Smith's Supermarket(Kroger subsidiary)

[Sehc]

For myself. I trust my three banks with CC and debit cards much more than I can ever trust Google or Apple with any of my information.  And a money transaction that can be done through a non contact radio? I'm looking forward to the hackers figuring this out. Drain your account standing next to you in line.

[SWharton]

I think the RFID for tap only transmit 2-3". I haven't seen it in the US yet but tapping i prevalent in Canada. I don't have any CC that support tapping so it is years away.

[Carlos]

I just don't understand why people who have zero understanding of how the systems work would still spread their fear-mongering on public forums.  If you don't want to learn about it, fine, but don't make up stuff to post online.

1.  NFC uses a stubbed antenna, or basically no antenna at all.  It's a low frequency with a long wavelength, and the emitter wire is around 0.5% of a wavelength.  Normal antennas are typically 25% wavelength or better.  So it can't actually radiate RF.  It creates an inductor, and basic physics tell us inductors couple at only extremely short range.  I have a pile of NFC devices on my desk right now, and around the house for various uses.  They all work to 3" at most.  Laws of physics.

2.  The exchange of data is MUCH more secure than using a card.  I don't carry my debit card at all because there's just way too much risk of losing a bank account.  If I need access, I use my phone or Apple Watch.  The transaction is done using an encrypted one-time code that is not good ever again, and is only valid for seconds to begin with.  While cards can be duplicated, wireless transactions cannot.

3.  Apple phones and devices have a "secure enclave" chip that is one-directional.  Apple can never get your data, and indeed, you could never transfer it out of the phone if you wanted to.  Just can't happen.  The data is represented inside the chip in an encrypted form, and the chip is physically incapable of spitting it back out.  All it can do is generate one-time codes that represent the data.  No data is sent to Apple themselves.

3 hours ago, SWharton said:

I think the RFID for tap only transmit 2-3". I haven't seen it in the US yet but tapping i prevalent in Canada. I don't have any CC that support tapping so it is years away.

Small detail; it's NFC, not RFID.  Even if your card doesn't have NFC in the card, you can probably add it to Apple or Google Pay to use NFC anyway.  

16 hours ago, Chalkie said:

So would you write a check to an RV park for a 50% PPA discount if that is what they required? Or pay straight up cash to a park that will not accept cards as they do not want to pay the processing fees? Personally, I find that being flexible in my payment options is the best way to go. That way I can take advantage of things that save me money. 

Any company that would make a stink over the 1.9% cost of cards and make my life less convenient won't get my business.  It's a trivial cost when you consider the rest of the cost of doing business.  I accept cards in my business, I'm familiar with it.  The cost of handling checks and cash is not zero, because they have to be dealt with by employees and processed.  Card payments take zero effort on our part; they just land in the account automagically.

 

[Lou Schneider]

1 hour ago, Carlos said:

I just don't understand why people who have zero understanding of how the systems work would still spread their fear-mongering on public forums.  If you don't want to learn about it, fine, but don't make up stuff to post online.

1.  NFC uses a stubbed antenna, or basically no antenna at all.  It's a low frequency with a long wavelength, and the emitter wire is around 0.5% of a wavelength.  Normal antennas are typically 25% wavelength or better.  So it can't actually radiate RF.  It creates an inductor, and basic physics tell us inductors couple at only extremely short range.  I have a pile of NFC devices on my desk right now, and around the house for various uses.  They all work to 3" at most.  Laws of physics.

2.  The exchange of data is MUCH more secure than using a card.  I don't carry my debit card at all because there's just way too much risk of losing a bank account.  If I need access, I use my phone or Apple Watch.  The transaction is done using an encrypted one-time code that is not good ever again, and is only valid for seconds to begin with.  While cards can be duplicated, wireless transactions cannot.

Someone standing next to you in the checkout line can pass an NFC reader next to your wallet and steal a unique code to use in an immediate transaction.  Or a skimmer adjacent to the NFC terminal you're using briefly disconnects the terminal to delay your transaction while it does the same thing before letting yours go through.  How many people are going to question the need to resubmit a failed transaction?

No thanks, I'd rather use a chipped card that requires insertion and a relatively lenghty hard connection to interrogate and read the code generated by the internal chip.  It's the same mechanism as used by an NFC card but has much less chance of being intercepted or falsely triggered.

Edited October 20, 2019 by Lou Schneider

[Barbaraok]

40 minutes ago, Lou Schneider said:

Someone standing next to you in the checkout line can pass an NFC reader next to your wallet and steal a unique code to use in an immediate transaction.  Or a skimmer adjacent to the NFC terminal you're using briefly disconnects the terminal to delay your transaction while it does the same thing before letting yours go through.  How many people are going to question the need to resubmit a failed transaction?

No thanks, I'd rather use a chipped card that requires insertion and a relatively lenghty hard connection to interrogate and read the code generated by the internal chip.  It's the same mechanism as used by an NFC card but has much less chance of being intercepted or falsely triggered.

And if they do that, then I get an immediate alert telling me that a transaction has been made before I get a chance to initiate the charge.   And if it is a smart phone, how are they going to get my fingerprint to initiate the transaction?  

With the chip,  doesn't the merchant still gets the credit card number.   

 

[Carlos]

1 hour ago, Lou Schneider said:

Someone standing next to you in the checkout line can pass an NFC reader next to your wallet and steal a unique code to use in an immediate transaction.  Or a skimmer adjacent to the NFC terminal you're using briefly disconnects the terminal to delay your transaction while it does the same thing before letting yours go through.  How many people are going to question the need to resubmit a failed transaction?

No thanks, I'd rather use a chipped card that requires insertion and a relatively lenghty hard connection to interrogate and read the code generated by the internal chip.  It's the same mechanism as used by an NFC card but has much less chance of being intercepted or falsely triggered.

Yeah, you don't understand this works at all, not even a little bit.  One easy point is that the token is encrypted with keys from both the reader and the buyer, so it can't be re-used.  And as noted above, the device tells you about the transaction nearly instantly.  

EMV also generates some obfuscated data, although I've never studied the details like I have NFC. 

[Lou Schneider]

29 minutes ago, Carlos said:

Yeah, you don't understand this works at all, not even a little bit.

Whatever.  I'm not going to debate with you, just note that I've been involved with RF related stuff probably longer than you've been alive.

Have a nice day.

[chirakawa]

How does one recognize one of these wireless terminals?  I'm going to start watching for them to see if any of the places I do business even accept Apple Pay or Google Pay, etc.

[docj]

4 minutes ago, chirakawa said:

How does one recognize one of these wireless terminals?  I'm going to start watching for them to see if any of the places I do business even accept Apple Pay or Google Pay, etc.

Usually there will some signage stating that Apple Pay or Google Pay is accepted. In addition the payment terminal usually will say something like "Insert, Swipe or Tap" your payment method. 

Unfortunately. "Tap" can refer either to phone-based NFC payment methods or the card-based Tap system largely found in Canada.  Sometimes I tap my phone on a terminal and nothing happens which makes me think it is expecting to use a card-based NFC signal.

 

[Carlos]

33 minutes ago, Lou Schneider said:

just note that I've been involved with RF related stuff probably longer than you've been alive.

Then you should understand that a radio with no antenna doesn't produce RF, it's inductively coupled?  How long have you worked with encryption and one-time codes?

14 minutes ago, chirakawa said:

How does one recognize one of these wireless terminals?  I'm going to start watching for them to see if any of the places I do business even accept Apple Pay or Google Pay, etc.

Around the West, they are "everywhere."  I often go out without my wallet.  There are two widely recognized NFC symbols, I'll find some images to post below.  They may specifically say Apple Pay/Google Pay, and things like that.  As docj said, they may say "tap" but I haven't noticed that very often.  If the terminal is modern-looking, it probably accepts it.  I just try it at new places, unless I can tell the terminal is super old or at stores that are actively trying to resist these systems (Target, Walmart, Kroger).  Note that most major bank ATMs have NFC, so my debit card stays safely locked up and I use my Apple Watch to make an ATM transaction.

 

 

 

[Carlos]

Here are some of the NFC chips I'm working with right now for access and automation controls, and my hand which has an NFC chip implanted in it with a tattoo of the logo over the chip.  The generic little chip tags are as cheap as 30 cents each, so they can be deployed all over the place.  If I scan an NFC sticker that's on the door of the RV, as we leave, it puts the house into "away" mode and sets the alarms and cameras.  To open the house, I just hold my hand over the NFC reader on the front door.

 

[Kirk W]

2 hours ago, chirakawa said:

How does one recognize one of these wireless terminals? 

[sandsys]

8 hours ago, Carlos said:

stores that are actively trying to resist these systems (Target, Walmart, Kroger)

Our local Target takes ApplePay.

Linda

[Sehc]

Thanks Carlos. Now I no longer worry about any digital hacking. Does inductively coupled not use a electromagnetic (radio) transmission?

[Carlos]

9 hours ago, sandsys said:

Our local Target takes ApplePay.

Linda

Interesting, I haven't been to a Target in a long time I guess!

https://www.paymentssource.com/news/targets-surrender-to-apple-pay-shows-the-struggle-of-retailer-only-wallets

15 minutes ago, Sehc said:

Thanks Carlos. Now I no longer worry about any digital hacking. Does inductively coupled not use a electromagnetic (radio) transmission?

You shouldn't worry about it because of encryption and one-time keys.  The fact that it's currently impossible to capture the data from a distance is just extra security.  Inductive coupling and RF radiation are both electromagnetic.  Inductive coupling can happen in the RF spectrum, but it doesn't radiate.  NFC is at 13.56MHz, which is RF, but because it has no antenna, it can't radiate.  So you have to bring two inductors together for one to excite the other.  Inductor just basically means metal coil.  Here's a clear 35mm chip showing the coils.  35mm is pretty big, so the coil is large.  The chips I showed before are much smaller.  Credit cards use smaller lower-range coils.  Either way we're talking a few inches of range.

 

[bobsallyh]

Looks like Smith's and Visa kissed and made up!

https://www.ktnv.com/news/smiths-grocery-store-will-accept-visa-credit-cards-once-again