Saturday, January 29, 2011

From the Plastic Age of Vinyl Records to the Digital Age: Your Phone is Now Becoming Your Wallet

 

NEW YORK (CNNMoney) -- "Credit cards may soon be as outdated as vinyl records. (Remember those?) And this is the year that the slow, steady march to oblivion begins.

You can already use your iPhone, Droid or BlackBerry to buy a hotdog at the ballgame, buy your Starbucks latté, or give a friend a few bucks by Bumping phones. But by the end of the year you may not even think twice about reaching for your phone to pay at the register instead of fumbling for your credit card."

"Your plastic card hasn't changed since the age of the vinyl records," said Michael Abbott, CEO of Isis, a new mobile payment network. "This is the chance to bring payments forward from the plastic age and the vinyl records age to the digital age." 

7 Comments:

At 1/29/2011 2:49 PM, Blogger Jason said...

Would I be the only one worried about security with this? Wireless transmission of financial information could easily be captured/read...what then?

 
At 1/29/2011 5:54 PM, Blogger KauaiMark said...

Next comes the "digital pickpocket"...

 
At 1/29/2011 6:34 PM, Anonymous Anonymous said...

Jason, do you also not buy stuff on the internet because the info might be "captured/read"? There are always security holes in any new system and they are fixed over time, but almost nobody gets their money stolen because their transmission is jacked.

 
At 1/29/2011 7:55 PM, Blogger morganovich said...

sprewell-

that is statistically inaccurate.

there is far more credit theft online than in the physical world. that's why merchants pay a higher fee for card not present transactions.

you the card user might get your fraudulent charges covered by the card issuer, but it's still costing someone money. the bank eats that charge, but they pass that on to the merchants in fees, who then pass it right back to you.

fees on an internet transaction are often about 4X what they are if you swipe your card in a store.

transmitting the signal wirelessly is FAR less secure than an internet transaction. there is no wireless equivalent of SSL. signal are easy to intercept and then also easy to mimic. this makes any real "card present" functionality impossible to verify with a cell phone wallet.

that may well be why the CC co's are so anxious to get this going.

they would much rather take 2% of your grocery bill as opposed to 50bp.

 
At 1/29/2011 11:52 PM, Anonymous Anonymous said...

Morganovich, there isn't more credit theft online, the percentage is just higher. Obviously there's still a lot more theft off the internet because most transactions are still with the card present. Yes, obviously the CC fees pay for fraud. However, my point was only about the transmission, which is rarely the problem. I don't know what you mean by a wireless equivalent of SSL: encryption works over any channel, whether wired or wireless. The encryption used by Wifi, WEP and WPA, uses the same ciphers as SSL/TLS and even if you're on an unprotected 802.11 wireless network, most ecommerce sites will send encrypted SSL/TLS webpages over the wireless connection.

Because wireless tech like NFC will use highly secure authentication and encryption, they will be far more secure than any credit card. I don't sense any urgency from the CC companies for this new tech, they strike me as technically clueless. It is the smartphone vendors and startups driving this, as noted in the post, as they all see a real revenue opportunity for mobile here that they could cash in on. Given that Google's Android smartphone software is free, this might be a way they could actually monetize it. As for the CC fee differences, if the CC companies think those silly fees will last for long in this increasingly highly connected world, they may be even dumber than I think. ;)

 
At 1/30/2011 4:10 PM, Blogger morganovich said...

sprewell-

the fees are not going down so long as fraud stays up. ask anyone with a merchant credit card account how their fees are trending.

i also question your assertion that card not present theft is lower in absolute $'s than card present. CNP has been the fastest growing segment of CC charges for many years and is now a big part of the market. do you have a source on that?

and can you seriously be arguing that WEP etc are secure? there are about a zillion documented cases of people in a car outside the house tapping into "secured" networks.

access is much, much easier as all the info is simply broadcast. you could use a directional antenna to grab a whole supermarket all day.

there is no wireless equivalent of locking up layer one or two. all you can do is encrypt and hope for the best.

encryption can be pretty good, but it has significant limitations as well. i used to be an investor in PGP, who pioneered the space, and i am still friendly with some of those guys. i've seen satchels that can intercept all the bump traffic on a tradeshow floor and wifi "samplers" that can be used to build botnets while driving down the street.

all these systems have flaws, but a wireless system magnifies them by making layer one access easy. to get the data from the phone line connecting a credit card terminal to visa, you need access to the network. there is no such hurdle for wireless, hence, a wireless network will NEVER be as secure as a wired one for any given set of standards.

it's also why anyone with serious secrets to keep (pentagon, CIA, NSA, major banks and hedge funds etc) all forbid the use of wireless networks at the office.

 
At 1/30/2011 9:46 PM, Anonymous Anonymous said...

Morganovich, the fraud won't stay up. This 2005 article notes that all CC fraud fell by two-thirds from 1992, when it was higher than the 2005 online CC fraud rate. Given that CC fraud accounts for less than .2% of sales, obviously it's not fraud that's driving the fees of 0.5-3%. That same 2005 article notes that 11% of CC transactions were done online, so even if that percentage doubled in the last 5 years, more fraud would be happening offline. WEP may not be that secure anymore but neither is SSL 2.0: my point was only that all of the tech uses the same encryption. I wouldn't say that wireless access is necessarily much easier, it all depends on if it was secured right. Not sure why you don't think the wireless layer 1/2 can be locked up, that's what 802.11i WPA2 does, by encrypting the stream.

The hacks that you mention only work on older wireless routers that either use older encryption like WEP or are misconfigured; encryption can keep most attacks out. I agree that it's easier to setup a wireless radio to try and break into a wireless network as opposed to patching into a physical cable for a wired network, but that's why you have encryption. With the limited range of NFC tech, it won't be any easier to pick up that short-range wireless signal. I disagree that wired is always more secure, I suspect that wireless is often more secure because it uses encryption, whereas wired often doesn't and can have exposed cables. The secretive organizations you mention probably secure their physical cables very well and don't want to deal with setting up more wireless networks. That may make sense for them, but not for the average consumer who values their mobility and isn't giving up much security with NFC tech.

 

Post a Comment

<< Home