SUPER clever idea -- kudos for that. In theory, this is awesome. As a consumer, I love it.
As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.
I don't know why the US hasn't adopted EMV. It's not perfect, but it has cut down fraud massively here in Europe.
They're very hard to clone (I won't say impossible, but attacks against EMV have not generally been of this nature) and the transaction records at both ends will tell you whether the actual, real card was there.
The liability is more clear-cut as a result. If the customer claims the charge was unauthorised, that's between the bank and the customer.
--edit-- of course with EMV cards Coin would no longer be possible or relevant. Neat product, only useful in a magnetic-stripe world, which is at least a decade behind the curve now.
Theoretically with EMV you could put all your credit-cards on one chip and the terminal will either choose a supported default or present you a list, but that would require cross-bank cooperation, never going to happen.
As a Brazilian, I think the US banks are very strange.
"Swipe" cards have been phased out years ago - you'd have to try hard to find a bank which will still issue one.
Specifically because you can no longer find ATMs which rely solely on the magstripe. Some banks have biometric fingerprint readers (where you put in your hand and it reads multiple fingerprints at the same time) in addition to the PIN code of the debit/credit card, and sometimes additional passwords.
My bank does not rely on biometrics, but in order to do any transactions, I have to enter a code generated by the bank which consists of three strings, which are prompted one at a time, displayed on screen mixed with other random and unrelated strings, so that someone peeking over my shoulder would not be able to match the button with what's on screen and finally, before the transaction is complete, the account's password. And that's with a chip.
The portable readers you can find everywhere still have magstripe readers in addition to the chip reader and will refuse to read the magnetic strip if the card contains a chip.
Those portable readers use either a 3g connection or standard dialup.
As for the physical "imprints", this is something that 30-somethings like me can barely remember.
Also related: there are no bills which can't be paid online. All banks accept them, unless specified otherwise (usually there are restriction after the expiry date). If you get a bill by mail (instead of email), you can just type the barcode. Or scan it, if you have a reader or a mobile phone with the bank's app.
The concept of getting bills by mail, and then mailing back cheques, as found in the US, is completely alien.
You hit on something though; in the U.S. there are tens of thousands of ATM machines all over. They all accept PIN numbers, and I "believe" magnetic-strip as well (not sure if they're doing fancy stuff too with built-in chips or not). It's the standard that everyone uses; debit card and credit cards alike.
To change that to support different tech, you'd have to upgrade all of the ATM machines, all of the credit cards, and all of the backend tech. That's a lot of coordination between banks/credit-card companies. On top of that you have POS systems in stores which are all magnetic-strip based as well, accepting PINs and/or signatures.
Any sort of switch would have to be phased-in over years and require a lot of buy-in. Unless retailers, banks, ATM providers, and credit card companies have a good business case to do so, they probably won't.
I'd imagine it would be easier for some other type of technology which displaces cards entirely, like phone-based payments, would eventually replace all of this. An idea like Coin augments the current "archaic" system and has the potential to take off. But outside of the U.S. it sounds like it won't work without modification.
"Everywhere" else in the world has managed - the combined population of countries that have deployed EMV / chip and pin is vastly higher than the US.
And it is coming to the US too, in some form or other: Pretty much all the major banks have committed to introduce it (though in some cases chip + signature) by mid 2015.
Right but it's not monolithic. States in the US are not meaningful borders economically speaking. So you can't just do one state at a time, or one region.
I'm not saying the US isn't behind the times, but where else has a singular rollout of tech like this been done on a US scale?
> So you can't just do one state at a time, or one region
Of course you can. Countries outside the US did it city by city, bank by bank.
In fact, the US is in the process of a gradual rollout of EMV cards now - a mix of chip+pin and chip+signature cards. The aim for when to complete the transition varies by state, bank, and type of merchants, but most aim to be complete by mid 2015.
There was no big bang switchover anywhere that has already made the transition to my knowledge.
The banks did rolling releases of chip and pin cards as people were issued new cards over a period of years before the switch was complete. When the first people got chip and pin cards there were no locations where they could use the pin.
And in the UK at least, it took a couple of years before you had to use the pin even when faced with a chip+pin terminal - you could keep opting to sign for a long time.
Doing a singular rollout of tech like this is stupid and unnecessary.
