chip and pin
Latest
How to pay for things securely
We are essentially a cashless society. With the rise of debit cards in the late 1980s early '90s, fewer and fewer of us use paper money to pay for things. Throw in online shopping and single-retailer payment apps like the one from Starbucks, and ATMs seem almost quaint.
Walmart takes Visa to court over debit card payments
Walmart isn't happy that Visa still allows customers to sign for purchases made with their chip-equipped debit cards. The retail giant has filed a lawsuit against Visa in New York in an effort to compel the credit card brand to require PIN verification when paying in its stores. Walmart argues that PINs are a lot more secure than signatures and can help prevent fraud. It used to only allow debit card payments verified by PINs when it first started accepting chip cards, but Visa forced the company to allow signature verifications.
'Chip and PIN' card reader for iOS selling in European Apple Stores
Merchants here in Europe will soon be able to walk into an Apple store and buy a Bluetooth "chip and PIN" reader that talks to the iPhone right off the shelf. Until now, merchants here didn't have a lot of immediate access to tech that allows them to take payments via their iPhones and iPads. Square is still not available in Europe, while the Swedish iZettle card reader can't be bought in retail stores. But things are about to get easier, because Payleven has just inked a deal with Apple to carry its chip and PIN device in stores, reports TheNextWeb. Unlike Square, Payleven doesn't connect directly to your iPhone. Instead it uses Bluetooth to talk wirelessly to it -- something that is nice because you don't have to hand your iDevice to dozens of different customers each day. After the merchant enters the amount of the transaction in the Payleven app, customers insert their credit or debit card into the chip and PIN reader and enter their PIN, at which point the app processes their payments. The Payleven Chip and PIN reader is available in Apple stores for £99. Users also get a £20 credit for card processing fees. There are no subscription fees to use Payleven, but merchants will be charged 2.7% per transaction. The Payleven app is a free download.
iZettle launches on EE, aims to let UK merchants dabble in plastic
iZettle has just launched its Android and iOS payment platform on EE in the UK, giving small businesses a cheap way to get paid through Visa, American Express, Diner's Club and Mastercard. For a £20 fee in EE stores, you can grab the scanner (shown above) and start accepting charge card payments through your iPhone, iPad and certain Android devices with no other fees except for the usual merchant grab -- 2.75 percent per transaction in this case. Sales can even be keyed in manually if you don't want the scanner, and the company claims the system is quick and "totally secure." So, if you're tired of chasing down that deadbeat client who keeps saying "too bad you don't take Amex," hit the PR after the jump.
iZettle comes to Android for a few lucky Swedish Samsung owners
Square gets most of the media hype, but without an international presence, would-be competitors have had a chance to carve out their own niches in the mobile commerce market. Sweden's iZettle has managed to make quite a splash in its homeland, and it's expanding its mini empire by finally bringing its wares to Android -- albeit in an extremely limited form. Unless you've got a Galaxy S III, S II or a Note then iZettle still isn't for you and with availability in a single Nordic country, it might seem more accurate to describe Android support as being in beta, but the company has ditched the testing tag regardless. Rest assured, however, it is actively working to add more handsets and export the app beyond its particle board-loving borders.
Security experts hack payment terminals to steal credit card info, play games
If a payment terminal could be forced into servitude as a crude handheld gaming device, what else could it be made to do? Researchers at the Black Hat conference showed just what mischief a commonly used UK PoS terminal could get up to when they inserted a chip-and-pin card crafted with malicious code. That enabled them to install a racing game and play it, using the machine's pin pad and screen. With the same hack, they were able to install a far less whimsical program as well -- a Trojan that could record card numbers and PINs, which could be extracted later by inserting another rogue card. On top of that, criminals could use the same method to fool the terminal into thinking a transaction was bank-approved, allowing them to walk out of a store with goods they hadn't paid for. Finally, the security gurus took a device popular in the US, and used non-encrypted ethernet communication between the terminal and other peripherals to hack into the payment device and take root control. Makes you want to put those credit cards (and NFC devices) away and stick to cash -- at least you can see who's robbing you blind. [Original image credit: Shutterstock]
Barclays releases Pingit mobile payments app, we go hands-on
Barclays Bank has unleashed Pingit, an iOS, Android and BlackBerry app that lets you send up to £300 ($470) a day to family, friends or technically-aware muggers. UK mobile number and bank account holders can get started in minutes as long as they've got one of the Barclays-branded PINSentry tools. You'll be asked to come up with a five-digit code that will lock the app to anyone but yourself (or, you know, that mugger) and then you can start spreading your cash around, baller-style. We set up our own account through the app and if you're curious about our impressions, you can find out what we thought after the break.
iZettle's chip-reading Square competitor will take your money, no swipes required (video)
Everyone seems to be getting on board with Square's iPhone credit card reader -- Apple started selling the device in its stores last week, and even Visa has taken a financial interest in the company. However, due to the popularity of fraud-fighting chip-enabled smart cards on the other side of the pond, Square's offering doesn't quite fit the bill. iZettle has a similar solution for Europe that includes the ever-so-necessary smart card reader, which the company is launching in Sweden this June. Not only does it enable you to accept credit card payments from friends or customers, the app adds a social twist. Merchants can email a photograph and receipt to buyers, who can then share their latest spoils on Facebook. Of course, if this starts to catch on, it could make explaining that "awesome deal" you scored on a new laptop that much more difficult when it pops up on your significant other's news feed. [Thanks, David]
Cambridge University finds credit card security flaw, uses the money for beer pong supplies (video)
Oh, those crazy kids at Cambridge University -- when not doing keg stands or playing Hacky Sack in the quad they're hard at work proving the vulnerability of the EMV verification used in credit and debit cards (or as it's called across the pond, Chip and PIN). We won't go into too much detail (because we don't have much detail) but a flaw has been discovered that allows one to convince the terminal that a card's PIN has been entered -- and you know what that means: free money! All you really need to pull it off is a fake smart card connected to a card reader containing the stolen card and some fancy software. (Place the contraption inside a hat box or bowling ball bag if you want to be slick.) What could be simpler than that? "We think this is one of the biggest flaws that we've uncovered - that has ever been uncovered - against payment systems, and I've been in this business for 25 years," said Professor Ross Anderson from the school's Computer Laboratory. Sure, this is a proof-of-concept thing, and not yet a clear and present danger, but we have faith that the hackers will see this one through. Maybe we weren't crazy to bury all that gold in the backyard after all! British TV news (with the appropriate dramatic music) after the break.
UK Chip and Pin machines headed to the home
Barclays bank is doling out at least 500,000 Chip and Pin machines (the fancy UK term for credit card reader) for use in the home by its customers. The system is similar to the key fob that PayPal offers to its users, which generates six-digit passwords for use in supplement to the traditional username and password to add a layer of security to your PayPal account. The card readers that Barclays is shipping out generate an eight-digit number for logging onto your online banking account, but first you have to swipe your card and enter your pin number. You're also required to perform the same action for money transfers. This should beef up security considerably for users, and guard people from being compromised fully by phishing attacks, but we're fairly certain your money and identity will never be safe until you bury it all deep in the woods somewhere, later to be discovered by three camping buddies who are soon to become mortal enemies... we'll stop now.
Kingston unveils flash storage vending machine in UK
We wouldn't recommend hopping on the next non-stop flight to London Gatwick Airport's North Terminal or anything, but for those passing through in dire need of an extra SD / CF card or USB drive, Kingston's got your back. Joining SIM cards, iPods, digicams, shoes, and all sorts of other bizarre goods, Kingston's self-branded vending machine will doll out presumably overpriced flash memory to travelers in need. Reportedly, New Jersey-based MyMemory will be operating the machines, and of course, they will all be open 24/7 for your late night (and mid-day) flash storage requirements. Interestingly, the UK units will supposedly utilize the oft hacked Chip & PIN technology, which means the countdown to gobs of free memory (and a high-speed police chase) has officially begun.[Via EverythingUSB]
Chip & PIN Tetris hackers can steal credit card info, too
Hacking into sensitive machines and playing brain games on them certainly isn't new -- and a pair of researchers at Cambridge have already done just that on a "tamper-proof chip-and-PIN payment terminal," -- but in a recent (and more serious) development, they've extended the exploit to demonstrate how they can "compromise the system by relaying information between a genuine card and a fake one." Saar Drimer and Steven Murdoch, members of the Cambridge University Computer Laboratory, have not only played Tetris on a banking machine, but have devised a scenario where a terminal is actually connected to a thief's laptop (instead of a bank, for instance), thus passing through crucial information without throwing a red flag to the now-screwed customer. Through a series of RFID, WiFi, and SMS connections, the duo even explains how something so simple could be used to steal thousands of dollars in diamonds and jewelry if working with a trained crew. Still, it's noted that this kind of stunt would be "difficult to execute in practice," and of course, whoever tries it runs the risk of being imprisoned for quite some time, but if you're interested in an eerily detailed description of just how beautiful you life can become if you actually pull this off, the read link demands your attention.
