on) bills get over the years. Not to mention the logistics of deploying millions of these endpoint terminals and maintaining the database.

        Corporations and governments may not care about mistakes, but they certainly care about cost.
    • Except for that pesky DNA....

    • 'Convenient' for who? (Score:4, Insightful)

      by Mu*puppy ( 464254 ) on Tuesday December 16, 2003 @05:40PM (#7739312)
      I mean, really. Time it, cash transaction versus the credit swipe... the approval... waiting for the receipt... singing the receipt. Want to leave the table after a nice dinner? Fine, slip your bills into the payment binder thing, use your change for the server's tip (provided you don't have only big bills), get up, get out. No signatures, no electronic trails.

      Nothing says 'anonymous' more than cash, and cash still goes places where American Express/Visa/whatever have not been, and probably never will be. Bills still talk a lot louder than plastics...

      And it doesn't cost anything for the 'privlege' of spending your own damn money when you use cash...

      Kinda tells you something, when the world of 'credit' is starting to favor people who the creditors know will default and be indentured for years upon years to come......

      • "cash still goes places where American Express/Visa/whatever have not been and probably never will be."

        That includes the hundreds of billions of dollars worth of transactions that are not legal (drugs, prostitution, most gambling).

        IIRC, drugs are about 4% (by value) of all international trade.

        -B

        • Can you please explain? I fail to see the point you are trying to make here. This sounds as arbitrary as stating "That includes the hundreds of billions of dollars spent on fruits, vegetables, and other produce." to me.
          Surely you aren't suggesting that these things would go away if we moved to credit and only credit based monetary transactions.
          The mods seem to believe you have something informative here; I regret to admit that I am missing it.
          • I didn't really make the point I was going for. Credit cards CAN'T replace cash in the forseeable future because there is a multi-hundred billion dollar illegal economy that requires anonymous cash.

            -B
      • While this may be true for some.

        Others like myself never see a pay check or go to the bank. My pay is direct deposited into my account. I have a VISA Checkcard.

        If I decide to go to a Steakhouse, I have three choices for payment:

        1) One, make a stopover at the nearest ATM and spend 2 extra dollars because its probably not my banks.

        2) Drive further too my bank's ATM but waste more time and gas.

        3) Pay with my checkcard, at the expensive of 3 - 5 minutes I would have normally spent chatting with the people
        • "If I decide to go to a Steakhouse, I have three choices for payment:"

          1) Interac, which is essentialy a mini-ATM which moves the exact amount from your bank account to the store/restraunt's bank account.

          2) Credit card (everything's usually accepted).

          3) Cash, which is the same as the ATM methods above (perhaps it's 2 options to some..).

          I'm still surprised that the US has nothing like Interac in widespread deployment. Everywhere in Canada has had Interac for 8 or more years, yet US banks still only have
        • I was under the impresssion that the serial number on a bill wasn't actually a serial number, but a lot number instead.
          i was imagining that the lot would contain all the bills on one sheet of paper, and so have maybe 40 or 50 bills in it... ( how many bills on a sheet?)

          Then again, i'm in canada, so it is probably different elsewhere
      • And it doesn't cost anything for the 'privlege' of spending your own damn money when you use cash...

        Doesnt cost ME anything for using my credit card either, so long as I pay the balance by the due date. Granted the buisness that accepts my card pays a small % to the card company (and/or maybe a flat fee as well), I still pay nothing. I actually GET money for using the card too. There is a big misconception of people who never use a card and always hear about the horrors of credit card debt. You wont accum

        • "If you shop around for a good card, you even get "rewards" for using the card instead of cash, like a % back, or points/miles towards purchases/plane tix."

          The current issue of Money Magazine has a very informative article on these reward cards. Be sure to check it out if you are considering getting one. It may not necessarily be beneficial to get certain types if you don't have certain spending habits. They list the top ones for the various types of rewards as well.

    • You bet!
      There's nothing I hate more than retailers who want: Name, address, and phone # when purchasing in cash. I tell them:
      "My name is Argo FickyoSilf"
      I know that they're not using all of this information. So why the fuck do they want it?!? I think they're collecting it because they think they can use it or they don't have a fucking clue - the real reason I think they want it is because their off-the-shelf software asks for it. Which means. Joe-local-retailer has no use for it - unless he wants to s
      • Another satisfied Radio Shack customer! To be fair, my local RatShack stopped asking for all of my personal information last year. I think when the screen comes up the guy just enters all 0s or something for the zip code and phone number.
      • Are you kidding? Customer demographics is a gold-mine for the marketing department! That is why they ask for your address, or at the very least your zip. If I'm a retailer of fine clothing and can determine that my biggest customer base is located in the richest part of the city, why waste time marketing to the homeless downtown?! I'm gonna send my flyers to those suburbs where all my customer's come from. Don't underestimate the power of data. Knowledge is indeed power, which is why it is sometimes misused
    • This concept has just been rolled out in downtown Toronto with a system called Dexit [dexit.com].

      The Dexit chip comes either as a key fob or a sticker for your cell phone. Most of the merchants in the PATH [toronto.on.ca] (downtown underground network) have a Dexit reader at their till, which reads the Dexit RFID tag.
      The cost is $1.50 for every $100 you load on the card, with no transactional fees. It claims to be "easier than cash, faster than credit", but the big value proposition seems to be food - most food merchants won't take
    • I just have a weird feeling that this will open more doors to electronic theft. As if it was hard enough convincing people to pay for things online with a credit card.. now this..
    • One thing about buying pre-paid phones in japan is they do make you register your name/address. Its odd - I suspect its something to do with tracking people who use these phones for criminal purposes.

  • Just a few concerns I have (Score:5, Interesting)

    by digitalvengeance ( 722523 ) * on Tuesday December 16, 2003 @05:15PM (#7739002)
    While I love this idea in principle, I do have a few concerns before I welcome our new overlords.

    What about standards? The article compares the smart chip technique to credit cards, but credit cards use a pseudo-standardized magnetic strip methodology. Are retailers to have 10 different receivers sitting at their POS terminals for 10 different cell phone/smart card providers? Along these lines - adopting early could be dangerous as one may invest in hardware that does not conform to the final standard and therefore be useless.

    What about security? Until more information about how the protocol works, how security is maintained, and exactly how one can control what information is broadcasted is released, can we really trust this technology with our personal information? And this doesn't even begin to cover eavesdropping. (My tinfoil hat may be disrupting my thinking here)

    When I hand my credit card to a clerk, I know exactly what information will be gleaned by the scanner from the magnetic strip. It doesn't change. What happens when I get a firmware upgrade on my phone? Can I trust that I am still secure from unauthorized access or even that my phone/ID/credit card gizmo is still only transmitting information that I approve?

    One interesting alternative to this close-contact technology would be an internet-based alternative. In this scenario, my phone would use XML over SSL or some other standardized system to tell my provider to tell the POS that I am there and to relay what other information is necessary. Using this method, software-based upgrades could take care of standardization without any modification to hardware.

    • Re:Just a few concerns I have (Score:4, Informative)

      by pbox ( 146337 ) on Tuesday December 16, 2003 @05:22PM (#7739088) Homepage Journal
      Taking into account the fact that Japan is possibly the last of the developed countries where you can use your ATM card ONLY at your bank's machine, it is more han likely that DoCoMo's smartcard would only work at DoCoMo's POS terminals, plus other places which have (possibly exclusive) business relationship (ie. clients) with DoCoMo.

      Let's wait for ISO, ASA, or some standarization body, this won't cut it.

      BTW, in Finland and most of Western Europe, (and in Japan too) you can pay for your snack purchases by you phone (no need for the smartcard), so what is exactly news about this??
      • Um, where should I start?
        • The communication technology used in FeliCa, the Sony smartcard technology being used here, was approved as ISO/IEC IS 18092 last week.
        • The only thing DoCoMo is providing is a Java platform on the cell phone that can write to the smartcard; it's up to vendors like Edy (the joint venture doing the electronic money stuff), railway companies, airlines, etc., to come up with the actual applications. If all you want is to be able to accept electronic currency, you just sign up with Edy

      • -1 Wrong (Score:3, Informative)

        by KNicolson ( 147698 )

        Taking into account the fact that Japan is possibly the last of the developed countries where you can use your ATM card ONLY at your bank's machine

        No, you can use your cash card at multiple banks' machines. Japan may be backward in terms of ATMs only having hours of business from 8am to 7pm or so on average, or most refusing to accept foreign-issued credit cards, but for the major banks, all have usage agreements with one or more competitor.

