OT - credit card upgrade question

Page 6 of 7  
On 4/9/2015 10:18 PM, snipped-for-privacy@snyder.on.ca wrote:

I've used my U.S. bank issued EMV (so called "pin and chip") credit cards throughout Europe for more than 2 years. A PIN number was issued automatically with the cards (to make them compatible with use in ATM machines) but I've never been asked for my PIN by a restaurant or shop keeper. I've always been asked for my signature. For smaller transactions, such as purchasing fares in the London underground, or the Paris metro, the card was accepted by the vending machine without either a PIN request or a signature request. In fact, I purchased train tickets costing more than 100 pounds sterling from vending machines in the U.K. without needing pin or signature.
The only time I was every asked for my PIN at a restaurant was prior to having a chip enabled credit card, when after swiping the card, the waiter wanted me to enter the PIN. I declined because my bank told me that if I used my PIN with a point of sale transaction, it would be treated as a loan (as if it were an ATM transaction) and subject to daily interest charges until the balance was paid.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Most banks will be issuing new EMV cards between now and October regardless of the current non-EMV card expiration date.

Yes, it is. When Walmart turned on their EMV card readers last year, they started by honoring the mag stripe flag for those cards that were EMV and rejected use of the EMV card mag stripe. Because people were not familiar with how an EMV card worked, they temporarily changed their terminals to allow either mag strip or EMV. Come October, that dual use will no longer be permitted by Walmart or any other retailer. If anyone could bypass the EMV protection by damaging the chip in an attempt to force use of the mag stripe, what would the point be of switching to EMV?

EMV cards can be programmed for multiple verification types (Online PIN, Offline PIN, Signature or None - None being used for low value transactions like a fast food restuarant.) Some card issuers will not issue a PIN right away, but the card can be reprogrammed remotely at a later date. Other issuers will issue a PIN, but still leave the card programmed to prefer signature.
Because US card users are so used to thinking PIN = Debit, Signature = Credit, most US card issuers have decided to initially program EMV cards as Signature. The only change to the user experience is that the card gets placed in a slot instead of swiped.
Once people in the US are familiar with how PIN based verification for credit cards work, the cards will be reprogrammed to prefer PIN.

You are confusing EMV ("Chip") cards with RFID ("Radio") cards. They are not the same thing. Most RFID cards are also chip cards, but very few chip cards are RFID.

The RFID chip in RFID cards can only be ready from a few inches away. It's the same chip and technology found in millions of employee badges around the world. If there was a problem with remote survelliance of RFID card holders, you would have heard about it already.
But as I said - very few EMV cards have the RFID feature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| The RFID chip in RFID cards can only be ready from a few inches away. It's the | same chip and technology found in millions of employee badges around the world. | If there was a problem with remote survelliance of RFID card holders, you would | have heard about it already. |
I'm incredulous that you could think that. First, you're contradicting your own point. Isn't the purpose of employee ID badges to track movements of employees and perhaps act as a security device? Having a chip read in proximity to a reader is exactly what we don't want.
Did you ever see the map of the journalist who discovered his iPhone was keeping a record of all of his movements? Did you hear the one about the man who only discovered his teenage daughter was pregnant because Target started mailing coupons for baby gear? (Target had guessed she was pregnant based on her purchases.) How about the issue of cellphones being used to track people in malls? Why not EMV chips and RFID chips?
I'm very concerned about privacy issues, yet even for me it's difficult to imagine what problems there could be. Increasingly, vast data is being combined with vast analytical capability. It's not farfetched that you might one day drive past a CVS and see an ad on your dashboard for a prescription drug sale, on all the drugs you and your family take, because CVS has a new, improved RFID chip reader and they picked up 3 RFID tags in your car, two of which are from Walgreen's (packaging from the shaver and clock you bought awhile back), and all of which identify you via your shopping history.
If you shop at CVS you're already being sold out:
http://www.theatlanticwire.com/technology/2012/09/facebook-tracking-you-drug-store-now-too/57183/
http://www.bloomberg.com/news/articles/2011-03-09/cvs-accused-in-suit-of-using-customers-pharmacy-data-for-drug-companies
In this theoretical scenario the additional RFID reading of debris in your car allows all of the dots to be connected, and your daughter now starts seeing CVS ads for her birth control pills on her Facebook page. This is not at all farfetched. (See the links above.) But it is very difficult to grasp the extensiveness of the growing data linkage.
I'm often surprised by the news that comes out. It's so Orwellian that we just don't expect it. And in general we *don't* hear about them. That's been a big complaint with intrusions into commercial databases. The companies don't want to go public because everyone wants to pretend that credit cards are secure.
I think it's safe to say that if there are problems then the odds are I *will not* hear about it.
| But as I said - very few EMV cards have the RFID feature.
But both can be read without direct contact, right? So what does it matter in prctice?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/10/2015 9:01 AM, Mayayana wrote:

Actually, my face book page has been showing me ads for business cards printed online and shipped. Since I looked online a couple days ago. Not sure how FB found out.
- . Christopher A. Young learn more about Jesus . www.lds.org . .
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Actually, my face book page has been showing | me ads for business cards printed online and | shipped. Since I looked online a couple days | ago. Not sure how FB found out. |
If you don't make a specific effort to block them then Facebook will be setting a "1st party" cookie on most websites you visit. Their button appears to be an image, but the image is loaded in an iframe, which is an HTML method for embedding one webpage within another. So you actually visit Facebook with most sites you visit. Google/Doubleclick and other mega-advertisers do the same thing.
On any given webpage, if you forced borders and scrollbars to be visible, you'd probably see about a dozen mini-browser windows, give or take, with images or ads in each. Each of those is a webpage that can set a 1st-party cookie and run script because you've been tricked into visiting their site.
Due to that design, iframes are also one of the biggest security risks online, allowing a technique known as cross-site scripting to enable attacks from domains you've never heard of but have inadvertently visited.
The design also directly undermines the original design and intention of cookies. They were designed in such a way that any given domain could have no knowledge or control of cookies in other domains. The tactics now commonly in use entirely eliminate those safety/privacy measures, so that a dozen different entities could be watching you as you move around online.
And of course that's not even counting the direct cooperation between companies. Google *is* Doubleclick, which is one of the biggest online ad companies.... And Google also sells ads directly.... And they also track most webpages via voluntary addition of google-analytics code to webpages. Then there's Facebook, Twitter, Instagram, etc. Any or all of those companies may also be buying and/or selling data with "uber dataminers" like Axciom.
All of that begins with you 1) using a for-profit corporate product to mediate your own social life [Facebook, gmail, etc] and 2) allowing total surveillance of your online activities.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I really enjoy watching my extended family grow up in various parts of the country with daily pictures and videos on social media. It certainly is a great improvement over the past when we mailed black and white photos in our letters. I'm willing to pay the advertising price for the privilege. YMMV.

Surveillance?
You're just bits in somebody's computer. Do you really think a human somewhere is following your tracks in Google's hundreds of millions accounts?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| >and 2) allowing total surveillance | >of your online activities. | | Surveillance? | | You're just bits in somebody's computer. Do you really think a human | somewhere is following your tracks in Google's hundreds of millions | accounts?
The point is they're spying on something that's none of their business. Humans can connect into that at any point they like. Companies like Google like to say that the data is "anonymized", and people like you believe them. In actuality it's an Orwellian claim. The whole point of their spying and data analysis is precisely to prevent anyone from being anonymous. The point is to know who you are, what you've done and what you're doing at all times.
I know that many people don't care about this, but it's not without cost. So I post info for the sake of those who do care.
Currently the NSA is pushing for a "front door" into web properties like Google, Microsoft, Yahoo, etc. They're trying to make the case that they should have that access. It's a blatant denial of the 4th amendment and a threat to free speech. (There's a reason that librarians traditionally won't disclose what books someone has taken out.) What the NSA wants to do is no different from asking for a key to your house and access at will to your briefcase. The only difference is that collecting "cloud" data is non-confrontational.
** The NSA is only able to make their case at all because so many people like you have accepted the TOS from companies like Google in exchange for some little convenience. ** You're helping to set a legal precedent that you don't have any right to privacy from total corporate/govt surveillance, by officially agreeing to give up privacy for a pittance.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
"Mayayana"

+1 .... Freedom ain't free
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2015 4:34 PM, Mayayana wrote:

AT&T just launched their Gigapower Fiber to the Home in my city. Unless you pay them an extra $30 per month, they are doing deep packet inspection of your data in order to be able to serve up advertising that reflects your web usage. Ad blocing and anti-tracking software won't help. VPN will stop them but that will slow service.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| AT&T just launched their Gigapower Fiber to the Home in my city. Unless | you pay them an extra $30 per month, they are doing deep packet | inspection of your data in order to be able to serve up advertising that | reflects your web usage. Ad blocing and anti-tracking software won't | help. VPN will stop them but that will slow service. |
Interesting. I hadn't heard of that. I looked it up just now. It appears to be similar to Google's cheap plans. But in the first page of links I didn't see any indication that people are concerned, or even that they know, about the terms of the deal. I wonder how that fits with the fledgeling FCC enforcement of Net Neutrality.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/10/2015 8:01 AM, Mayayana wrote:

Not the way you apparently think it does. The chip enables access to chip-secured devices, including door locks. If I want to enter my office building before or after normal business hours, I have to use my secure card to unlock the door. If I want to enter routinely-secured areas that I'm authorized to access, I have to use my card to unlock the doors. If I'm not authorized, the door won't unlock. If I want to use certain devices in the workplace that are restricted to authorized users, I have to use my card, and if I'm not authorized, again - the device will not work.
It's about controlling access, not about monitoring people's movements. If they want to do that, there are better tools available and in use right now. For instance:
Security cameras - Just about every major employer (and a good many small businesses) have security cameras in place. If they want to watch you, they've got cameras.
Computer network monitoring software - Every company that uses a computer network has software installed to track each employee's use of the network. They know what you're doing online and how much time you're spending on it.

It's what the card issuer wants. If you don't like carrying a chipped card, don't carry one. It will result in fewer options for you, but that's the price you'll pay for living on your terms. Just understand you don't get to dictate your terms to the card issuer.

Which is a different issue, and an optional service. The location service is necessary to provide you with information connected to your area. If you're looking for place to park or eat, it needs to know where you are in order to provide suggestions. If you're using a traffic app, same thing. If you don't want to make use of those conveniences, you simply disable location services.

Which again had nothing to do with chips. It is about data collection, which is what you should be primarily concerned with. Any time you pay for something by any means other than cash, your purchase is noted, and this data is collected and sold to companies that create user profiles and sell it to anyone willing to pay for it. Guess what - odds are your employer is providing your employment data to them, too - including how much sick leave and vacation you take, your pay, your job title, how long you've worked there. If they provide it for free, they get free access to the databases in exchange.

Which happens online now with cookies. Your point?
If you don't want your purchasing habits to be tracked, pay cash. That's your simple solution.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Which happens online now with cookies. Your point? |
Speak for yourself. :)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Moe DeLoughan wrote:

Certain high-tech companies use all three of those examples to track your whereabouts in their buildings. Your picture is stored on the DVR's with a timestamp when you present your card to the reader. Going to my old lab, I had to use the card 3 times (the last one got me into the lab). Once in the lab, they know when you sign off & on and group policies make the screensaver come on in 10 minutes with no activity. So if you don't log back on, they know your in the "area" where individual labs are, since you need to tag-out to leave. Even the parking garages have a gate, so if you don't come or leave within a certain time, you have to tag-in or out. Cameras at every door, every corridor, elevator, and public area.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| Certain high-tech companies use all three of those examples to track | your whereabouts in their buildings.
His arguments are not about information or logic. It's the classic ostrich argument: "I don't want to have to worry about this, so it's not true! If you claim it is then I'll shout you down."
Herbert Marcuse had a fun term he called the "toilet assumption", which underlies the feasibility of most all corporate and government surveillance today, online and off: If you can't see it, it's not there. :)
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/14/2015 7:59 AM, Mayayana wrote:

I have no idea who this person is you're referring to. It certainly isn't me. I'm simply noting that your concerns are somewhat misplaced and based in part on erroneous assumptions. Pardon me for being pedantic. I'm going to point out when your assumptions about how certain form of data collection work are incorrect, because I'm picky that way. One of the reasons I am is because it drives me fricken' batty how many people get up in arms over perceived (and usually not quite correct) privacy issues with one or two things in their lives, while airily dismissing the rest. They'd rather focus on a couple of details instead of the big picture, which is data collection and dissemination. People have to understand how it is being collected and what risks it entails before they can make any decisions as to what they're willing to share, and how, in exchange for what benefit.
I've been educating people on security and privacy issues since the mid-1990s. It is a labor of perpetual frustration, since from the individual to the organizational level, the majority of persons either cannot or will not take even rudimentary steps to protect their own or others' private information unless/until they are forced to do so. It's "too hard".
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
| > His arguments are not about information or logic. | > It's the classic ostrich argument: "I don't want to | > have to worry about this, so it's not true! If you | > claim it is then I'll shout you down." | | I have no idea who this person is you're referring to. It certainly | isn't me. I'm simply noting that your concerns are somewhat misplaced | and based in part on erroneous assumptions.
You said RFID chips are only used for access to restricted areas. They're used for all sorts of things. The same chip that identifies stolen items at a store entrance can also be used to track shoppers around the mall. The same chip that allows payment of tolls via EasyPass can be used to track personal whereabouts in general. And as G. Morgan pointed out, they can be and are used for inhouse tracking. Why wouldn't they be?
You said iPhone location tracking is necessary for GPS services. Only a single GPS reading is necessary for that. It doesn't need to be stored. Here's just one example -- there should be plenty, easy to find, online -- of *involuntary* privacy intrusions in cellphones:
http://in.reuters.com/article/2014/07/26/apple-security-spying-idINKBN0FV01Q20140726
Here's one example of the iPhone location tracking story. Apple provided no credible explanation for carefully tracking and storing data they have no possible use for.
http://www.wired.com/2011/04/apple-iphone-tracking/
You conflated proximity-read chips with EMV chips. I don't mind a better card chip to replace the strip. I'm only concerned about reading the card at a distance, which is unnecessary risk.
You ventured that my employer probably sells my personal info. I'm self-employed.
You explained that being tracked by cookies online is the same as being tracked and ID'd in public by RFID scanners. It isn't at all comparable. And I don't enable cookies. It's not inevitable that one has to be watched online by multiple entities, but it is what's happening to people like yourself who don't bother to adjust settings like those for cookies, and who think it's all not worth worrying about.
In other words, you've used a series of glib, spurious arguments to tell me I'm overreacting and that I don't have any privacy, anyway, so why worry? That's the argument used by Google in court cases. That's the argument used by the NSA in requesting "front door" access to online services. That's the classic ostrich logic used by anyone who doesn't want to deal with something. ("I've been eating snack foods for years anyway, so there's no sense worrying about my weight now.")
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

You pay taxes? You're on those safe government computers? 8-O
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I make all local purchases in cash and use a credit card only for online purchases which are not very frequent. Probably the next card they send me will have a chip and I'll definitely be looking to disable it.
--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 4/9/2015 11:14 PM, Roger Blake wrote:

And you render it useless if you ever do need it in a store. Dumb idea.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I have not used a credit card in a store in over 30 years and don't plan to start any time soon.
--
-----------------------------------------------------------------------------
Roger Blake (Change "invalid" to "com" for email. Google Groups killfiled.)
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Site Timeline

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.