信用卡的将来 Future of Credit Cards ：RFID，NFC

非接触式NFC银行卡在欧洲很流行，只需要在一个电子读卡器上扫描卡片，就可以完成支付，大大缩短零售商和消费者的交易时间。但黑客可以用类似三星Galaxy S3 手机，然后去谷歌APP商店免费下载，就可在离NFC银行卡10厘米内扫描的卡号、有效期和持卡人姓名！以后S4手机会有更强的NFC天线，可以更加遥远盗窃数据！RFID的信用卡在3米内可以被盗取信息！所以我LA的老外朋友最近也买了铝合金银行卡盒，防备信用卡被盗！

网佳,硅谷无线协会,亦庄国际于8月21日在亦庄举办创业大赛初赛，然后23日在北京MacWorldAsia.com大会里举办决赛，总奖金10万，头奖包括价值4万元去硅谷见识。有意展示项目的请报名北广深沪沙龙27/28/29/30日 http://t.cn/zTiOB8J，或直接Email项目介绍去bp AT webplus点com
#创业成长退出上市沙龙#北广深沪27/28/29/30日，6月解析商业计划书、7月这次解析:创始股东合资协议、投资意向书Term Sheet、投资协议，合伙人相互与投资者博弈。钱是没有无条件的,创业者的取舍；项目是没有无风险的,合伙人和投资者要注意什么。我会分享操作过的协议和其后法律纠纷 http://t.cn/zTiOB8J
欢迎用邀请码http://t.cn/zY8CLA4 免费加入Webplus.com会员。关注网站【活动中心】在北上广深的#创业成长退出上市沙龙#等活动，参与【论坛】里的创业投资等讨论！谢谢！


非接触式银行卡成待宰羔羊：手机扫描窃取信息
2013-06-03 08:01  广州日报
英国媒体演示小偷如何靠近目标，然后在行窃目标钱包或口袋旁迅速完成盗窃。

手机可以用来做窃取银行卡信息的新工具！据英媒报道，只要将手机在不远处轻轻一扫，就可以在几秒钟内完成对银行卡基本信息的读取。读取后的信息可以用在网络购物上，还可以用来回答银行所设的安全问题。
据统计，英国近3000万个非接触式银行卡面临信息被盗的危险。
一天最多“偷”100英镑
5年来，非接触式银行卡的使用变得越来越流行。
由于刷卡时不需要和刷卡机具直接接触，只需要在一个电子读卡器上扫描卡片，就可以完成支付，从而大大缩短了零售商和消费者的交易时间。
不过，随着科技发展，这种卡片逐渐暴露出技术漏洞，让用户成为窃贼和骗子的“待宰羔羊”。
不少射频卡用户为方便起见，小额付款通常不设密码。通常，用户用该卡一次性支付20英镑或以下的货款，就不需要输入密码。
然而，这种方便和快捷也让小偷们钻了空子，他们可以很容易地窃取到卡片上的数据，消费完成后再修改购物记录，而这个过程持卡人根本不知道。
不过，目前，这种新科技对小偷和骗子来说不太稳定。他们只能在一张卡片上最高消费100英镑，因为银行规定，一天消费5次以上需要输入密码。

30英镑上网买窃取软件
英国媒体邀请安全专家进行了一个模拟实验，让记者亲自见证一个触屏手机窃取卡片信息的全过程。相关软件可以从网上很容易买到，只需要30英镑，自己稍加改良就可以应用。
在模拟实验中，只要简单地将手机接近钱包，记者就可以在两秒钟内下载卡片信息。这表明窃贼完全可以利用人多的场合，与持卡者擦身而过偷取卡片信息，而这丝毫不会引起持卡者的注意。直到他们查阅自己的银行账单，或者收到银行方面的书面声明时，才会发现账户的问题。
让人头疼的是，窃取的账户信息还可用在网购上。在亚马逊网站上，窃贼不需要输入安全密码就可以买到大部分的商品。
英国纽卡斯尔大学的专家马丁·艾玛斯说：“我们能够用手机读取持卡者的姓名、16位卡号、卡片有效期等。有时，我们还能查到近10次的交易记录，而这经常是银行的安全问题。”
艾玛斯补充说，大概有3000万张银行卡存在被手机窃取信息的风险。他说：“我们的调查显示，非接触式银行卡存在一定的技术缺陷，我们希望银行能在窃贼大规模行盗之前，修复这些缺陷。”
剑桥大学安全工程教授罗斯·安德森也担心非接触式系统会给窃贼带来福利。他说：“用改良过的手机，银行账户信息能够在几秒钟内就被他人窃取，小偷完全可以用这些信息应付银行的安全提问。”

