Twitter creator develops ridiculous insecure stupid device…
Apparently the creator of Twitter has developed a mobile credit card solution that will be given away for free...
Ok... First let's go through the problems with this...
I'll start with security, because that's what I like. We've seen the multitude of Twitter failings in this area over the past 3 years of it's operation. Would I trust the same guy that developed Twitter with developing something that was going to read my credit card??? Fuck no...
Another problem, which leads back to security, the whole "given away for free" thing. Anything that is given away for free is usually of low quality. Take for example company pens, they're most often of very low quality, they're going to be given away for free and have very little direct impact on the business so why give a damn. I feel that this device will not have the budget it deserves and will end up being horrendously insecure.
Now my problems with the actual idea. Something that reads my credit card, ON SOMEONE ELSES PHONE... This person could have ANYTHING on the phone. It could have been hacked, they could be being malicious and attempting to steal card data. At least with the current POS terminals I have some re-assurance that the firmware isn't emailing all my card data to some Russian who's going to go out and enjoy some nice Vodka on me tonight. Of course ultimately it'll be on the bank but that's another story.
Recent history is shown that smartphones are all the rage for hackers these days and that they're fast becoming the target of all types of nasties. This just gives more incentive to an already developing field. Props to you for the idea of having a device that reads a card and sends the data over the microphone port of a smartphone to ultimately be decoded by software but WHAT THE HELL... A smartphone is probably one of the most UNTRUSTED end-points ever... I'd prefer to trust my computers back in Wangaratta that my siblings have filled with malware than trust some random coffee shop owners smart phone with my card data.
And it's blatantly obvious that this doesn't support smart card tech. Which annoys the hell out of me. Why are we still developing end solutions for mag stripes??? Mag stripes in access control went out the window ages ago, why the hell are we still using it for processing payment data.
This device is useless.
Merchants already have access to terminals that work over 3G/GPRS data networks and something like credit cards should never be processed through someones personal smartphone that they just installed the lovely furry kitty screensaver on that is just waiting for something nice and juicy like a credit card to pass through the system.
I'm sorry but Jack Dorsey, do us all a favor, and stick to micro blogging... And stay the hell away from my credit cards...
SOURCE : http://edition.cnn.com/2009/TECH/ptech/12/09/twitter.dorsey.credit.card/
I Support NoCleanFeed
Recent Posts
- Allow Non-Administrators to edit Power Settings in Windows XP
- An Open Letter to the Swinburne Student Union
- Why I See Little Point In Operation Unite…
- Twitter creator develops ridiculous insecure stupid device…
- Why I don’t like the new fire ratings…
Stubbers101 on Twitter
- stubbers101: @riskybusiness You'd think they'd be jumping at a chance to accept responsibility though... Nobody seems to be interested...
- stubbers101: Large number of Zeus C&C servers knocked offline... http://www.abuse.ch/?p=2417 @riskybusiness
- stubbers101: RT @NewtonMark: It's spooky how easily @KevinRuddPM's internet rhetoric can be picked up by the Chinese government. http://is.gd/aahzv # ...
- stubbers101: @sunriseon7 Media respecting privacy doesn't come into it with Bingle and her publicist pushing the story. She's lost all right to complain
December 10th, 2009 - 13:20
I definitely agree with you, you have a lot of good points
December 28th, 2009 - 20:23
Have you ever been anywhere near a merchant account?
The credit card reader is a “free prize”. The money is being made through fees. The manufacturing costs are minimal and by providing the device for free, they allow merchant to recoup costs much quicker.
The machines provided by banks and other institutions that you’re familiar with are expensive, with some of them costing hundreds of dollars a month and requiring additional fees in the form of another land line or 3G/GPRS subscription.
As for security… You think Dorsey or Square have any say in whats required for security? The PCI requirements for security are almost Nazi-like and I don’t think anyone with such big publicity would risk failing an audit.
I think those were the major points and there’s little point going over the others.
My background, by the way, is in online business consulting for a Big Four auditor.
December 28th, 2009 - 20:47
I have. While never having had a merchant account I have costed one before.
As for the expenses it’s a cost the merchant should pass on. The device in question is one aimed at businesses attempting to operate on low margins and is really not a good idea.
As for PCI the standards should only be used as a guide and getting details from a PCI compliant system is still more than possible. They also may argue PCI cannot be applied outside of their internal system, drawing a line at their network and NOT the phone.
Making credit card transactions on a smartphone in such a way is extremely risky and should not be attempted. It’s a nice idea but there are grave issues.
Thanks for reading the blog.