• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Mobile PayPass Tag - spin on NFC tech

Roze

Roze

Hiding behind a mystery
My credit card has a chip (PayPass) that allows me to quickly swipe it against a 'Paypass' terminal and instantly pay any goods under $50 quickly and painlessly (no signature or pin number required). Now the bank/credit card has come with a sticker version where the same chip is embedded into it (Mobile PayPass). You can put the sticker on your phone and swipe your phone against the 'PayPass' terminals.

bmo-paypass-mobile.png


So it's a spin off of the NFC tech. If your phone doesn't have NFC, you can still make these quick purchases.

My concern is that with NFC, I think your phone ask you to confirm after you swipe the phone across a terminal (can someone who use it clarify). With the sticker Mobile Paypass, your phone is sent an email confirmation. I just feel that security is an even bigger question with this sticker.

I am really tempted to try it out as I carry my phone EVERYWHERE with me. Security is my predominant fear. I have a habit of losing my phones so if anyone that gets a hold of my phone, they can go on a spending spree :<

Your thoughts? Is this something you'd use if you don't have the NS with NFC?

The thing I like about the paypass is that it's very convenient. 3/4 merchants I buy from have this feature in their stores.

Source: BMO brings mobile payments to the forefront, rolls out the "Mobile PayPass Tag" | MobileSyrup.com
 
I wouldn't use it. The terminal you showed looks just like the ones that the Michael's chain uses, and someone managed to get a skimmer on it. Until there is more security, I don't think I'd care for it.

Even an Linux type accept with password could be faked, and judging from the posts about what apps allow what from market, and most people accepting blindly, that isn't much of a solution, but gives the merchant/card issuer an out.

Not only could your charge card be endangered, but a 2 way stream of info could probably be accomplished.
 
Originally Posted by zuben el genub
I wouldn't use it. The terminal you showed looks just like the ones that the Michael's chain uses, and someone managed to get a skimmer on it. Until there is more security, I don't think I'd care for it.

Even an Linux type accept with password could be faked, and judging from the posts about what apps allow what from market, and most people accepting blindly, that isn't much of a solution, but gives the merchant/card issuer an out.

Not only could your charge card be endangered, but a 2 way stream of info could probably be accomplished.
Click to expand...

I've used the machine if a merchant I buy from use the paypass terminal and I have no issue so far (I audit all of my bills).

I'll follow the development and see if they'll put any other security measures on this that might make it safer.
 
I might consider it if I was able to conceal the sticker a little better (Going along with security). A couple thoughts on how to do this depend on size of the sticker.

1) Remove the back cover and stick the sticker on the inside of the cover, then put it back on. As long as doing this wouldn't affect the battery or operational features of the phone, this way looks ideal.

2) If you're one of those that uses a case on your phone, then it would be hidden by the case.
 
cds0699 said:
I might consider it if I was able to conceal the sticker a little better (Going along with security). A couple thoughts on how to do this depend on size of the sticker.

1) Remove the back cover and stick the sticker on the inside of the cover, then put it back on. As long as doing this wouldn't affect the battery or operational features of the phone, this way looks ideal.

2) If you're one of those that uses a case on your phone, then it would be hidden by the case.
Click to expand...
Security by obscurity, I like it.

However, I do not like the idea of RFID chips (or whatever tech they are using, same concept) to be in charge of any purchases. Don't trust it. With something like thirty bucks you can buy all the parts to build a scanner. It'll rip the info right from those chips and some even have read/write capabilities....
 
One should not be universally scared of NFC. Current passive NFC tech (the kind that can always be read from, like a credit card or this sticker) is a huge security risk because anyone with a scanner (cheap to buy) can bump you and get that data, which they can then use to clone another passive RFID/NFC chip. The only reason you don't hear about thieves doing this already is because the tech is not widely used, and thieves are having great success getting access to CC info via other means. The return is simply too low.

When NFC comes to our phones, the RF chip in our phone will not be able to be passively read. It has to be enabled. Furthermore, you the user will control when it can be read, and which "card" the phone should make available. No one will be able to bump scan your phone.

Now, if someone gets a hold of your phone, and assuming you have no credential check set up (pin, password, pattern, etc), then they can get to your NFC data. But that's no different from someone stealing your wallet and getting the magnetic stripe info off of your traditional credit card.
 
novox77 said:
One should not be universally scared of NFC. Current passive NFC tech (the kind that can always be read from, like a credit card or this sticker) is a huge security risk because anyone with a scanner (cheap to buy) can bump you and get that data, which they can then use to clone another passive RFID/NFC chip. The only reason you don't hear about thieves doing this already is because the tech is not widely used, and thieves are having great success getting access to CC info via other means. The return is simply too low.

When NFC comes to our phones, the RF chip in our phone will not be able to be passively read. It has to be enabled. Furthermore, you the user will control when it can be read, and which "card" the phone should make available. No one will be able to bump scan your phone.

Now, if someone gets a hold of your phone, and assuming you have no credential check set up (pin, password, pattern, etc), then they can get to your NFC data. But that's no different from someone stealing your wallet and getting the magnetic stripe info off of your traditional credit card.
Click to expand...
Thanks Novoxx for the explanation, you always have the right answer to everything :)
 
Would solve one problem. New tactic at ATM is infrared. It records the heat from your fingers when you enter the PIN. Suggested solution was press all the keys after entering. The hot image doesn't last that long, so if you swipe all the keys after the transaction there's too much info.
 
You must log in or register to reply here.
Back
Top Bottom