刷卡要有更安全措施
据了解，英国主要的非接触式银行卡由巴莱克银行发行，大概有1930万用户。
英国巴克莱银行去年4月开始发售“更安全”新卡。不过，巴克莱银行只对破损卡或到期卡补换新卡，但并不能防止被手机窃取信息的风险。
对于银行卡被窃取的风险，巴莱克银行说，持卡人的姓名是能够从芯片上获得的唯一信息，也认为刷卡时要有更为严格的安全措施。
目前许多银行准备发行集成的RFID芯片借记卡和信用卡，代替非接触式IC卡。


Smartphones Easily Skim Credit Card Information: CBC Investigation
CBC， Posted: 04/24/2013
Smartphones Steal Credit Card Data
Credit Card Security, Digital Privacy, Smartphone Security, Smartphones, Smartphones Steal Credit Card Data, Smartphones Steal Personal Info, Canada Business News

A technology designed to make it easier to pay with your credit card may be putting Canadians at risk of fraud and identity theft, say security experts.
Many new credit and debit cards come with chips that allow customers to tap the card to make a purchase. The chips are read by payment machines, used in many retail outlets from Tim Hortons to high-end computer shops, and are supposed to be a safe and convenient way to pay for goods.

But the chips can also be read with a device millions of Canadians carry with them every day: a smartphone.
Using a Samsung Galaxy S3 -- one of the most popular smartphones available in Canada -- and a free app downloaded from the Google Play store, CBC News was able to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a credit or debit card.
The information could be read through wallets, pockets and purses.
The apps use the near field communication (NFC) antenna built into the Galaxy phone, and a feature available on many phones running Google's Android operating system. The antenna is normally used to allow two phones to talk to each other.
Michael Legary said his company, Seccuris Inc., has investigated cases where phones paired with these apps were used to commit credit card fraud, and the information read can be used to buy "anything from a $1.50 drink from a drink machine to a $4,000 to $5,000 laptop."

Legary said the function has become a tool for organized crime in Europe.
"They don't even need to talk to you or touch you, they can get information about who you are. That may make you more of a target for certain types of crime," he said.
Although the NFC antennas in current smartphones need to be very close to a card in order to work -- no farther than 10 cm -- that could change with the next generation of Android smartphones.
Legary said the Samsung Galaxy S4, set to go on sale this spring, might have a much more capable NFC antenna, which could not only read credit cards from a greater distance, but could also be able to read the chips embedded in enhanced drivers licenses and passports.

Privacy experts concerned
According to Brian Bowman, a partner with Pitblado Law in Winnipeg, the ease with which an everyday cell phone can be turned into a credit card skimmer is "impressive from a technology, and scary from a privacy, perspective."
"The fact that you can gather those different numbers and pieces of identifiers definitely is something that Canadians need to know, that the risk is there," said Bowman.
Bowman also said he expects the cell phone manufacturers, app developers and card issuers are going to have to "step up and find ways to combat [this] risk."

Credit card companies react
Officials with Visa and MasterCard told CBC News they were confident in the security their cards provided, but would cover a customer's losses should someone steal a cardholder's information.
"Multiple layers of security and advanced fraud detection technologies that protect every Visa transaction have helped keep Visa's global fraud rates near historic lows," Visa Canada said in an emailed statement.
"In fact, there have been no reports of fraud perpetrated by reading Visa payWave cards as shown by [CBC]."
MasterCard said it has a similar protection for customers.
Though it's rare that a fraudulent transaction would take place, in the event that unauthorized use of your MasterCard card occurs with fraudulent cards or devices, MasterCard cardholders are protected by MasterCard's Zero Liability Policy, which means they are not held liable for unauthorized transactions," the company stated in an email.

Neither MasterCard nor Visa would agree to an interview.
Google did not comment on the apps used by CBC in its investigation, but said in an email it would remove any app that violated Google's developer distribution agreement or content policies.
However, the apps tested by CBC were still available following Google's comments.


Future of Credit Cards: Credit Cards on the Brink of Becoming Even More Convenient
http://www.creditdonkey.com/future.html
Technology advances have prepped credit cards for easier use and tighter security. It’s now up to consumers to make the changes widespread.
It’s now possible to make a credit card purchase without ever taking the card out of your wallet. If you didn’t know that, then you’re not alone, which is why CreditDonkey put together this infographic introducing consumers to the next generation of “smart cards.”
Millions of credit cards are already equipped with radio frequency identification (RFID) chips and smartphones with NFC, but many cardholders don’t know it. NFC technology lets people charge the cards without physically swiping them or even pulling them out of their pockets. However, until consumers learn more about NFC, RFID and other advances in this industry and realize the benefits, merchants are unlikely to promote the changes.
While traditional credit cards work by storing user information on a magnetic stripe, RFID (which comes standard on most new cards) stores information about the card and its owner in a small microchip.
NFC chips can transmit information when placed a few inches of an external reader. Because some modern smartphones are equipped with passive NFC chips, the phones can be used as mobile credit cards.
The Future of Credit Cards puts the critical information about the advances of credit card technology in one place. The observations include:
* How many NFC-equipped phones and NFC point-of-sale terminals were sold in 2011.
* The percentage of American smartphone owners who are willing to use their phones as mobile wallets (hint: it’s in the majority).
* The projected increase of mobile payment transactions by 2015.


手機防盜再升級　內建APP
百貨賣場怕小偷，民眾更怕第3隻手摸走錢包，沒辦法用雙眼緊盯著錢包的時候，就得靠著隱形保全幫忙，從復古的藏錢腰帶，到對抗隱形小偷「電子竊賊」盜錄信用卡號，甚至到保密文件，商機相當驚人，光是賣到歐洲的保密膠帶，一年商機就超過台幣1億元。
TVBS記者游皓婷：「解除手機防竊APP必須要輸入密碼，像這樣的一個程式已經被下載超過10萬次，下載它的人就是不想手機不小心被摸走。」
誰想偷手機，APP程式啟動警報要抓偷手機的賊，刀片割破背包外層，小偷會碰上內層的「鐵布衫」合金鋼網保護，背包雖然破了，裡面的小錢包掉不下來，但最大缺點是不能防搶，萬一碰上搶匪或許得靠這一條藏錢腰帶，設計概念來自古代的腰間盤纏，事實上，電子竊賊不用伸手也能偷。

防偷包業者Kay：「(電子竊賊)歐洲跟美國最多，電子竊賊現在很厲害，他只要帶一台筆電。」
分析原理，電子小偷距離被害人少於3公尺，會利用感應技術盜錄晶片信用卡的頻率，事後複製卡片盜刷，把信用卡放在有RFID射頻識別技術的特製包款，架起屏障擋住看不見的第三隻手。
別想偷偷動手腳，一撕開會出現英文字「打開作廢」，這種保密膠帶改款變貼紙，一張成本1到3塊錢不等，拖吊業者用它來釐清責任。
曾經一次買走200萬片，國籍航空一年下單超過250萬片，貼在免稅品推車的門縫，確保清點數量沒有少，特殊印刷的貼紙、膠帶變成隱形保全，避免高價商品在運送過程中被掉包，不讓機密文件被有心人打開偷看。
保密膠帶業者袁膺傑：「我們評估這個(歐盟)市場大概可以到達1億以上的商機。」

要擋住第三隻手，又不能全程用雙眼盯著，防偷、保密的需求大，業者樂賺防竊財。