        BTW, in Finland and most of Western Europe, (and in Japan too)

        • No, you can use your cash card at multiple banks' machines. Japan may be backward in terms of ATMs only having hours of business from 8am to 7pm or so on average, or most refusing to accept foreign-issued credit cards, but for the major banks, all have usage agreements with one or more competitor.

          When I was in Japan I tried my US issued ATM (not credit card) which has: a) MasterCard Logo, b) MAC logo, c) PLUS logo. Did not work at all (I had my Japanese friend help me with the kanji menus.)

          While the very

    • Along these lines - adopting early could be dangerous as one may invest in hardware that does not conform to the final standard and therefore be useless.

      If you're the merchant, you don't want to buy the hardware, you want to lease it. Early adoption doesn't hurt you then.

      If you're the consumer, well, my last three cell phones have cost me a total of $0, since I haven't minded signing contracts for my cell service. If the next one costs the same, I won't mind if it's the wrong one. :-)

    • Re:Just a few concerns I have (Score:4, Interesting)

      by brunes69 ( 86786 ) <`gro.daetsriek' `ta' `todhsals'> on Tuesday December 16, 2003 @05:46PM (#7739382)
      What about security? Until more information about how the protocol works, how security is maintained, and exactly how one can control what information is broadcasted is released, can we really trust this technology with our personal information? And this doesn't even begin to cover eavesdropping. (My tinfoil hat may be disrupting my thinking here)

      From the description, this thing works just like Esso Speedpass dongles, in that, the thing needs to be within around 2 cm ( 1 inch ) for it to trigger and transmit the needed data.

      The only way anyone could eavesdrop on or steal your CC number using this system is if he has his hands in your pants. And if some unknown guy has his hands down your pants, you've got much bigger problems than your credit info.

      Assuming it's also tied to a PIN you enter on your phone, it's also much more secure than the old swipe, where the waitress/retailer has full access to your card #, expiry date, and name.

      • Foo: What about security? ... And this doesn't even begin to cover eavesdropping.
        Bar: From the description, this thing works just like Esso Speedpass dongles, in that, the thing needs to be within around 2 cm ( 1 inch ) for it to trigger and transmit the needed data/

        However, when Mobil first introduced the Speedpass, they also had a "Car Tag" version (still mentioned in the FAQ [speedpass.com]). It was larger, and mounted on the back window near the fuel cap. All you had to do was pull up to the pump, and an antenna a
        • ha ha - new jersey mandatory full service! The guy pumping my gas was smoking a cigarette. The gas station manager didn't care - he said that if the pumper got disciplined, the pumper would go home and cost the station a lot in lost revenue (it was a busy station on the turnpike)... so no pumpers were ever disciplined, even with customer complaints. Very interesting page you linked to describing the price structure.

          Also, don't forget the line of swatch smart tag watches used for ski passes [swatch-shop.co.uk]
      • From the description, this thing works just like Esso Speedpass dongles, in that, the thing needs to be within around 2 cm ( 1 inch ) for it to trigger and transmit the needed data. The only way anyone could eavesdrop on or steal your CC number using this system is if he has his hands in your pants.

        Doesn't a thief just need a better antenna and transmitter? I'm thinking across the street would be a safe distance away from your pants. :)
        • No that is not how these things work. AFAIK they're magnetic induction, not radio frequencies.

          People have a fundamental misunderstanding of these devices. There's no radio waves to tap into in the first place

          Even if they were using RFID, they'd be so low wattage (think about it, thes things have ZERO ambient power, they only use the power on the sending wave to send their signal) that youd need a 15 foot satelite dish to pick up a signal from across the street. And that's assuming you had a stationary tar

      • From the description, this thing works just like Esso Speedpass dongles, in that, the thing needs to be within around 2 cm ( 1 inch ) for it to trigger and transmit the needed data.
        ...
        The only way anyone could eavesdrop on or steal your CC number using this system is if he has his hands in your pants.
        Or if he was standing in line with me and has a scanner within an inch of the device, since my pants aren't an inch thick...
    • Actually there is an ottawa based company doing that for vending machines .
      You SMS a number and it withdrawls a certain amount of money from a fixed dollar account , passes the information to the vending machine and voila food/drink/chemicals.
  • DirecTV calls all of these "smart cards readers" pirate devices. DirecTV Defense [directvdefense.org]
  • serve as an ID card, travel pass

    behold, they know your every move

  • Dumb-chips (Score:1, Insightful)

    by trentblase ( 717954 )
    The cards in the trial are capable of storing about two kilobytes of information

    Most cell phones already have more memory than this.

  • ..sew your cellphone to your hand.

  • Possible tomfollery. (Score:3, Insightful)

    by Prince_Ali ( 614163 ) on Tuesday December 16, 2003 @05:16PM (#7739031) Journal
    Guy 1: Hey, can I use your cell for a second. I need to call home.

    Guy 2: Sure, why not. My night minutes are free anyway.

    Guy 1: *Swipe* Thanks.

    Guy 2: Hey, did you just buy movie tickets?

    • Someone else suggested that you might need to enter your PIN number before you can swipe the phone. I know I don't want to be automatically charged by some guy with a smart card reader in his pocket who just brushes by people in a crowded street.

  • you would not want to lose this one... (Score:3, Insightful)

    by fedork ( 186985 ) <fedor@apach[ ]rg ['e.o' in gap]> on Tuesday December 16, 2003 @05:17PM (#7739032)
    My wife loses/destroys cell phones like crazy. Much less her wallet... I would not like this one for her...

  • Article text (Score:2, Informative)

    by Sarojin ( 446404 )
    Cellphone allows users to swipe and go

    15:23 16 December 03

    NewScientist.com news service

    A trial starting on Wednesday will allow thousands of Japanese mobile phone owners to use their phones as a swipe card to pay for purchases, as travel passes, and as concert and movie tickets.

    The trial is the first to embed smart cards within the phones, and has been set up by phone company NTT DoCoMo and electronics giant Sony.

    Like other "contactless" smartcards, the user simply has to place their phone near a reade

  • Oh yeah! (Score:4, Funny)

    by Omni Magnus ( 645067 ) on Tuesday December 16, 2003 @05:18PM (#7739048)
    This will be great for the phone sex hotlines.
    • Press 1 to accept these charges. Beep Thank you for shopping at CallGirls 900 hotline, your cell phone has been charged.
      "Honey, why do you have over $1000 racked up to this 1-900 number on your cell phone bill?" Busted!
    • All we need now are cameras in phones... oh, wait...

  • Great idea (Score:4, Insightful)

    by cluge ( 114877 ) on Tuesday December 16, 2003 @05:23PM (#7739105) Homepage
    Will make it easier for thieves to steal but limit and possibly track them as well. All the thief would have to do is walk up to the register and the victims card is charged. KA CHING It becomes a race, how long can the thief use it before it's discovered stolen and they have to leave it in the submway? Do the police keep the phone running and charges piling up but use the phone to trace the thief to his residence? Is the encryption used by the phone/wireless any better than the encryption used by standard wireless cards (ie how easy is it to sniff for credit card numbers).

    The world of thievery just got more interesting

    AngryPeopleRule [angrypeoplerule.com]

  • Don't our phones do too much already? (Score:5, Interesting)

    by mr_lithic ( 563105 ) on Tuesday December 16, 2003 @05:23PM (#7739107) Homepage Journal
    I currently use my phone as a multi-mode commuication device. It allows me to use it for email, sms and voice,. It also has fuctions as a PDA, gamepad and camera. It alerts me if my servers go down or the comms room is flooded and it allows a number of people to keep track of where I am all the time.

    I am not sure if I want it suddenly to hold all of my cash as well. It holds all of my personal information, dates and phone numbers, and if someone was clever they could find out alot about my servers. So currently, I believe that I have too many eggs in one basket with the functions that it carries out now. To expand those to include purchasing seems to be inviting disaster.

    What the hell do I do if I lose it?

    • I used to do exactly the same thing with my PDA - but what about synchronizing with a server? If you lose the phone, you report it stolen and get a replacement. The server dispatches your saved items to you via some sort of initialization process, disables your old phone via a unique ID of sorts, and you're back in business.
    • Agreed. And as others have pointed out many many times, no one wants an all-in-one device, especially if it's that tiny. If I'd wanted a credit-card replacement, have gotten a speedpass already. If it ain't broke, don't fix it.

    • Go back 30 years. (Score:3, Insightful)

      by Inoshiro ( 71693 )
      Before all that other tomfoolery. Look at your wallet: it has your ID cards, money, a Diners' Club credit card, and pictures of your family.

      What the hell do you do if you lose it?

      I believe the wallet is having too many eggs in one basket.. but people have been getting along with those fine for centuries. The simple solution is to not be a careless fop with things that are valuable to you.

  • What exactly prevents someone ... (Score:3, Insightful)

    by burgburgburg ( 574866 ) <splisken06NO@SPAMemail.com> on Tuesday December 16, 2003 @05:25PM (#7739128)
    who grabs your phone from using to purchase lots of things all on your dime until you can properly report it stolen (assuming you're not in a coma from the blows to your head)?
    • Hmm, try setting a password/pin number? It's still no less secure than a credit card. The big question will be which way the liability falls. If it falls on the user (unlike with credit cards) then I'll just stick to paying with plastic for now.
    • Possibly the need to enter a PIN on the keypad.

      It would be easy for examaple, to have the phone require a PIN to decrypt a key stored in the phone, which stores your CC number. After you enter the PIN, you have 30 seconds to swipe the phone before it expires the PIN.

  • Sweet... (Score:4, Funny)

    by Mysticalfruit ( 533341 ) on Tuesday December 16, 2003 @05:25PM (#7739136) Homepage Journal
    I'm going to print up a tshirt that says on the front back and sleeves

    "By reading this shirt or walking within 3 feet of me, your obligated to play me 1 cent. I'll then just carry a small antenna that'll attempt to connect to the nearest smart card device and charge it 1 cent."

    I know the figures in the high 80's for the number of people who now own cell phones. I can now quit my job and just walk around the mall collecting my "toll".

  • We might never have to use our wallets or purses again... walk into a shop and pull out your cellphone to pay. You could use it as a cheque book or a credit card. But there is a possibility of crackers stealing your hard earned funds. The designers will need to think about adding extra security to stop the crackers.

  • Retailers won't do it. (Score:3, Informative)

    by NineNine ( 235196 ) on Tuesday December 16, 2003 @05:30PM (#7739210)
    As a retailer, I can say that there is no way I'd spend money accepting something like this. At least not for many, many years. Look at the current retail environment... it's being destroyed by people shopping online, cutting into margins. Most retailers STILL don't accept Amex (I do), even though accepting Amex takes a 5 minute telephone call, and $0 additional investment. Hell, it took the fast food chains many years to ever take credit cards. Considering how much $$ this is going to cost us as retailers, I can say that there's no way in hell I'd do this until it becomes very, very universal, and a large number of customers start asking for it (no, 1 or 2 geeks doesn't count as a large number of customers). Credit cards work just fine, anyway. This is another solution to a non-existent problem.
    • <rant>

      As someone blessed to work with American Express as a client and a customer (both through business) I'd like to toss in a THEY ARE THE WORST COMPANY EVER. I don't have any idea why retailers actually agree to work with them, their rates are <b>HIGH</b> and their cards are barely more common then the Dinners Club or the Discover card. As a customer I am buried in an avalanch of marketing promotions and *special deals* on luggage or travelours insurance. This is the one company that s

  • Digital Cash and anonymity can work (Score:4, Insightful)

    by MrChuck ( 14227 ) on Tuesday December 16, 2003 @05:43PM (#7739345)
    read a little David Chaum (google for him yourself).

    On the upper west side of manhattan, they tried a "money on a card" program. Chase and Citibank. You could put it on an ATM card with a smartchip or, like I did, just ask for a card, give them cash which value they xfer'd to the card and leave. No names, no signing anything, etc.

