Paying Double through the Magic Of NFC (and lifehacking: kill your wifi)

More reasons to pay cash: customers at Marks & Spencer in the UK have been experiencing “payment errors” where the system charges the wrong card in their wallet when they try to pay with a regular chip-and-PIN card. How? They have a card that’s capable of paying via inductive communication with the reader, or NFC.

Bad enough that picking the pocket of someone walking down the street with NFC-equipped cards is as simple as standing next to them for a second. Now stores are doing the pocket-picking by mistake…

To put a somewhat finer point on it: This technology is — in most implementations — barely secure enough for package tracking. Why the fuck are people using it to handle money?

Lifehacking: Kill your wifi, or at the very least keep it away from your crotch. Wired laptop connections for the win. Slashdot has a good summary of a study done by some Danish 9th graders (no kidding) which did a very good job of demonstrating growth inhibition in garden cress as a result of proximity to a Wifi router.

Further comments suggest this research has been successfully replicated in very well controlled professional growing facilities, if only by accident. The Danish study’s design was also pretty good, especially for the kids’ age: they controlled for every variable bar moving the router room to room.

“Some Marks and Spencer customers have told the BBC of cases where the chain’s contactless payment terminals have taken money from cards other than the ones intended for payment.[…]

The system uses something called Near Field Communication to identify a card and take payment.[…]Paula, from London, ended up paying for the same items twice.

Like Rosemary, she put her NatWest card into the chip-and-pin terminal but had her HSBC contactless card she was holding in her purse in her other hand debited instead, before she could enter her PIN.[…]

She did not realise that she had a contactless card, and so then paid for the same items by entering the PIN for her regular debit card.

It was only a month later when she looked at her bank statement that she realised that her HSBC card was contactless, and that she had paid twice.[…]

Martin Emms is a researcher into new payment formats at Newcastle University’s Centre for Cybercrime and Computer Security.

He also found his contactless card was debited when he placed it a few centimetres to the side of the reader from inside his wallet when he intended to pay with a normal debit card.

“If you’re placing your card to the side of the reader your intention isn’t to pay,” he said. “The terminal is working within the specification of Near Field Communication but not within the intent.””

%d bloggers like this: