PAYPASS

Die Presse macht Wind

Swipe-Free Credit Cards Tested

(AP) The familiar process of buying something with a credit card - handing the plastic to the clerk or swiping it yourself, then waiting for approval and signing the receipt - could be headed the way of the mechanical brass cash register.

For more than a year, MasterCard and American Express have been testing "contactless" versions of their credit cards. The cards need only be held near a special reader for a sale to go through - though the consumer can still get a receipt.

The card companies say the system is much faster and safer because the card never leaves a customer's hand.

"In some instances it's faster than cash," said Betsy Foran-Owens, a MasterCard vice president. "You're eliminating the fumble factor."

MasterCard has been testing its PayPass system mainly in Orlando, Fla. and promises a nationwide rollout in 2004, beginning primarily at quick-service restaurants and other places where people tend to be in a hurry.

American Express has mainly done pilot runs of its Express Pay service in the Phoenix area, though the company expanded it to New York ferry terminals on the Hudson River this week.

The new credit cards work much like the Speedpass system that ExxonMobil has accepted for quick payments at its gas stations since 1997. But the keychain fobs carried by Speedpass' 6 million users are good only at ExxonMobil stations and a handful of other retail outlets.

In contrast, credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers. The card companies have worked out technical standards that would let one reader handle multiple brands of contactless cards.

Still, you probably will leave home without one of the new cards for a while. Forrester Research senior analyst Penny Gillespie predicts it will take a few years for contactless cards to go mainstream.

Visa USA has developed contactless capabilities but is holding off on a launch because "consumers seem to be content using the cards they have in their wallet," Visa spokeswoman Camille Lepre said.

The new cards have chips imbued with radio-frequency identification, or RFID, the technology that Wal-Mart, the military and other institutions hope to begin using soon to precisely track inventory.

While old-fashioned credit cards store account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

American Express' ExpressPay uses a keychain fob, like the ones used by ExxonMobil Speedpass and similar to the tags in supermarket discount programs.

"I like that it's on your keychain and it's fast to use," said Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about six months at a CVS Pharmacy and fast-food restaurants. "I charge everything anyways. Now I wave it rather than get my card out. It's more convenient."

MasterCard's PayPass comes on a regular-sized card that also has a magnetic stripe for swiping if need be. MasterCard also has done tests in Dallas with Nokia Corp. in which the RFID chip is embedded in the plastic casing of a cell phone.

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader's electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader.

The transaction then proceeds through the credit card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer's knowledge by a technologically savvy thief intent on cloning a card. That's because RFID transmissions themselves are not encrypted.

However, the thief would have to get quite close to his target or have a very sensitive reader.

Also, the account number on the contactless cards is useful only in the RFID system - it's not the same as a user's credit card number. A crook would thus not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

There would be other hurdles.

American Express makes the RFID reader verify the card's authenticity with a "challenge-response" exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against "brute force" attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.

"I have some faith in the credit card companies," said Henry Holtzman, a research scientist at the Massachusetts Institute of Technology's Media Lab who started Presto Technologies Inc., a now-defunct company that sought to develop in-home applications for RFID tags on consumer products. "I trust them because fraud is a serious issue they have to deal with."

Others are more skeptical. Simson Garfinkel, another MIT researcher who follows RFID, said credit card companies ought to be using "smart" cards with public key cryptography, a very strong form of security.

Jeff Chasney, chief technical officer of CKE Restaurants Inc., which runs the Carl's Jr. and Hardee's fast-food chains, says the new cards are likely to increase sales because they are so easy to use and ensure that a consumer won't be limited by the cash in his wallet.

But even Chasney, who is considering a contactless card trial, worries about the use of RFID in the cards.

"I would suggest to you," he said, "the greatest obstacle is going to be security."



By Brian Bergstein
©MMIII, The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.
 

Companies test "contactless" credit cards


- - - - - - - - - - - -
By Brian Bergstein



Dec. 12, 2003  |  NEW YORK (AP) -- The familiar process of buying something with a credit card _ handing the plastic to the clerk or swiping it yourself, then waiting for approval and signing the receipt _ could be headed the way of the mechanical brass cash register.

For more than a year, MasterCard and American Express have been testing ``contactless'' versions of their credit cards. The cards need only be held near a special reader for a sale to go through _ though the consumer can still get a receipt.

 
The card companies say the system is much faster and safer because the card never leaves a customer's hand.

``In some instances it's faster than cash,'' said Betsy Foran-Owens, a MasterCard vice president. ``You're eliminating the fumble factor.''



 


Today's Daypass sponsored by AOL 9.0 Optimized



 
 

MasterCard has been testing its PayPass system mainly in Orlando, Fla. and promises a nationwide rollout in 2004, beginning primarily at quick-service restaurants and other places where people tend to be in a hurry.

American Express has mainly done pilot runs of its Express Pay service in the Phoenix area, though the company expanded it to New York ferry terminals on the Hudson River this week.

The new credit cards work much like the Speedpass system that ExxonMobil has accepted for quick payments at its gas stations since 1997. But the keychain fobs carried by Speedpass' 6 million users are good only at ExxonMobil stations and a handful of other retail outlets.

In contrast, credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers. The card companies have worked out technical standards that would let one reader handle multiple brands of contactless cards.

Still, you probably will leave home without one of the new cards for a while. Forrester Research senior analyst Penny Gillespie predicts it will take a few years for contactless cards to go mainstream.

Visa USA has developed contactless capabilities but is holding off on a launch because ``consumers seem to be content using the cards they have in their wallet,'' Visa spokeswoman Camille Lepre said.

The new cards have chips imbued with radio-frequency identification, or RFID, the technology that Wal-Mart, the military and other institutions hope to begin using soon to precisely track inventory.

While old-fashioned credit cards store account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

American Express' ExpressPay uses a keychain fob, like the ones used by ExxonMobil Speedpass and similar to the tags in supermarket discount programs.

``I like that it's on your keychain and it's fast to use,'' said Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about six months at a CVS Pharmacy and fast-food restaurants. ``I charge everything anyways. Now I wave it rather than get my card out. It's more convenient.''

MasterCard's PayPass comes on a regular-sized card that also has a magnetic stripe for swiping if need be. MasterCard also has done tests in Dallas with Nokia Corp. in which the RFID chip is embedded in the plastic casing of a cell phone.

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader's electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader.

The transaction then proceeds through the credit card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer's knowledge by a technologically savvy thief intent on cloning a card. That's because RFID transmissions themselves are not encrypted.

However, the thief would have to get quite close to his target or have a very sensitive reader.

Also, the account number on the contactless cards is useful only in the RFID system _ it's not the same as a user's credit card number. A crook would thus not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

There would be other hurdles.

American Express makes the RFID reader verify the card's authenticity with a ``challenge-response'' exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against ``brute force'' attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.

``I have some faith in the credit card companies,'' said Henry Holtzman, a research scientist at the Massachusetts Institute of Technology's Media Lab who started Presto Technologies Inc., a now-defunct company that sought to develop in-home applications for RFID tags on consumer products. ``I trust them because fraud is a serious issue they have to deal with.''

Others are more skeptical. Simson Garfinkel, another MIT researcher who follows RFID, said credit card companies ought to be using ``smart'' cards with public key cryptography, a very strong form of security.

Jeff Chasney, chief technical officer of CKE Restaurants Inc., which runs the Carl's Jr. and Hardee's fast-food chains, says the new cards are likely to increase sales because they are so easy to use and ensure that a consumer won't be limited by the cash in his wallet.

But even Chasney, who is considering a contactless card trial, worries about the use of RFID in the cards.

``I would suggest to you,'' he said, ``the greatest obstacle is going to be security.''