    It was a huge P.I.T.A. to use it, but I put that down to testing where clerical help are not necessarily the brightest sticks in the bundle :)

    However I never renewed mainly because this was cash equivalent. Exactly. With no PIN on the card or ANY protection, you swipe my card, you have my cash and can use it. The minor addition of a PIN would have made the better than cash in that it's not a theft target.

    A friend who did this on his ATM card played with it and said: "Oh wait, my ATM card now has value to a mugger? Great."

    So in the end, its big feature was what a friend called: "Just like cash, only you can only use it in certain places and it's a pain in the ass." Pathetically, their only marketing point was "you don't have to dig for the right change anymore." (as using currency is really hard for people to handle after 3000 years.)

    I'm going to presume that with DoCoMo, you have to AUTHENTICATE the transaction. That someone with a reader can't walk by you or sit in front of your seat and transact your money to them.

    There is an opportunity to do it well: anonymously and correctly.

    A GSM chip needn't be attached to a phone or an ID (so the guy whose wife kills phones would be fine - all european phones I've used are chipped.) Move the chip to another phone and it's "your phone" immediately.

    Do that with a cash chip, and I can send money from one phone to another.
    I can rePIN it and pass the chip to Mom and just tell her the (new) PIN.

    I can do this all untracably, but verifiably. This isn't new. Electronics help, but it's been doable for quite some time. Again, David Chaum has done good writings on this topic.

    • Probably no authentication with this system. The Hong Kong FeliCa-based system requires no authentication. The safeguard is that only specified vendors that authenticate with a central settlement system can obtain the "cash."
      • There's not a lot of authentication with cash. I give you $20 for something, we're done. Traceable? No and not really desired.

        I *want* to be able to use the digital equiv of cash for in the electronic marketplace. Moving to a digital currency and dropping cash just frightens me. The trails of information are not desired by me and many consumers.

        Give people the ability to remain anonymous, and adoption will be wider/faster.

        The presumption that you must surrender privacy to do electronic commerce is a

  • Now the theft device will just be a mobile receiver that the thief carries in his pocket.

    Just walk close to a person utilizing one of these devices and receive the signal.

    Easy use being the key, all I hear is that you just "wave your phone" at the point of purchse to conduct the transaction.

    Nothing about entering a PIN or pressing a key to "accept" the transaction....that would reduce the level of ease to the current one where you slide a card and enter a PIN.

    So just like card "phishers" quickly too

  • talking wallet (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Tuesday December 16, 2003 @05:49PM (#7739412) Homepage Journal
    I like the idea of using my mobile phone for authentication, for purchases and other transactions. However, for it to be a fair deal for me, rather than just deliver for the "servers" with which I transact, the client must be a lot more powerful:

    • On-phone per-transaction popup "OK"/"Cancel" with hardcopy receipt request
    • Authentication by biometric (fingerprint) or unwieldy PIN
    • Symmetric (OTP) local data encryption by biometric/PIN
    • Client database with cryptosigned transaction receipt
    • Digicash on server (anonymous send with cryptosigned receipts) with phone as transaction authentication, for backups
    • Credit card style transaction insurance


    Those features aren't so far fetched. In fact, why does any of that require "smartcards" in the phone? How about just the crypto features on an authentication vCard + credit card number, and a standard protocol over Bluetooth, IR, SMS, or 3G-HTTP? Scandanavians can buy snacks and pay parking meters with their phones, so why jump through a "smartcard" hoop just to get a talking wallet?

    • fair deal for you or for retailers? (Score:2, Insightful)

      by Anonymous Coward
      The big question is will this save retailers money? The grand allure of "digital cash" is that you can do transactions and they won't cost $0.70 each and the credit companies won't get 3% of the transaction value from the merchant. They're more or less free!

      In the world of commerce this is what counts. If it was just about "consumer convenience" we'd all just have credit cards and the credit companies would be dirty rich. Wait, that is how it is. Sickening.
      • Credit cards were more convenient than cash, especially online. Now a better distributed transaction platform is needed that's more convenient than the cards, or typing their number + authentication data. Inconvenience represents a prohibitive cost barrier to entry, especially for small transactions where the overhead dwarfs the transaction value. A more scalable transaction protocol will allow scaling up of the transaction pool. Meanwhile, consumers are in the purchasing "business" and retailers are in the

  • I love it! Oh, wait, maybe not. (Score:3, Insightful)

    by DaveJay ( 133437 ) on Tuesday December 16, 2003 @05:50PM (#7739418)
    So let me get this straight:

    I carry around an object that broadcasts what is functionally equivalent to my credit card info to any reader within close proximity?

    And so the guys that usually pull credit card numbers out of the garbage, or from lost/stolen card, or from bank records, and make dummy cards that they use in stores* will now be able to set up a portable reader, put it in a pocket, and wander through a crowded subway car picking up credit card numbers without anyone noticing?

    Why would anyone want this?

    Oh, yeah. Because they want it to be more convenient to make purchases.

    Sigh.

    *this has happened to me THREE TIMES, including once by a ring of thieves that successfully used the dummy cards in three different airports in three different countries simultaneously, even as my bank's fraud department watched via computer with me on the other end)
    • Three times? It sounds like there is one place you shop at that has an inside guy stealing cc numbers. The odds for you to have had your card number stolen 3 times over the internet are miniscule, unless you are paying for porn sites using your cc. ;-p

      Did you ever try to find a common denominator


  • Pointing Out Vulnerabilities (Score:3, Insightful)

    by _bug_ ( 112702 ) on Tuesday December 16, 2003 @05:51PM (#7739451) Journal
    So someone gets their hands on a reader for these devices. This can be done by borrowing/stealing a reader from a store that has one installed or by someone who works at the manufacturing plant. Setup a power source and stick it in a backpack. Run a cable down to the reader which could either be in the pack or, if small enough, palmed in your hand.

    As you walk through the streets, wave your hand across the phones of people standing around or as they walk by you. A laptop or PDA could be hooked up to the read recording in all the information.

    The protocol/encryption is taken care of by the stolen hardware. No need to worry about cracking it.

    --

    Now if this system is based upon it's own network, then the reader doesn't have to do any decryption of the data. It can just be forwarded down the line to the network's core. The readers essentially become dumb terminals.

    But I doubt this is the case. Every smart-card reader system that has a core data store includes storage space in individal readers to store transactions in case the core goes down.

    --

    What this type of system REALLY needs, as do exsiting ones such as smart pass or that gas station token thing, is some sort of activation button that must be depressed in order for information to be transmitted from the card. This would make it much more secure.

    This New Scientist article doesn't cover if such a function exists with these new phones but given past devices that we've seen, I doubt it.

  • Visiting this past summer I saw a similar system in South Korea. The receiver looks like a big black eyeball (think HAL-9000) with a bright blue LED on top. They have these things all over - fast food joints, small markets (think 7-11), and on buses. Just put your phone near it, hit a button, and the charge goes onto your cell phone bill.

    Seems like it was getting well adopted. I googled for it, but I can't remember the name exactly.
  • one observation I had when I was in Japan (Tokyo, specifically), was how everything was mostly done in cash, and I never saw a single person using credit card. That's not to say it doesn't exist, of course, but it seemed to me, a visitor, that Japanese are much more comfortable using cash for transactions, and credit card usage is not nearly as common as in the U.S.

    That being said, then I wonder if they will take to the "smart card cell phone for financial transactions" thing readily. Most people do have

  • The advantages: (Score:3, Informative)

    by Kjella ( 173770 ) on Tuesday December 16, 2003 @06:29PM (#7739837) Homepage
    No keypad tampering / double readers (one real, one scam / double swipes. Scan, enter pin and wait for confirmation. If it fails, just try resending the same confirmation. If it *was* high-jacked by a fake signal which you erroneously approved, you'd notice because the store would continue to refuse it.

    Throw in a little failsafe, like "Warning: Remote fingerprint changed compared to previous session X seconds ago" and maybe ultimarely over GSM, like "Automatically contest this claim if someone tries this transaction, it was not completed successfully" to the bank.

    I'd never accept confirmation-free, it could fire on anything from a brush-pass or the guy next to me on the bus/train/tram/subway. Even if it did work when the keypad was not locked, it'd take just as long to hit "Menu, *, "scan", menu, *" as it would take to do a 4-digit pin + "OK"...

