credit card : Java Glossary

The Java Commerce API (Application Programming Interface) is still vaporware.

Credit Cards Are Obsolete

Mag stripe cards have as much security as a pile of signed blank cheques. The new RFI (Radio Frequency Interface) credit cards have even less. Somebody should sue the credit card companies for this gross negligence. If you give your credit card over the phone or over the Internet to a merchant, he, his crooked employees or anyone snooping electronically, can use that number to makes as many purchases as he wants over the net. He has your number and your expiry date. If you hand your card to a merchant, he can easily record the information on the card for later illicit use. If you have a RFI credit card, a thief can steal the information on all the cards is your wallet simply by walking within 3.05 metres (10 ft) of you in a shopping mall. Your card willingly divulges this information, without your permission, on being given a tiny prod of radio waves from a device. The technology for secure commerce has been known for half a century. The credit card companies refuse to use it, presumably because they can usually stick their customers (vendors and purchasers) with most of the costs of the thefts.

Credit cards are obsolete. They are absolutely preposterous when it comes to security. Giving someone your credit card number is even more foolhardy that giving them a stack of signed blank cheques. Why?

1. They can withdraw any amount they please on your credit card account, just like a blank cheque.
2. they can withdraw even more money than you have, up to your credit limit, more than they can with a blank cheque.
3. They don’t need to show any id to collect the money. At least with a blank cheque, they must show id to cash it. They can go shopping anonymously on the Internet or by phone with nothing more than your credit card number.
4. They can withdraw money again and again in the future. A blank cheque can be cashed only once.
5. The card number can be used as stage one of an identity theft. A blank cheque is not a form of identification.

Alternatives to Credit Cards

Credit cards are an anachronism from the days when people used to leave their doors unlocked. What are your alternatives?

• For brick and mortar shopping, use a debit card. It is protected by a secret PIN (Personal Identification Number) and the worst than can happen is your account can be cleaned out.
• PayPal. You have to trust PayPal to take money out of your account, but you don’t have to trust merchants. You decide the amount. They can’t change the amount or repeat the transaction.
• Smart cards. These are popular in Europe. The card has a tiny computer embedded in it that handles security.
• Snail mailed cheques, though even your bank account number is enough for a corporation to drain your account.
• One-shot credit card numbers. Amex will give you a credit card number good for only one transaction. This is a hassle to arrange.
• The other problem with credit cards is the credit card companies have the legal right to jack the interest rate up into astronomically usurious rates. It is too easy to get into debt. Just cut them up!

Smart Cards

In Canada, smart cards are being phased in over the next two years. There will also have signatures and a mag stripe for use at merchants without the new readers. The cards will not become secure until the, number, the stripe or the signature are no longer valid anywhere. This likely won’t happen for many years to come. Banks could issue smart cards without stripes, numbers and signatures that are fully secure, but I have heard no plans to do this. You would not be able to use these for Internet purchases, until someone worked out a smart card reader for desktop computers.

There is some talk of using Smart Phones to access ATM (Automated Teller Machine) machines. This is too silly for words. Smart Phones have zero security. One app can spy on and interfere with another. For the idea to work, you need a computer architecture where hardware keeps each app in its own air-tight box where it cannot interact with any other app. Such devices have been developed, but Smart Phones don’t have those features. Making such a scheme secure is a very highly skilled art. Every feature you add creates yet another opportunity to bypass security. The devices have to be kept simple.

Fees

If you use a premium credit card you will pay an annual fee of $15 to $300. You will also pay an exorbitant variable interest rate on the outstanding balance.

In addition, your retailer pays 1 to 2% of your purchase if you use a standard credit card or 3 to 4% if you use a premium card. The credit card companies insist the retailer hide that cost in the overall prices. This is dishonest because it forces people to who pay cash to subsidise those who use credit subsidise The bank extorts money from cash users who don’t use credit cards at all and gives them nothing in return. That should be illegal. Cash users don’t even have a contract with the bank.

The fees for debit cards are 100 times smaller, e.g. 0.01%. These save the banks money counting and handling cash and securely transporting it. Debit cards give you all the convenience of a credit card at a fraction of the cost.

Retailers should be allowed to unbundle credit card fees and pass them on to the consumer. Customers should pay for what they use rather than fobbing cost of their irresponsible credit card use on others with less money.

Fraud

If someone steals money with your credit or debit card or by other means and the bank finds out you shared your PIN with your spouse, they hold you responsible, even if your spouse is not the culprit!

The new chip cards are vulnerable to high tech thieves stealing your financial information without even touching your card. They can do it as they walk by in a shopping mall. Roots has designed a line of wallets lined with metal mesh to foil them. Others have created metal sleeves and metal boxes to store your credit cards.

Rant

Credit cards are so incredibly fraud-friendly it seems organised crime must have had a hand in designing them. The credit card companies make money from theft because most is not detected. Theft increases sales and increases transaction fees. In practice, customers get stuck with the lion’s share of the burden of the theft. Credit card companies thus have little incentive to reduce fraud. Making credit cards fraud-proof is not rocket science. The US military has been doing it for years with their CAC cards. The CAC (Common Access Card) acts as a:

• Forge-proof, theft-proof personal ID.
• A way to control access. It acts like an intelligent universal key that only opens authorised doors, computers, files, vehicles, equipment…
• A way to digitally sign documents in a forge-proof way.
• A way to send and receive encrypted messages.
• I don’t know if it is used this way, but it easily could be used as debit/credit card.
• I don’t know if it is used this way, but it easily could be used to buy/order materials over the Internet securely.

Implementing CAC was just a matter of applying ordinary public key encryption. The rest was mere details. The same could be done for credit cards. All you would need is one card in your wallet to replace all the cards in there now plus your passport.

Cleaning Credit and Debit Cards

Most modern credit cards have a gold plated button on them in the upper left where the card makes contact with the reader. This tends to get dirty with sweat, oil and crud from other people’s cards inside the reader. If the card stops working reliably, the best way to clean it is to use DeoxIT Red. Apply a small amount and wipe it clean with a Kleenex which leaves a one molecule thick protective layer. Oddly, this will also help clean other people’s cards who use the same readers you do.

If you don’t have any DeoxIT Red, try cleaning it with isopropanol.

If the gold plating is badly chipped, pretty much all you can do as ask your financial institution for a replacement card.