 

Paying is faster, easier with new credit cards

Brian Bergstein
Associated Press
Dec. 12, 2003 01:25 PM


NEW YORK - The familiar process of buying something with a credit card - handing the plastic to the clerk or swiping it yourself, then waiting for approval and signing the receipt - could be headed the way of the mechanical brass cash register.

For more than a year, MasterCard and American Express have been testing "contactless" versions of their credit cards. The cards need only be held near a special reader for a sale to go through - though the consumer can still get a receipt.

The card companies say the system is much faster and safer because the card never leaves a customer's hand.

"In some instances it's faster than cash," said Betsy Foran-Owens, a MasterCard vice president. "You're eliminating the fumble factor."

MasterCard has been testing its PayPass system mainly in Orlando, Fla. and promises a nationwide rollout in 2004, beginning primarily at quick-service restaurants and other places where people tend to be in a hurry.

American Express has mainly done pilot runs of its Express Pay service in the Phoenix area, though the company expanded it to New York ferry terminals on the Hudson River this week.

The new credit cards work much like the Speedpass system that ExxonMobil has accepted for quick payments at its gas stations since 1997. But the keychain fobs carried by Speedpass' 6 million users are good only at ExxonMobil stations and a handful of other retail outlets.

In contrast, credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers. The card companies have worked out technical standards that would let one reader handle multiple brands of contactless cards.

Still, you probably will leave home without one of the new cards for a while. Forrester Research senior analyst Penny Gillespie predicts it will take a few years for contactless cards to go mainstream.

Visa USA has developed contactless capabilities but is holding off on a launch because "consumers seem to be content using the cards they have in their wallet," Visa spokeswoman Camille Lepre said.

The new cards have chips imbued with radio-frequency identification, or RFID, the technology that Wal-Mart, the military and other institutions hope to begin using soon to precisely track inventory.

While old-fashioned credit cards store account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

American Express' ExpressPay uses a keychain fob, like the ones used by ExxonMobil Speedpass and similar to the tags in supermarket discount programs.

"I like that it's on your keychain and it's fast to use," said Kristie Beenau, 36, of Peoria, who has used ExpressPay for about six months at a CVS Pharmacy and fast-food restaurants. "I charge everything anyways. Now I wave it rather than get my card out. It's more convenient."

MasterCard's PayPass comes on a regular-sized card that also has a magnetic stripe for swiping if need be. MasterCard also has done tests in Dallas with Nokia Corp. in which the RFID chip is embedded in the plastic casing of a cell phone.

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader's electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader.

The transaction then proceeds through the credit card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer's knowledge by a technologically savvy thief intent on cloning a card. That's because RFID transmissions themselves are not encrypted.

However, the thief would have to get quite close to his target or have a very sensitive reader.

Also, the account number on the contactless cards is useful only in the RFID system - it's not the same as a user's credit card number. A crook would thus not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

There would be other hurdles.

American Express makes the RFID reader verify the card's authenticity with a "challenge-response" exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against "brute force" attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.

"I have some faith in the credit card companies," said Henry Holtzman, a research scientist at the Massachusetts Institute of Technology's Media Lab who started Presto Technologies Inc., a now-defunct company that sought to develop in-home applications for RFID tags on consumer products. "I trust them because fraud is a serious issue they have to deal with."

Others are more skeptical. Simson Garfinkel, another MIT researcher who follows RFID, said credit card companies ought to be using "smart" cards with public key cryptography, a very strong form of security.

Jeff Chasney, chief technical officer of CKE Restaurants Inc., which runs the Carl's Jr. and Hardee's fast-food chains, says the new cards are likely to increase sales because they are so easy to use and ensure that a consumer won't be limited by the cash in his wallet.

But even Chasney, who is considering a contactless card trial, worries about the use of RFID in the cards.

"I would suggest to you," he said, "the greatest obstacle is going to be security."