Some weeks ago contributors to this newsgroup suggested that the contactless card technology from Barclay (PayPass) was secure as the card had to be in very close proximity to the terminal to pay for a purchase. The current TV advert shows this not to be true and a card inside a thick walled plastic tube activates a terminal that is a couple of few feet away!
I thought it worked in much the same way as an Oyster card, and that has to be much closer to the reader than a few feet to work.
You can't expect advertising creatives to understand technology or security!
However, the cards can almost certainly be accessed from much further than a standard terminal can access them from.
On the other hand, any card terminal will be detectable from much further away than it can access the card, because its need to power the card makes it obey something like the radar equation, in that the power it generates at the card distance has to be much more than that that it capable of detecting coming back from the card. Consequently, there could be a market for Mifare terminal detectors!
>At 08:41:40 on 27/10/2008, David Woolley delighted uk.finance by announcing:
Not that there'd be much point since Mifare is not used for payments. Then there's the question of what, exactly, you hope to accomplish by reading a contactless payment card in the first place.
It may well be the case that Barclays don't use Mifare technology for payments, but Mifare most definitely is used for payments, e.g. PAYG Oyster fares, or buying from drink vending machines with Octopus, in Hong Kong (I think that is Mifare).
I carefully avoided the use of the word "reading". Depending on whether the cards are stored value or pure authentication, one might try to steal value, or one might use them with previously shoulder surfed PINs. The other issue with these cards is that they have unique serial numbers, which, for Mifare, don't even use encryption, so they can be used to RFID people.
At 22:38:33 on 29/10/2008, David Woolley delighted uk.finance by announcing:
Nobody does.
It definitely isn't.
You're confusing transit (pre-pay, lower security) with payments. They're two different sectors.
Regardless of the jargon use of "payments", the only place in the advert where the transaction is performed through the tube wall is the "transit" case, going through the tube (rapid transit system) gates.
(I thought the idea with the contactless payments is that they would only be used for small transactions, of the same sort of value as the transport fares. I.e. they cover cases where it is currently easier to use cash.)
At 11:53:38 on 02/11/2008, David Woolley delighted uk.finance by announcing:
And that's the only part that uses Mifare.
Oyster (which is a low-security pre-pay transit system) uses Mifare. A Barclaycard OnePulse, for instance, uses both Mifare and EMV contactless (VISA payWave in their case) on the one card.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.