Linux - MobileThis forum is for the discussion of all topics relating to Mobile Linux. This includes Android, Tizen, Sailfish OS, Replicant, Ubuntu Touch, webOS, and other similar projects and products.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Some phones have NFC chips and others may have apps that act like NFC to allow paying with the phones.
Is NFC secure? Has anyone had issues using it?
I use mine all the time...and its fairly awesome. Haven't had any issues, and I don't see how you could have any more (or less) problems with NFC vs. standard card swiping. Less, I think, since the one-time token makes it a bit more secure. I use it at gas stations all the time, and many airport vending machines (at least at larger airports), can accept NFC taps. Google Wallet is my app of choice.
I don't use it and don't plan to, but that has more to do with keeping track of my finances than with any concern about security. Frankly, it can't possibly be any less secure than US credit/debit cards without chip-and-PIN technology.
If I were to use it, I think I would want something like Lookout on my phone, especially as such a feature will make phones a more attractive target for malware.
Google wallet has been around for a while. I don't recall any news about its having been penetrated (not that there hasn't been any, but I haven't heard it and I usually pay attention to security stuff). It's not like this is really new technology. My concern has more to do with my record keeping than with the technology itself.
I used to wonder how persons could keep track of all the 79 cent cups of coffee they bought with their debit cards; then I learned that they couldn't.
Thanks for the Mercury News article, an interesting read.
I'm new to all this NFC stuff, however I saw some cool things you can do with NFC besides payments, you can create NFC tags/stickers to change phone settings and launch applications based on profiles. Cool.
I personally don't expect "pay with your phone" technologies ... nor "take a picture of the check in order to deposit it" ... to survive for very long.
The bottom-line is quite simple: "a phone, 'smart' or not, is not (and cannot be) 'a secure device.'"
Also: it will always be possible to absent-mindedly set the phone down anywhere, and "ten seconds later, it is gone." Did you put a lock-code on your phone? Of course you didn't . . . (Neither did I.)
The technology that will "win" will be the already-coming strategy of putting a chip in the card itself. The "magnetic stripe" will disappear, as will the "credit-card number." The "credit card" (ATM-card, etc...), while retaining the form-factor of the present card, will become a device with on-board electronics that truly cannot be stolen, forged, or reproduced.
If you go to many stores today (say, Panera Bread franchises ...) you will already see new readers in place which have a slot on the front of the machine in addition to the magnetic-stripe reader on the side. The slot on the front is designed specifically to read the microchips that many credit-cards today already have.
The "tap your phone to pay" strategy, heavily-hyped though it may right-now be, is not secure, nor is it securable. This is due to the pragmatic nature of the device itself (whether "the device" is made by Apple or not). Therefore, it will not survive. But, "neither will the magnetic stripe, or the credit-card number."
(By the way ... if your "e-commerce" web site relies on "credit-card numbers" . . .)
Last edited by sundialsvcs; 12-10-2014 at 07:11 PM.
Anything that one person creates, another can compromise, if the desire is strong enough.
I used to work in the security industry. I learned that the goal of security, at least for business and home security (government security is a whole nother world), is for all practical purposes to make breaking into your place so inconvenient that the criminal decides to break into the place next door because it's easier.
Ultimately, "tap cards" will go away completely ... as will the entire notion of a "credit-card number."
The replacement will be a one-of-a-kind secure token: a credit card with a microchip in it and no radio transmitter. To make a purchase, you'll insert this token into a secure reader, and enter a PIN which could be from 4 to (I think) as many as 11 digits long.
This, of course, will be a dramatic departure for all "e-commerce web sites," which now use "credit-card numbers" as the thing which is stored and which is presented for payment authorization. Banks simply can't afford to honor "numbers" any more. They aren't secure and can't be made so. Making "card numbers" transmittable, even over very short distances, makes them all the more insecure. And it won't take the bad guys, or the good guys, too long to figure that out. The one-and-only way to provide security for credit cards is to permanently get rid of "the number."
I think that the final arrangement will probably involve an "encrypted challenge-and-response" protocol, including the unique-identifier of the card plus your PIN, which is not stored anywhere. The host sends a challenge which the chip on the card must correctly and instantly answer. The exact challenge will never be repeated. Only if the card is the correct one and the correct PIN has been entered will the response be correct. Presumably, only you (can) possess the one-and-only card and know what the PIN is. The card never transmits its "bankable secrets." Only the correct card would correctly answer, and then only when supplied the correct PIN. The host might make multiple challenges, milliseconds apart.
Last edited by sundialsvcs; 12-10-2014 at 07:37 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.