GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I saw a preview of this on BBC Click. The card has a fingerprint reader and will not work wirelessly unless the correct finger is pressed against the reader. The idea is to make contactless payment more secure so that the current £50 transaction limit can be raised. According to the people trialling it, it does not respond to photographs or prints, only to a real finger.
I'm not sure how I feel about this. I never use my card contactless because I don't feel safe doing so, without even a PIN to prove it's really me. I understand that ill-intentioned people with nfc readers can skim data off the card unless you keep it in a metal wallet, but they can't skim off the PIN because that's securely encrypted. Would biometrics be the answer?
I understand that ill-intentioned people with nfc readers can skim data off the card unless you keep it in a metal wallet, but they can't skim off the PIN because that's securely encrypted.
I don't think this is true. An NFC reader can talk to the chip embedded in the card, but it's not like the magnetic strip that just holds some passive data. It should be performing some crypographic protocol that doesn't divulge any info.
Quote:
Would biometrics be the answer?
The thing about biometrics, is that they're kind of like passwords that aren't really secret (e.g., you leave fingerprints on everything you touch) and are very difficult to change. It's okay for identification, not authentication.
I was recently following a discussion about biometrics in general; how institutions & companies promise that they won't store that data anywhere, but then they do it anyway.
Some giant databse got hacked in Korea, Millions of sets of biometric data got leaked. The affected people are scarred for life, and NOTHING can fix that anymore.
Apart from that I don't think it's so bad; provided it's implemented safely (yeah, that's a big BUT).
I saw a preview of this on BBC Click. The card has a fingerprint reader and will not work wirelessly unless the correct finger is pressed against the reader...I never use my card contactless because I don't feel safe doing so...
My bank will supply a contact only (ie insert chipped part of card into merchant's machine) on request. The only down side is losing the ability to mimic a credit card with a debit card, which IMO is a small price to pay to get away from the risk of wireless card skimming. Maybe ask your bank about it?
Quote:
Originally Posted by hazel
...According to the people trialling it, it does not respond to photographs or prints, only to a real finger...
Sounds safe, but then again I can't get THAT scene from Demolition Man out of my mind.
My bank will supply a contact only (ie insert chipped part of card into merchant's machine) on request. The only down side is losing the ability to mimic a credit card with a debit card, which IMO is a small price to pay to get away from the risk of wireless card skimming. Maybe ask your bank about it?
That's exactly what I did. I told them to put a note against my name that if they ever found any contactless payments apparently made with that card, they should contact me because it wasn't me that made them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.