http://www.engadget.com/2016/06/02/visa-olympic-wearable/
The ring is also ceramic, is also water resistant up to a distance of 50m, and happens to be "unnamed" thus far. Now combine that with nfcring.com's front page message:
"Psst... Early Adopters...
Be amongst the first to get your hands on the World's First Contactless Payment Enabled NFC Ring, launching very soon..."
Very suspicious. ;)
Thank you for the link, John. I appreciate it.
Regarding Kristin's demo: no I get that a proper skimmer wouldn't.
And regarding the liability part: that's true, but up to a point (or from a point, would be more accurate?). In the Netherlands you have to pay a liability fee of 50€ when skimmed (used to even be 150€ prior to last January the 29th, see link below). Coincidence is that for most banks (if not all) in the Netherlands, that the daily threshold before requiring PIN is set at 50€. So that means you won't get a refund when skimmed.
So a very long while ago I watched a lecture from Kristin Paget displaying a technology that she describes as "Guardbunny". I'm not one for frivolous commercial brand names, but what drew my attention was what it does. I won't bother you with any pathetic attempts made by me to explain it in technical detail of how this Guardbunny product works (do see the demo and explanation in the link below for that), but it basically offers three protection schemes: jams signals of unwanted read sessions, makes an audible signal when the tag is being attempted to be read, makes a visual signal when the tag is being attempted to be read (a light turns on).
The demo:
https://youtu.be/HRXb-FZ6WFM?t=40m20s
Anyone who knows this field is probably aware that we'll never be able to (fully) defeat unwanted RFID/NFC interactions, so it would be nice to at least know when our tags are being read, so we can make due changes if the read session was unwanted. Therefore the latter two of the three protection methods sounded very intriguing.
Would it be possible to build in a system in future ring models that makes an audible and/or visual signal when there's a read activity in progress?
As you could see in the demo, it doesn't require any extra power or such, but probably boils down to matters of available space in a ring design, cost, and having the required technical know-how to implement.
He's the minister of finance. Not trusting other people with money is basically the nature of the creature. :)
The banking sector is expecting the user base to share the responsibility of online banking and wireless transactions. Yet they [banking sector] are pushing online banking (so that they can cut costs by closing their local establishments; which they have, and are progressing on as we speak), as are their retail partners pushing wireless transaction (to increase transaction rate in the hope that the consumer is more inclined to spend).
Now I consider myself a very capable person when it comes to basic -- and to some degree advanced -- security. I try to keep up to snuff with the latest news in regards to, as well as daily living of what I've learned. How can you ask Joe Sixpack to share the responsibility? Or the elderly for that matter? My parents for example. They're around their 60s, didn't grow up with computers, and barely know how to use a search engine, barely know how to drag and drop a file, and barely know what a URL is. Imagine how difficult it has been for me to inform my parents on the do's and don'ts of online banking. I'm basically their IT guy. I keep their system clean, and I weekly help them with their stumbling blocks. If they didn't had me; good luck to the banks expecting them to be responsible.
Besides that, the financial penalty is plain childish indeed. Has anyone ever enjoyed the process of going through the grinding mill with a bank at the other end of the line, in the instance you're the victim of fraud? 'Of course people enjoy that. That's why you need a financial penalty in place to keep the commoner on its toes.'
I agree with Annita, but I'd like to refine the idea a bit more: announce a competition in a tech corner of the web (maybe one that's focused on NFC stuff in general, or stuff that has an indirect relation to NFC, such as a smartphone community like XDA?), and require the attendees to sign up to our forum, and/or require to come up with the most creative idea for using an NFC ring. That's the only way to go about for maximum impact I can think of.
Sounds like a win+win to me, Lokki.
@johnyma22 said in Very suspicious NFC ring related subject: Olympic athletes will sport Visa's new payment ring in Rio:
It's us.... We're working with Visa..
Is there a topic in regards to that on the forum or elsewhere? I'd like to learn more, but I couldn't find anything (or I haven't searched hard enough). Or do I have to wait until you're ready to publicize? :)
@johnyma22 said in Very suspicious NFC ring related subject: Olympic athletes will sport Visa's new payment ring in Rio:
It's us.... We're working with Visa..
Is there a topic in regards to that on the forum or elsewhere? I'd like to learn more, but I couldn't find anything (or I haven't searched hard enough). Or do I have to wait until you're ready to publicize? :)
http://www.engadget.com/2016/06/02/visa-olympic-wearable/
The ring is also ceramic, is also water resistant up to a distance of 50m, and happens to be "unnamed" thus far. Now combine that with nfcring.com's front page message:
"Psst... Early Adopters...
Be amongst the first to get your hands on the World's First Contactless Payment Enabled NFC Ring, launching very soon..."
Very suspicious. ;)
He's the minister of finance. Not trusting other people with money is basically the nature of the creature. :)
The banking sector is expecting the user base to share the responsibility of online banking and wireless transactions. Yet they [banking sector] are pushing online banking (so that they can cut costs by closing their local establishments; which they have, and are progressing on as we speak), as are their retail partners pushing wireless transaction (to increase transaction rate in the hope that the consumer is more inclined to spend).
Now I consider myself a very capable person when it comes to basic -- and to some degree advanced -- security. I try to keep up to snuff with the latest news in regards to, as well as daily living of what I've learned. How can you ask Joe Sixpack to share the responsibility? Or the elderly for that matter? My parents for example. They're around their 60s, didn't grow up with computers, and barely know how to use a search engine, barely know how to drag and drop a file, and barely know what a URL is. Imagine how difficult it has been for me to inform my parents on the do's and don'ts of online banking. I'm basically their IT guy. I keep their system clean, and I weekly help them with their stumbling blocks. If they didn't had me; good luck to the banks expecting them to be responsible.
Besides that, the financial penalty is plain childish indeed. Has anyone ever enjoyed the process of going through the grinding mill with a bank at the other end of the line, in the instance you're the victim of fraud? 'Of course people enjoy that. That's why you need a financial penalty in place to keep the commoner on its toes.'
@johnyma22 said:
That's fascinating @Hotwire -- Even if you can prove fraud you have to pay some admin type fee? Is that the case since the 29th of Jan IE still the case today?? The banking industry is constantly trying to improve the situation for contactless payments so hopefully they did the right thing and resolved that for you!
It's still the case. It used to be 150€, now it's reduced to 50€, which is good. A nuance however: the liability fee covers both fraud instances during online banking/transactions, in addition to being skimmed in public.
Apparently the EU allows for even further reduction below 50€, but our minister of finance (Dijsselbloem), isn't willing to go that far just yet, as he argues that (rough translation) "if there isn't some penalty in place, it could promote users to become careless [in regards to fraud prevention]".
That recent reduction from 150 to 50 has got something to do with the EU's 'Payment Service Directive 2'. But that's all I know.
Thank you for the link, John. I appreciate it.
Regarding Kristin's demo: no I get that a proper skimmer wouldn't.
And regarding the liability part: that's true, but up to a point (or from a point, would be more accurate?). In the Netherlands you have to pay a liability fee of 50€ when skimmed (used to even be 150€ prior to last January the 29th, see link below). Coincidence is that for most banks (if not all) in the Netherlands, that the daily threshold before requiring PIN is set at 50€. So that means you won't get a refund when skimmed.
I genuinely suggest anyone interested on the subject to watch Kristin Paget's 2012 Schmoocon talk (I know, there are many other talks, but Paget actually provides a decent band-aid at the second half -- the first half is about proving the fraude). It's very enlightening. Granted, it's a fairly old talk, so some points might be dated, and some might be common knowledge by now, but fundamentally speaking, NFC will never be entirely safe. No matter how sophisticated the backend security is.
The talk:
Personally, I'd much rather do NFC transaction via a phone (especially something that's well implemented software-wise like Apple Pay, as well as hardware-wise), because that's something I can switch off when not in use, instead of being statically passively present. Do need to abide to a couple of rules though. Which are: keep phone up to date, only install apps from official stores, and abstain from obtaining SU rights, but that's standard requirement for anything on any device these days.
I don't agree at all by the way that NFC transaction is more safe than anything we've got. The safest is still PIN + physical insertion (to read the chip, not magstrip) at terminal. You just can't beat non-wireless in terms of security. Remember that the banks and retail sector didn't choose NFC for better security over standard card insertion based transactions, but to raise the transaction flow rate. If they could've waved a magic wand and make insertion based transaction just as smooth as NFC, I'm pretty sure they'd stick to the former as it has got way less security variables to account for.
Edit: old thread is old, didn't see that.
Sounds like a win+win to me, Lokki.
I agree with Annita, but I'd like to refine the idea a bit more: announce a competition in a tech corner of the web (maybe one that's focused on NFC stuff in general, or stuff that has an indirect relation to NFC, such as a smartphone community like XDA?), and require the attendees to sign up to our forum, and/or require to come up with the most creative idea for using an NFC ring. That's the only way to go about for maximum impact I can think of.