- The Washington Times - Monday, December 15, 2003

The familiar process of buying something with a credit card — handing the plastic to the clerk or swiping it yourself, then waiting for approval and signing the receipt — could be headed the way of the mechanical brass cash register.

MasterCard and American Express are testing “contactless” versions of their credit cards. The cards need only be held near a special reader for a sale to go through — though the consumer still can get a receipt.

The card companies say the system is faster and safer because the card never leaves a customer’s hand.

“In some instances, it’s faster than cash.” said Betsy Foran-Owens, a MasterCard vice president. “You’re eliminating the fumble factor.”

MasterCard has been testing its PayPass system mainly in Orlando, Fla., and promises a nationwide rollout next year, beginning at quick-service restaurants and other places where people tend to be in a hurry.

American Express has conducted pilot runs of its ExpressPay service in the Phoenix area, though the company expanded it to New York ferry terminals on the Hudson River.

The new credit cards work much like the Speedpass system that Exxon Mobil has accepted for quick payments at its gas stations since 1997. But the key chain fobs carried by Speedpass’ 6 million users are good only at Exxon Mobil stations and a handful of other retail outlets.

In contrast, credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers. The card companies have worked out technical standards that would let one reader handle multiple brands of contactless cards.

Still, you probably will leave home without one of the new cards for a while. Forrester Research senior analyst Penny Gillespie predicts it will take a few years for contactless cards to go mainstream.

Visa USA has developed contactless capabilities but is holding off because “consumers seem to be content using the cards they have in their wallet,” company spokeswoman Camille Lepre said.

The new cards have chips imbued with radio-frequency identification, or RFID, the technology that Wal-Mart, the military and other institutions hope to begin using soon to track inventory precisely.

While an old-fashioned credit card stores account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

American Express’ ExpressPay uses a key chain fob, like the ones used by Exxon Mobil Speedpass and similar to the tags in supermarket discount programs.

“I like that it’s on your key chain and it’s fast to use,” said Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about six months at a CVS Pharmacy and fast-food restaurants. “I charge everything anyways. Now I wave it rather than get my card out. It’s more convenient.”

MasterCard’s PayPass comes on a regular-size card that also has a magnetic stripe for swiping if need be. MasterCard also has done tests in Dallas with Nokia Corp. in which the RFID chip is embedded in the plastic casing of a cell phone.

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader’s electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader.

The transaction then proceeds through the credit-card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer’s knowledge by a technologically savvy thief intent on cloning a card. That’s because RFID transmissions are not encrypted.

However, the thief would have to get quite close to the target or have a very sensitive reader.

Also, the account number on the contactless cards is useful only in the RFID system — it’s not the same as a user’s credit card number. A crook thus would not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

There would be other hurdles.

American Express makes the RFID reader verify the card’s authenticity with a “challenge-response” exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against “brute force” attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.


Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide