Your reasoning and logic are pretty solid, I have to say. Normally I'm worried about all things RFID because of such things as remote tracking and swiping, or someone with an RFID reader in the vicinity looking for people with such devices, but the fact that you've got zero liability helps a lot, and I think a lot of those arguments were made when credit card and paying with plastic were new things as well. I'm interested to see where this technology goes; card access is already pretty hot-I for one would be interested in giving something like this a try. By the by-how bout that stadium food? Expensive, eh? :)

The most common things lost in a taxi are not wallets. Keys are pretty high on the list. But either way if you lost your wallet/credit card or keytag Zero Liability! So the keytag has a big advantage until thieves get a hold of an rfid reader.

I have had one of these for a while now (a few months at least) and have had no problems -- except finding a place to use it. Only McD (yuk) and Duane-Reade (and apparantly Yankee Stadium) have them en masse. Also, mine is a different model: a smaller, oval-shaped fob -- just wider than a quarter. My big fear, like most I think, is loss. On the plus side though (for men at least): wallets get stolen all the time (especially here in NYC), keys... not so much.

Ever since I saw the Mastercard PayPass ads on TV I've always wanted one. A few months ago my bank (CharterOne) sent me a replacement card which had the PayPass feature. I've been loving it ever since. I'm surprised you guys have had trouble looking for PayPass support in your areas. I live in the Detroit burbs and it's everywhere. Meijer, McDonalds, CVS, and some gas station pumps to name a few.

When I heard Chase Bank was issuing Visa RFID contactless cards, I went online and got one. Works great in those locations that take it. Now if only I could just get my bank ATM and the local Car Wash to take RFID contactless???

walking by a normal reader might not get the card read, but since this is RFID, and don't RFID tags operate off the power of the signal that hits an RFID tag? wouldn't a specially built hi-powered reader threaten the security of this thing? i'm not sure, but that's my understanding to date. if that is the case -- well -- it wouldn't take much for such things to proliferate. i mean, some intrepid folks built a bluetooth "sniping rifle" after-all. http://www.tomsnetworking.com/2005/03/08/how_to_bluesniper_pt1/

How do vendors verify that the credit card is yours? A regular credit card has a signature on the back that is checked against the reciept that you sign. Also, your name is imprinted on the card, enabling vendors to match the credit card to a photo id. It sounds like neither of these verification methods are available for RFID credit cards. It will be much easier for people to use stolen (RFID) credit cards, since you don't have to prove ownership. Even though there is zero liability, it is a huge pain to go through the process of identifying fraudulant charges, contacting your CC company, and talking to a customer service rep in India in order to get your money back...

Your #2 Comment - Most stores have a CC swipe that the customer uses. I can't remember the last time I had to hand over my CC. Your #6 Comment - It took me a month of filling out & mailing forms to get Citibank to refund $91 last time I ran into fraud. It ain't easy! They just need to move onto fingerprint readers & be done with it.

We don't have these in the UK at all, but they are pretty appealing. We've recently had a big push towards "Chip and PIN" - cryptographically secured transactions using an integrated contact IC. Good idea and it's working well, but most retailers are poorly educated on the scheme. In the UK, I only hand over my card if it needs to be swiped - no UK store I've ever been in allows you to swipe your own card. @Ty: Last time I was in NYC, I only got to swipe my own card a couple of times - most retailers took it and ran it through the till themselves as they had no customer-facing swipe interface. Also: What's with the crazy idea that asking for ID for large purchases is going to prevent fraud?! Nowhere in the UK has ever done this to me but it seemed commonplace in the US. Is it just me, or would a smart theif not just knock up a fake ID to match the card? Most US retailers accepted the cheapest, crappiest ID card I had with me!

in France, we've been using "Chip and PIN" cards for 20 years now, and you can't pay anything with them unless you type a 4-digit personal passcode. Advantages: - nothing to worry if you lose your card, or if someone you know "borrows" it - no need to sign anything, ever (your written signature is much more important that most people imagine) Invonveniences: - when the passcode is used to pay for something, you lose any liability protection (which is why you must absolutely not keep the passcode in your wallet !!) - doesn't work for remote shopping (e.g. on the Internet), where the 'old' system still works

On the subway if you had 2 cards would they both be charged as you passed the turnstiles? How long do you think the zero liability will last?

yep, m's right on the money, I should think. Specialised reading hardware allowed reading of RFID ( ISO 14443) passport chips at a distance of 30 feet in these NIST tests: http://www.vastlyimportant.com/vastly/2004/10/epassport_probl.html still, there'll probably be a few years of happy use before the criminal community get working on this, and start building remote-pick-pocketing "black boxes"...

How do vendors verify that the credit card is yours? A regular credit card has a signature on the back that is checked against the reciept that you sign. Also, your name is imprinted on the card, enabling vendors to match the credit card to a photo id. --- When is the last time you saw a vendor even _looking_ at your credit card? They don't care. Check out this article about someone who took this lack of security to a delicious zenith: Zug credit card prank Now if cashiers etc actually looked at my card, then you'd have something there. But you have nothing! 2J22P8!!!!!!

I'm still waiting for vending machines to have RFID readers installed in them. Think of it, out of coins but hunger & thirst for something out of a vending machine. Wave this magic wand and your thirst & hunger are satisfied. Or, stuck in city centre with no coins to plug the parking meter, don't worry, wave your magic wand and get 30 minutes of parking. Possibly eliminating parking garage attendants, exiting a parking structure, which charges for parking, no fumbling for the wallet or purse, just wave the magic wand and the barricade is lifted, you are free to leave.

I collected 35 connections in 10 minutes in Grand Central, NYC with an Alien Tech reader/writer... Do that with a plastic cards.

At Union Square on the 14th St. side, the entrance in front of Whole Foods.

It is a good thing done by citibank. Will succceed. Thumbs up to citibank and RFID

So clearly you are all plastic addicts. The real problem for the paranoid is using plastic at all. Why would I want my bank or other financial institution to know what I buy, where and when I buy it, etc.? It's a crazy liability, even with good privacy practices on their part. Instead I carry cash in reasonable amounts. Actual physical mugging and pick-pocketing seem much less likely than somebody messing with my data. I'm also always free to buy from small vendors or whomever isn't plugged into the credit system. The only real "cash replacement" is to use one of two known cryptographic tricks that create single-use, pseudonymous keys... I don't know exactly how this works (since it's all patented and I'm not a crypto-guru) but THAT I would sign up for. Until then nothing beats cash. At least this will speed up the check-out line, though. It's plain rude to buy small amounts of groceries with a credit card, when a quick cash transaction would do. Love your Independence Day!

Maybe I'm just confused... while I love embracing new technology, I guess I fail to see the real advantage for a consumer here. 1) It's faster? So, that saves me, what 2-5 seconds? I guess that's cool, but am I so concerned with timing out my day that this is a deal breaker for me? 2) It's safer? Maybe... but the potential for abuse seems high in this scenario as well. Granted, the abuse will need to change from the current 'steal someones number', which, I suppose, is arguably better. 3) It's more convenient? I gotta be honest.. call me old fashioned when it comes to payment, but I kind of like feeling like I'm spending money when I'm spending money. Somehow, if it doesn't feel like I'm spending money, I spend a lot more. Hmm. Interesting. That couldn't possibly be why companies are so excited to move us to systems like that. No. Certainly not. Anyway, I think your points are reasonably valid, I just don't agree with the benefits being that spectacular from a consumer standpoint. But maybe everyone else thinks this cool ability to be charged for things automagically won't end up in them spending more time on hold with outsourced support in india arguing charges that you didn't make.. (and, likewise, paying extra for all of those people who argue charges they did make and get away with it) My 2 cents :-)

Man, I have to get out of the U.S. more. I think I would feel a lot better with a chip and pin arrangement. Maybe the RFID reders are cheaper to install than a keypad, but I would like some authentication in the process.

Oh and I call BS on Libertate. Our offices are just a few blocks away from Grand Central. Let me tag along on a connection-hunting trip and I will change my mind, and issue a public apology here on Gearlog, but I don't buy it.

Rude for small transactions? While someone may be able to carry cash, I'm sure they don't carry a bunch of change to pay the exact amount. So, either you dig through your pockets for exact change, or you wait while the cashier makes change, while the plastic fellow just swipes and leaves.

Wired Magazine (http://www.wired.com) ran an article slightly more than a month ago about the lack of security in using RFID as authentication. The author even had an RFID chip implanted in her arm. The article is here: http://www.wired.com/wired/archive/14.05/rfid.html All of the security concepts covered by the article apply to using RFID as an authentication mechanism for credit payments. The only thing stopping me, personally, from checking out just how much room there is to play with RFID is the equipment. I researched costs not only would I have to shell out $500+ for a basic long-range reader and RFID chips to play with, but I'd also have to write some custom software to do pretty much anything I needed that wasn't simply reading the chip (i.e. playing back the radio signal, etc). There's a lot of cost involved with RFID hacking/messing around, but now that companies are starting to use it as a symbiote to payment and money, I will personally guarantee that many more of the criminal element will start dabbling in the darker side of RFID.

Same RFID, readers in CVS and MickyDees will take either. www.americanexpress.com/expresspay Available built-in to an Amex Card OR as a key fob linked to any major credit card.

Same RFID, readers in CVS and MickyDees will take either. www.americanexpress.com/expresspay Available built-in to an Amex Card OR as a key fob linked to any major credit card.

All the techno-babble about RFID does not apply to new payments cards, because they are contactless forms of smart cards, not your average RFID tag used to track products and packages. Smart cards are very secure as already mentioned in use in France and UK. The rouge RFID reader, if it can get close enough (under 4 inches)will pick up a meaningless string of data that can not be used to create a transaction or duplicate a legitimate card or keyfob. So wave it around as much as you want. It works great - I love it.

American Express, Visa and MasterCard all have RFID cards, and Discover may as well. McD's should take all three. AmEx and MC are compatible, use the same reader SW. Visa has a different standard, so you might hit readers that take AmEx and MC but don't work for Visa, even if the merchant is intending to take the Visa RFID card. It's all in the firmware.

Actually, Amex, Visa and MC all have contactless cards that are based on the same standard, so if the merchant is signed up to accept those three brands, they only need one reader. It wouldn't be a good proposition if a merchant needed one POS per type of card! Contactless cards are very convenient and I use mine everywhere I can. I don't have to worry about which way to swipe, I don't have to sign. I was never big on cash - takes up too much space in your wallet - so this is just perfect! I just can't wait for more places to use it at!

RFID, in and of itself, is not scary. What IS scary, is the culmination of the many facets of control of the countries' citizens, and the loss of personal freedoms in the interest of 'National Security' which are happening each and every day right here in the good 'ole USA. It is widely assumed and expected now, that hypodermic RFID implants will become widespread within a few years. There will be short-lived advantages to this technology, but ultimately this will be used AGAINST us, in ways we can not even begin to imagine. Remember, governments and people have not changed. We are not living in a world which is any 'better' than the world our ancestors left us. We are moving swiftly and inexorably toward something the world has never seen before, and from which it will never recover.

Admittedly the time saving on an individual transaction is trivial - but when was the last time you were in a lineup at Starbucks, (part of my life I can do without the lineup not the caffeine), watching those ahead of you fumble with cash or even worse pull out a1 debit or credit card? Saving 5 or 10 seconds times half a dozen people can get you to your drug significantly faster. As for chip and pin - how long do those transactions take to process? I was in Malaysia recently and chip card processing seemed to take over 30 seconds - again at a Starbucks - chip cards are painfully slow - I'll take contactless.

I have something similar from Mobile Oil for my gas. It is definitely convenient. However it amazes me how people are just willing to pass off concerns for a little convenience. It would be more effective if you had a way to turn it off, and/or lock it. Perhaps if it had a fingerprint sensor so it could only be activated if your finger was on it. Seems like it would be an easy thing to do and would handle most concerns people have.

North American MasterCard cardholders are protected by zero liability for any fraudulent transaction. What are you missing? While the direct cost of fraud with your pass is not passed on to you, it is absorbed by MC and passed on to the vendors who support this service in terms of higher fees, and they in turn pass it on to every one of thier consumers. The cost of your beer, dogs and peanuts will go up to include this baseline fraud. You are paying for the criminals. What is the incentive of MC or the vendors to prevent all this?

What happens when Uncle Sam starts placing RFID readers in overpasses along the entire Interstate highway system? Then they can track you whenever and wherever you go.

Big Brother had to rely on human intelligence and human spies. Uncle Same can automate the whole process. Uncle Sam can build a profile on everybody's activities and go after any person whose travel patterns don't conform with "normal" patterns.

RFID ? contactless ? no thanks...
You can build a reader that will work from up to 30 feet away. (This has been done)

Then break the encryption (this has, and can be, done) and you are free to do whatever you wish with the data.

A criminal could just sit on the a street corner/park bench/movie theatre/subway station.. collect the RFID reponses... get them decrypted and... steal without direct contact with you.

Decryption hardware cost too much ?
Criminals could set up a decrypting lab..
A Criminal sends them the ID.... they give him the decrypted data back.... and take part of the profit of crime.

Contactless RFID cards are just plain dumb.

The increased security is only currently due to the lack of RFID cards out here. Once you see all the cards have them... then you'll see the criminals target them more.
It's like a burglar alarm... at one time it deterred theft from alarm equipped homes .. but now that everyone has them.... the criminals don't care.

It is really good. But I'm worrying abt the problem of theft.

I was part of Citi's test group for the MTA paypass project. I used the tag a few times for the subway, but not at all for purchases. In late February, I'm in Duane Reade making a small purchase, and I notice that they have a paypass reader at the register. I figure I'll give it a try. Nice and quick, and I'm out the door.
Two days later, I get a call from Citi's fraud department about 'unusual activity' Two charges of under $250 had already been approved, and a third for just under $1000 was pending, this latter charge having precipitated the fraud department's call to me. All three were for internet account items - ISP hosting, URL registry, etc. It did not take much time on google to trace a few names provided by the vendors to a 17 year old kid in Indonesia. I've wasted a lot of time sorting this matter out - affidavits, forms, changing account numbers, etc.
This past friday, I read in the Wall St. Journal that someone went into a Stop & Shop near Boston and swapped the card reader at a do-it-yourself checkout with a device that stored card numbers and PINs, while still transmitting transaction data to the bank, thereby 'hiding' behind a functional device.

Wrong. Worry. I recently got a paypass card from my bank (Citibank, or as I like to call them 'Shittybank'). And I was in NYC for new years eve (only because my sister lives there, otherwise I avoid the place like the plague. Anyway, we went to the mandatory club at midnight, no big deal. Then, when I got back home, I got a call from Citibank's fraud early warning dept. Someone was using my debit card number to buy stuff in the UK!!! I though long and hard 'HOW!'. How could they have gotten that information, including my PIN!? Then it dawned on me that the card had that dangerous paypass chip on it. That is the only explantion I can find: in the cround at that club, someone read my card by brushing up against my wallet in my pocket. How else could they get ALL my debit card info (enough to make purchases, anyway).
In any case, it was a terrible the experience, and I feel that I didnt do anything wrong. I work in IT and I am VERY consciencious about protecting myself from identity theft.
The incedent is still under investigation at Citibank , I am curious about the outcome. But one think is clear, I ordered the next card WITHOUT that damn chip.

JG

Technology is great! Visa has a similar product coming out soon as well. A lot easier than carrying a card in your wallet.

We'd love to get your opinion. We recently started a poll on the Worst / Best Credit Card Issuers. Feel free to stop by and give us your feedback. Sounds like you've got lots of experience ;)