    Kjella

  • Editorial (Score:2, Funny)

    by atomly ( 18477 )
    I, for one, welcome our new, corporate overlords.

    Seriously, how can this sound like a good idea?
  • ...the fact that they put it in a phone. You can already get electronic cash cards to use at some AM/PM convenience stores in Japan, and JR is going to expand their Suica rail pass system to be used for purchases in station stores (that uses the same Felica technology). Even two years ago, you could use a phone to buy pop at some vending machines by showing it a two dimensional bar code.
  • From my perspective, something like "this" could provide a great deal of value to consumers. Personally, I'd very much like to be able to consolidate a wide variety of physical access devices into a single token.

    Case in point, right now I am carrying:

    Car keys
    Keys to my house
    An ID badge for work
    2 credit cards
    drivers license

    I would strong prefer to replace these with a single charm. More over, a secure physical token makes key distribution much easier. With this said and done, there look to be some clea
  • you lose the damn thing, or it gets stolen, then your fscked, royally.

    It takes much more effort to lose your wallet or get it stolen than to lose a cell phone that would replace your wallet.

    Not only will they leave you with a huge phone bill, they'll buy all sorts of crap and charge it to you.

    To the inventor of this concept, MINUS 5, STUPID...
  • Chapter 3: Non-standard embedded java implementations....

  • Not exactly like speedpass (Score:3, Insightful)

    by bobthemuse ( 574400 ) on Tuesday December 16, 2003 @06:52PM (#7740040)
    Speedpass systems have a fixed ID. These will most likely read something from your SIM card to facilitate switching handsets, as many users do. With today's phone supporting SMS, GPRS, BlueTooth, etc, how long before someone finds a way to read your charging information from afar? 30' bluetooth range? Getting an SMS from Russia?

  • Gee... these guys are sure behind the cutting edge, Toronto's had this for a while -- it's called DEXIT. Head on over to DEXIT [dexit.com] and have a look.

  • Inaccuracies about smartcards (Score:3, Informative)

    by fuzheado ( 733418 ) on Tuesday December 16, 2003 @10:03PM (#7741491) Homepage
    Lots of the discussion here are addressing things already solved. Here in Hong Kong, the Octopus system is the largest deployment of contactless FeliCa cards in the world -- 10 million issued, 8 million transactions a day.
    1. Contactless smart cards are DIFFERENT than Speedpass RFID systems. Speedpass is a cookie - it does nothing other than provide a unique key for some other database to look up information. FeliCa has stored value and can be read from/written to. So the Slashdot intro stating "speed pass-like capabilities," is inaccurate.

    2. It is anonymous already. Vast majority of users use cash to top up, no personal info, not linked to bank accounts, nothing. Add value to the card at 7-11 stores (open 24 hours) or subway stations.

    3. E-theft is not a problem. You cannot steal money by passing handheld readers over peoples' back pockets. Card readers are not readily available and there is an encryption system to them even if you could get your hands on a vanilla reader. Also, the key to Octopus/FeliCa is a nightly settlement system, of which you must be an approved vendor. This requires contacting the central system and authenticating. Can't be done by a plain Joe.

    4. Been there, done that. We had FeliCa-in-cell-phone pilot last year, with a Nokia 3300 series phone with a FeliCa chip embedded. Cute, but no real practical application. People change cell phones here like shoes, so why tie your e-cash to a phone?
  • ...why not check out the Seimens Xelibri 7 phone [xelibri.com]; it actually is a clip.
  • ...would NOT want to carry money around on a smart card. Those things too easily altered/messed up. Case in point - my apartment complex uses smart cards to store money for the laundry machines (you recharge it with your credit or debit card at a machine) and one day mine inexplicably stopped working for some reason. 20 bucks down the drain. When I went to the office to get a replacement they said that the cards have been known to do that.
  • I find it amusing that so many features are being packed into mobile phones when, realistically, they are so easy to steal. Wallets are hard to steal because they are only taken out at the point of sale, but people are always waving their mobiles around and losing them. This to me seems like another case of packing more complexity into the telephone network while making sensitive data more available to thieves. My boss recently lost his phone (stolen) at an XMAS party of only employees and he has had a re

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close