Tag: Credit and Debit cards

We really are living in the future

so the other day I noted my card wouldn’t work on Amazon. Called the bank apparently the old Chinese problem occurred again. This time they expressed me a new card. But it’s funny when I spoke to the rep at the bank she mentioned their phone app. I told her I was downloading it as I spoke.

And once I had the app logged in I did something, I scanned a check in. You just scan in the front and back, put in the amount and press submit. Nice!

Now the card – they aren’t the standard magnetic cards anymore. Sure they still have that big wide mag-stripe on the back. But they have a few more interesting features. Like the chip – that once is a 21st century thing, plus the fact that you can just wave the card in front of a payment terminal. That last part gives me the screaming heebie jeebies though. But then I realize you have to be VERY close to the payment terminal for it to work. It’s essentially RFID.

But it gets better. Because I’m signed in to google it automagically linked the new card to google pay. It really has gotten very cool.

Now we’ll move onto cars. They are a FAR different beast than they were even 20+ years ago. The fact that every month I get a report on all the systems in the car via email I love. Of course I do know that the connectivity for it do that is cause for some concern. I mean a nefarious or rogue actor could have some real fun with that.

And I keep getting emails from Sirius – why on earth would I even pay $5 a month when I have spotify on my phone and the phone hooks up to the car quite nicely.

Plus we have to remember the entirety of the car is controlled by a computer these days. From electric power steering to the fact the brakes and gas pedal aren’t connected via mechanical means but via a wire. That one fascinates me. Because it also means the car is hackable.

Related – on Securing debit and credit cards

I wanted to elaborate a bit on the PIN side. Six digits would buy you approximately a million possible PINS. And the time factor of 30 seconds per PIN means one would have to run through a million (10^6) PINS in 30 seconds to use the card. You’d need to try 33,333 PINS per second. That’s not impossible but extremely difficult and beyond the reach of most people.

And it doesn’t guarantee you’ll break the PIN. It’d be better if you knew the algorithm that generated the PIN. That’s what happened to RSA recently – someone got a hold on the algorithm. But that was fixed by the changing the something you know portion from 4 characters to 8 characters. Order of magnitude more difficult to hack, or so they think.

But with all of that in mind – I’ll revise my suggestion. To make a transaction you must know be in physical possession of the card, your regular 4 to 8 character PIN, plus the six characters from the Authentication app. And it would programmaticly trivial to make it so the PIN you know could be prepended, appended or maybe in the middle of the six generated digits. It would have the effect of expanding the ‘PIN’ composite to 14 positions if we choose an 8 digit PIN. That means 100,000,000,000,000 or a hundred trillion possible PINS give or take a few hundred thousand since the known PIN will always be the same, only it’s position would change. Keep the same 30 second limit on the authentication PIN and it means they have to scan 3,333,333,333,333 or 3.3 Trillion per second. Now we’re talking.