Gizmodo 
Enter your username and password.
-
posts about #smartswipe more → 
SmartSwipe USB Credit Card Reader Comes To US Shopaholics
Tip your editors:
Editorial Director:
Brian Lam | | Twitter
Editor:
Jason Chen
| AIM | Twitter
Features Editor:
Wilson Rothman
| Twitter
Senior Contributing Editors:
Jesus Diaz
| AIM | Twitter
Mark Wilson, Reviews
| AIM | Twitter
Contributing Editors:
Matt Buchanan
| AIM | Twitter
Adam Frucci
| Twitter
Sean Fallon
| Twitter
Jack Loftus
| Twitter
John Herrman
| Twitter
Dan Nosowitz
Chris Mascari
Danny Allen
| Twitter
Rosa Golijan
| Twitter
Chris Jacob
Columnist:
Brendan I. Koerner
Interns:
Don Nguyen
Kyle VanHemert
Comment Account Questions:
| posts about #smartswipe more → |
SmartSwipe USB Credit Card Reader Comes To US Shopaholics |
Original material is licensed under a Creative Commons License permitting non-commercial sharing with attribution.
07/14/09
You go back to the site, type in the new credit card number and voila. Secure.
Sadly, Amex discontinued this system.
When all credit and debit cards are chipped, we can use smartcard readers for this and they're VERY cheap (<$20) and far, far more secure than magstripe. But really, the only truely secure system is the one-time credit card number approach because it assumes failure and has a built-in mechanism to limit liability.
BTW, when Verified by Visa came in, they tried to pull a truely horrible fast one on people. The system is a simple PIN verification for web purchases, but they argued that it was SO secure that if any fraud happened, it must be your fault (ie: you gave out your PIN) and so as part of the agreement, you waived your right to challenge purchases.
Thing is, apparently it never occured to them that you can pull a very nice man-in-the-middle and/or a social reroute trick to get the PIN. You put up a fake Verified by Visa display, harvest the PIN and away you go. You still have to enter the credit card number and VVC, so they now have everything to 'be' you.
They finally gave in on this and withdrew the waver.
If Verfied by Visa actually used a chipped card, then it would be (fairly) secure.
Paypal now has a trick that's almost as good. Before you can use it, you have to validate yourself either with a SecureID token or.. and I think this is brilliant.. by having them SMS a 6 digit one time password to your phone. To break this, the crook needs to either hack your IMEI, or intercept an SMS message, or have your phone AND your Paypal password.
It's brilliantly simple.
07/14/09
This is no more or no less dangerous than letting an complete stranger who has a pen and paper in his apron take your credit card to another room for an indeterminate amount of time.
07/14/09
07/14/09
I mean, they could copy my info, wipe the magstrip with their halitosis, AND give me the bacon flu all in one go.
What was I thinking?
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
07/14/09
I mean they claim that it leaves no trace, but obviously the data has to be transmited somehow and that's where the 'hackers' will be looking.
07/14/09
07/14/09
1) How does the online store read the credit card information if it's been encrypted, scrambled, and coded?
2) Why is it so damned expensive? (For $30.00, I might consider it.)
3) If I'm that nervous about entering my credit card information online, how the hell am I supposed to purchase the SmartSwipe online in the first place?
07/14/09
I'd also be worried someone can spoof my credit card information. Some way some how I feel there could be a flaw using this method.
07/14/09
07/14/09
07/14/09
07/14/09
"Are you interested in purchasing a SmartSwipe? If so, the SmartSwipe Online Shop may be for you. Before you place an order, please familiarize yourself with some of the risks inherrent in online shopping. The SmartSwipe was invented to protect you from these very real, very dangerous threats."
Which is an odd mixed message. Buy our product! Don't buy our product, it's too dangerous!
07/14/09
I think I'm convinced. The SmartSwipe is simply too dangerous for me to purchase at this time.