Monday, December 21, 2009

Happy Xmas and Best Wishes for the New Year

Well it’s that time of the year again and before you know it Xmas will have come and gone. But just thinking about the run up there are many interesting aspects to occupy the mind and for us girls and you guys (eventually) shopping turns into a frenzy. So of course the $64,000 question, do we shop on-line? It’s interesting that a number of my friends have over the last year or so become more and more concerned about the security of using their debit or credit card over the internet to the point at which they have minimised their use to the essentials. As I’ve always pointed out to friends think twice about using a debit card linked to your bank account, the criminal may end up emptying your bank account before you know it. Having a special low value account or a low value credit card significantly reduces your risk against heavy losses and really it goes without saying that getting the bank to put money back into your account is somewhat more difficult than arguing a credit card statement.

It is has been reported by the financial institutions that while online transactions account for about 4% of the total card transactions 50% of card fraud is due to these transactions. It should be noted that the fraud figures really relate to Card Not Present transactions (not cardholder – one hope’s he is actually there) and that of course includes telephone orders.

The trouble is we suffer from ‘Click’ mania, one of my friends compares it to unprotected sex, instant gratification from a friend and it’s only afterwards that we start to worry about the consequences. The email arrives, particularly at this time of the year, from a friend, close or maybe even casual containing a link to something apparently exciting, click here and you will be entertained. The trouble is that all too often we do just that and before you know it some malware has zoomed over the wires/airwaves into your machine. This malware may be frivolous but it can also take over your machine and logging your credit card numbers, bank account details, user names and passwords is just run of the mill stuff for the hacker who sits at home waiting for all the details to arrive.

Of course that's only the half of it we also have professional hackers setting up Phishing and Spearing attacks where they aim emails at all and sundry or some times as in the latter case targeted to specific people, the Spearing attacks are much harder to detect because they can be made substantially unique and operate under the malware detection systems.

Now just think about it for a minute, there is a real risk and it’s already happening to a lot of people that your machine is hosting an alien piece of software that can intercept and override every thing you do and worse, yes it really gets worse, you may be totally unaware of what’s happening.

So where is all this going, well to start with just a recognition that we have a serious problem that’s not going to be fixed any time real soon. We have all heard about the authentication widgets provided by various financial institutions that set out to provide 2-Factor authentication and even a form of transaction signature. The latter is really quite good from a security point of view, they use your financial card to do the cryptography but oh they are so painful to use and I’m not surprised by the negative user reaction. The big advantage is that the keyboard and display form a separate channel to the PC and hopefully have not been attacked by malware.

I want to put it on your Xmas list so here for the gadget zeeks amongst you are some portable USB card reader devices, one for contact smart cards and one for contactless.

They are a joy to hold (please contact our shop if you need one for Xmas) and of course they could be used instead of the calculator sized widget although some trust in the PC is still required but not to the same extent.

Once again, Happy Xmas and best wishes for the New Year from all of us at Smart Card News,

Patsy

Monday, November 16, 2009

Does NFC ring any bells?

Once again Cartes has come and gone, no rail strike and perfect weather. In a way it seems to reflect the industry as a whole. The technology is hidden away and now we are only presented with the business propositions, the icing on the cake. Not a complaint just a realisation that the industry is now truly mature. It’s funny really but when you are following the technology everybody is busy telling you that it’s all going to happen next year and of course it never does. When people stop evangelising then suddenly it’s all done and dusted.So are there any loose ends? Well you wouldn’t want to be disappointed would you? Does NFC ring any bells? Now here’s the interesting thing the evangelists have gone, no more ramming it down your throat, a sort of acceptance that it will probably happen but no time real soon and that there probably isn’t a killer application. It’s all a matter of an instrument that gives you a better way of life. In other words the phones will eventually have NFC and people will find things to do with it.

Now it’s taken a little time but I’ve got there, the phone is an instrument of social networking, either to talk, text or email and just about everything else pails into insignificance. Most phones have Bluetooth but it’s not really a part of everyday life, I suspect most people never use it. The camera, oh yes that’s a biggy because it fits into our social networking by providing a means of sharing experiences. Don’t laugh even I take pictures on my mobile phone, in fact I was persuaded by my other half to upgrade my phone just to improve the camera. It takes a little longer but on a good day I can even get the pictures off the phone and onto the PC.

So here’s the question does NFC help with my social networking? Payments – no, mass transit – no, security – no, information – no, connecting with my network - ? Now we’ve got to the Achilles’ heal, does NFC help me communicate? By definition NFC, remember Near Field Communications, and according to he who knows about these things that means magnetic fields operating over a few centimetres or to use the buzz words Person to Person (P2P) but almost with physical contact. So what does NFC allow me to do that I can’t physically do given that the other person is standing next to me? And before some bright spark emails me it’s not about shaking hands with the Queen without touching her.

Let’s be more practical, I can pass data stored in my phone to the phone of the other person. But I can do that today with Bluetooth and most people don’t bother they usually send a text or an email. Smart phone users send emails and everybody else sends text messages, well that’s my observation anyway. Ah ha they tell me but look how much easier it will be to do this with NFC, there’s no pairing required which you need to do with Bluetooth when two devices first meet. The trouble is you are still going to have to set up the application that uses NFC so I can imagine people will still use text or email.

But it’s free, there are no network costs to communicate by NFC, I don’t think anybody cares. Those with smart phones will already have a data contract and those with text messaging just seem to see that as a part of life.

Now let’s not give up, the Apple iPhone has a huge cult following of which a big part is the world of iPhone applications. Can you imagine developers producing applications that use NFC? That’s assuming Apple decide to include NFC of course but I’m told by insiders they are seriously considering their options. But I’m stuck again, what could you do with NFC that you can’t do with Wi-Fi or Bluetooth? In fact those few centimetres seem to be a problem unless I want to make sure nobody can over hear me, now what thought does that put in your mind?

We seem to say it so often but if you don’t need security don’t use smart cards, that has been our mission statement for years. NFC is based around a secure element, the SIM card or some other chip. Nobody has shown me an application for NFC other than payments that needs security and everybody now tells me that payments are not a major driver – so where do we go next?

Patsy.