The phase-in in USA has "started" for years already - it's supposed to be finished at October 2015; and those who haven't upgraded their gear by that time will be liable for all fraudulent transactions they accept.
I think here in the UK there was a multi-year phase in. Started with the banks own ATMs, then the machines that smaller businesses loan from banks to take payments, then (when there were enough commercial offerings available) there was a sort of forced date for merchants to make the switch (or take more liability, that was the choice).
I think it took at least 5 years.
So yeah, non-trivial. And if (as it sounds like) the banks in the US have managed to offload most of their fraud problems to everyone else involved in the transaction, then there's probably little incentive.
According to Wikipedia, in the UK it took less than 2 years to go from initial trial in 2003 to liability shift in 2005.
"Chip and PIN was trialled in Northampton, England from May 2003, and as a result was rolled out nationwide in the United Kingdom in 2004 with advertisements in the press and national television touting the "Safety in Numbers" slogan. During the first stages of deployment, if a fraudulent magnetic swipe card transaction was deemed to have occurred, the retailer was refunded by the issuing bank, as was the case prior to the introduction of Chip and PIN. On January 1, 2005, the liability for such transactions was shifted to the retailer;"
Also note this bbc article[1] suggesting a Feb 2006 deadline for not accepting signatures from cards that were chip and pin enabled.
EMV cards had been distributed to customers since the late 90s.
I would guess the banks had been rolling out EMV capable ATMs well before 2003. Retail level EMV may have taken two years from trial to liability swith. Infrastructure changes would have pre-dated that by years.
I know EMV cards had been distributed to customers since the late 90s because I used to use mine for testing while I developed the software I wrote that ran several of the retailer systems in that Northampton trial :)
Canada already went through this. It started with the POS terminals, then gradually the cards were replaced with chip cards, then gradually the text on the terminal changed from "Swipe card" to "Swipe or Insert card".
From a consumer perspective, it was virtually painless. The biggest change is that credit card transactions now require a PIN (assuming a chip card and chip-enabled POS).
Much easier to do in Canada with the number of banks involved. The US would be an entirely different story.
The lack of chip card support in Coin effectively makes it a US only product at this point as most of the card-heavy countries have moved past mag swipe (or, are in the process).
Nah, just have the major banks start issuing chip cards, and then providing chip terminals to merchants. Once the terminals are in-place and work, everyone else has a strong incentive to catch up (fraud prevention) and a lower cost of entry (since they don't have to push merchants to support their new tech).
Once a quarter of cards sport chips and a quarter of machines support chips, it's just a question of issuing new chip cards when old cards come due (or get lost/stolen).
You can magstripe in much of mainland Europe still.
The Chip and Pin machines have a channel to swipe. There are very few places where you hand over a card. For example, in the train stations, the machine to swipe a card is on the same side of the glass as the customer. The agent never handles your card.
So they might be more accepting of Coin (given that they don't see that it is different) than American businesses.
This is inaccurate. Whether you are required to hand over the card or not is governed by each member state's regulation. For instnace, in Netherlands or UK you can keep your card; in Poland you might still be asked to hand it over and sometimes for your ID with it. Also, good luck trying to swipe in the Netherlands -- most merchants taped the terminals so that locals do not get confused.
In Australia, if you try to use a magnetic strip in situations where you could use the the chip (i.e. both the card and machine have chip support) it is refused, and the machine tells you to insert the chip.
It's entirely possible that Coin may still be useless outside the US if most machines will reject your card's strip.
Yeah, having fewer banks and heavier regulation definitely helps.
Also, as other people have pointed out, the US is moving to chip cards in a couple of years (2015). So this product already has a very short shelf-life.
Just finishing going through this in my province. The latest transition is that all gas pumps now suddenly require me to leave the card in. Yay for Chip and Pin!
I remember scratching my head trying to buy ticket from automated ticketing machine in Amsterdam Centraal because the machine required chipped card only and none of my US cards that I carried had one (not to mention the error was not clear enough and I was trying all my cards in different orientation).
So that's why this video was so confusing to me. It was essentially this guy sliding someones card (he claims it's his, but neither the device nor the card know, right?) and then happily paying stuff with it through his fake replica (or the high-tech version of it, the 'coin').
It seemed like a completely unusable system for it's complete lack of any security.
(Particularly if you consider there are now live payment systems that use pretty much the same audio jack serial port hack as this one does to clone cards)
What really concerns me is that these Coin people are now selling, for a trivial fee, a system for other people to clone my card. If I lived in the US where mag stripes were the norm, I would be seriously concerned about this.
Thankfully, in Canada, everything is done via chips, so even with Visa purchases my card never leaves my hand (or at least, my sight). Restaurants bring the terminal to your table, they process everyone there, and then you're done. Sending your card away feels almost archaic now (and a bit patrician, which has its appeal).
I would assume it would be like any other credit card transaction: up to the merchant to verify the account holder with an ID.
The fraud you're speaking of is not limited to this technology; anyone could find and use a credit card they found on the ground if the merchant did not verify it.
That brings up an off-topic point I've always wondered about. If apple will not make it possible for third party devices to interface with the iPhone through the normal port, why do approve apps that rely on hardware using the audio jack this way?
But they _do_ allow that. You have to pay a license fee to Apple for the connectors, programming interface etc, but even without that you can do communication using one of the established protocols like MIDI. Also, you could use Bluetooth 4.0 without any licensing at all.
So the question to why they allow it is that they're not consistently evil :)
I've seen credit card readers that act as a hull for an ipod touch and connect to the data port. (Necessary in austria because the audio trick wont work with chips)
I was thinking the same thing. A full 60% of MasterCard and Visa transaction are now paywave/paypass. That's pretty impressive uptake, and I'd imagine it will be just as quick one introduced en-mass overseas. Would love to know Coin's development path for this eventuality!
"Australia leads the world in contactless payments, which have grown from almost zero three years ago to more than 35 million transactions a month and now account for 60 per cent of all MasterCard and Visa credit card transactions, according to Westpac."
I'll let you in on a little secret - paywave/paypass etc are EMV cards. The interface is wireless and they have a shorter transaction flow. There are less (zero) customer validation techniques, final evaluation (pass/fail) takes place at the stage a 'normal' EMV transaction would decide on pass/online/fail.
As usual there are variations between implementations, but underneath it's all good-ol' EMV :)
So I doubt that these could be supported easily by Coin, it requires various keys that the banks do not allow to escape.
If Coin do manage to get talking to banks about allowing wired or wireless EMV apps to be loaded onto a customer Coin card then that would be awesome. I predict that layers of bureaucracy and brand-management will prevent this.
I wonder why the big US banks aren't on board with driving contacless NFC payments?
Commonwealth Bank, the largest bank in Australia is very soon releasing native Android NFC support and NFC style "smart tags" that you stick to the back of your iPhone.
I'm in the UK, and had a NFC "smart tag" on the phone I threw away a year ago. Never bothered getting a new tag for my new phone. Maybe when I next upgrade my phone and get one with built in NFC.
We also have the cheque/savings/credit buttons which I've not seen anywhere else in the world (besides NZ). I have my Westpac debit card set up to use cheque/credit for my personal account and savings for my joint account, but I've not met a single other person who makes use of this feature..
I don't know much about PayWave and PayPass, but this actually sounds even less secure than credit cards. And it still relies on the big two. Sounds like a step in the wrong direction.
It's not about convenience, it's about security and reliability. That's the direction we need to take.
It's less secure than chip and pin credit cards, but it does require the presence of an object that can execute the right encryption operations with the right private keys, which makes it more secure than easily cloned mag-stripe cards. Because it is less secure, there's typically a low transaction limit (in the UK 15-20 pounds).
And it is about convenience - people are willing to accept the risk for the added convenience.
Transaction limits are absolutely an important factor in limiting these kind of risks.
In Netherland, there's also one electronic payment system that does not require a PIN: the "chip knip" (chip wallet). You explicitly transfer an amount of money from your account to the chip (often about $20), and you can use that to pay. You still need to approve the payment by pressing a button on the machine, but if you lose it, you don't lose a lot.
And it probably works without a phone/internet connection, because the money is right there on the card and nothing needs to be verified on any server.
EMV where you need to input a PIN Number is simply a way for VISA/MC to push all the liability onto the customers for stolen credit cards. If a purchase is made with the credit card and PIN, then the issuing bank can simply let the liability fall on the customer, instead of the bank eating the costs, like how it's done today.
In the UK at least this is not true. The bank have to demonstrate you did not take reasonable care to protect your PIN (e.g you left it written down in your wallet).
See some of the following case studies by the FOS that support the fact that the customer is not always liable even if the PIN is used:
Merchants eat the costs where no EMV card was used.
Customers eat some costs where the bank can prove negligence, and face court if the bank can prove fraud (i.e. signed statement it wasn't you but later the CCTV footage is found. Oops)
Other than that, here in Europe, customers are protected by law from having to take on the liability. Varies by country, but basically it's a case of "you're responsible to see that nobody else gets to take my money, that's why you're a bank numbnuts"
As I Canadian I also read this with a little sadness. It's something I have always wanted ... but now someone made it just as we're close to finishing the transition to EMV.
It can actually be a bit tricky to use my company card to buy lunch at restaurants sometimes because "there's no chip".
Their FAQ says future versions of Coin will support EMV, but I'm not familiar enough with the hardware to know how difficult that is.
Would be good for those stupid loyalty/membership cards I guess, if you are good with explaining what the hell this weird card looking thing is and why it will work like the normal cards every single damn time you use it.
The EMV transaction process has "application selection" as one of its early stages, and some cards do contain multiple applications. However AFAICT this is never across banks or across schemes. So you may get a card that has (say) a Mastercard application on it for domestic use and another for foreign use.
In theory, you could slam mastercard, visa, amex, credit, debit, whatever else you want, all on the one chip. Depending on the exact card and terminal implementation a transaction would either use the default application or get an on-screen display asking you which you would like to use. But you'd have to get the banks to load the app on there as there are sensitive keys involved.
That's not exactly the same as Coin - you couldn't pre-select which card to use in which situation, and you couldn't load them yourself. I suppose in theory you could have multiple EMV chips on a card like Coin and have a circuit-switching arrangement of some sort. There would need to be a way to embed them there and that would put a limit on things...
--edit-- about the stupid loyalty card things - in Australia I noticed most of them had started working on barcodes, and people had smartphone apps that gave them a menu and displayed the right code, pretty cool.
One, you may not be able to download the card app from one card and upload it to another. My GlobalCard fu is not well honed enough to tell you what ADPU you'd need to invoke in order to try, but it goes against the goals of the product to allow this anyway.
Two, if a credit card company provides you with an EMV card, it's got a private key loaded into the card, and may have even originally been generated on the card. It is outright not allowed under any circumstance to download that private key and upload it to another chip; that would be a major hole in the scheme.
Three, not all banks use the same crypto. Even if they all agreed to a single kind of crypto operation, different EMV chips have different performance characteristics when carrying out crypto operations. If the bank can't control the actual EMV chip any more, then they cannot control elements of their payments processing (e.g. session closure within a certain time frame). This problem is the easiest to solve of these three problems.
So, unless the banks get on board with allowing their apps and their keys to be provisioned on an already existing card, or provide some kind of proxy mechanism whereby an EMV card can delegate another card to act on its behalf (and imagine the security concerns with that) then this isn't going to happen.
I don't see the benefit to the banks for doing this. You're far more likely to see paypal succeeding in turning your phone into your wallet (and they are doing it) then you are to see Visa or MC allowing you to link multiple EMV cards into one.
The technical issues are solvable (by any reasonable issuer bank), but Visa/MC simply prohibit you to put competitors together with their cards.
Want to add some loyalty cards on the same chip? Sure!
Want to combine two different MC products? Sure!
Want to have Mastercard together with Visa or some local card network that we dislike? Nope, we don't want that so we'll not allow you to issue such cards.
1) Agree, you can't get at various bits of data that must be present in order for the card to be able to do what it does. Most likely sits in private 'files' that READ DATA can't access.
2) Yup, and combined with '1' this means that you'd have to get the banks to do it
3) You'd have to get some more cross-scheme standards about the crypto capabilities sorted out. I estimate we could have all the schemes in agreement by... 2025? Or is that optimistic?
The benefit would only be to the consumer, in the same way that Coin may benefit people, however any method of doing this with EMV would present some sort of extra attack surface and that's generally Bad(TM).
1. Chip cards do make this almost completely irrelevant
2. Supporting EMV is going to be tricky, because cloning those cards is also tricky (skimmers have spent hundreds of thousands on it and haven't figured it out).
3. Most membership cards, even ones that have magnetic stripes on them, actually use the barcodes on the card. Safeway, CostCo, Shoppers, etc. all have mag stripes, but they all use the barcodes. The Coin won't help you with a single one of them.
4. If, as a cashier, someone handed me a Coin and said 'It's okay, it's a Visa', I would say 'no'. No signature, no card number, no anything. There's no difference from my perspective between a person putting their Visa onto the Coin and a person putting someone else's Visa onto the coin, and I'm not going to start accepting obviously cloned cards regardless of who's holding it.
Americans going to Europe: Remember that your credit card might not work as often in Europe. Be prepared for hearing "We only take chip & pin cards here" in shops etc.
I've had the same issue in the past which can be frustrating (though now I always travel with enough cash).
I actually called Visa about it and they told me that any vendor accepting Visa transactions is required by their contract with Visa to accept swipe transactions. She said it was there because the US was still rolling out chip and pin cards.
I keep hearing this but I spent six months in Europe and the only place that wouldn't take my swipe card was SNCF ticket kiosks. Wasn't a problem anywhere else.
It varies a lot by country. In Ireland, for instance, POS terminals deployed in the last five years or so in smaller shops typically don't have a swipe reader at all, and even where a swipe reader is available, the company may have a policy of not accepting swipe cards.
Actually, most places WILL take the old 'swipe' cards. But most cashiers and either never worked with or forgetting about swipe cards. You just have to be very verbal and upfront and let them know yours is a swipe/ swipe and sign job.
Actually, in the Netherlands, even supermarkets stopped accepting swipe cards. The machines are still physically capable of reading swipe cards, but the supermarket simply won't let you, presumably exactly because of this risk.
Note that a lot of places wouldn't accept credit cards in the first place (swipe or not), only debit cards.
Many won't take it though, because of the increased fraud risk. I agree that the majority of cases are simple misunderstanding, but that isn't always the case.
Thought that was all chip-and-signature instead of chip-and-pin.
Chip-and-sig is almost useless.
Also, I'm a stingy bastard with the fabled Unicorn Card (Zync) that's no longer offered. I think any changes would mean a forced upgrade. I'm worried about a forced upgrade when the card expires too.
There are a handful of credit unions that issue dual C&S/C&P cards. It's a little harder to get one than an ordinary card, but probably worth it if you're traveling abroad. (I got one from Andrews.)
Whether chip and sig is accepted in places around europe will probably depend on the software they have, the merchant's agreement with their acquirer, whether it's an unattended terminal and a bunch of other stuff.
Surprised to hear it's next to useless, but not really surprising that it's less useful.
I was up in Canada a few months ago, where EMV cards are ubiquitous. C&S is accepted everywhere, but merchants routinely get confused by the second receipt printing out. I've heard it's the same in Europe.
I didn't realize European automated machines would basically never accept my cards. On a subsequent trip I tried to get chip card, but neither my personal banker nor the branch manager at Wells Fargo had ever even heard of them and insisted I was confused about the problem.
Marriott Rewards Credit Card by Chase offers a Chip and Pin card. They also have a 70K sign-up bonus points going on right now. If you are new to Marriott Rewards, send me an e-mail and I can send you a referral that qualifies both of us for bonus points.
I had a really tough time with credit cards in Denmark.
I had one chip & sig card that didn't work except in like one restaurant I went to. A couple of places I could use any regular credit card though. Ended up having to go to ATMs and carry cash, which is so uncommon that people think you're a drug dealer. :D
While I don't have that Chase card, I do know very well that most BofA branded cards have far less lucrative rewards than many of their competitors. FIA has a few great cards and they're owned by BofA. But even when I became a so-called "platinum privileges" bofa customer their best card was not very attractive.
Flat 2% cashback cards are great. Rotating 5% category cards a great. Big signup bonuses are great.
I have a Chase British Air card I opened with a 100,000 mile bonus, plus a companion pass once a certain spending level was reached. Long story shorter, we opened two (one for me, one for my wife). Pooled the miles together. We have 220k miles and a companion pass. We're using this for 2 first class tickets from SFO to Europe in the spring. That is, literally, $25,000 in airfare.
Oh, and it's chip + sig :)
tl;dr Often annual fees are very worth it. And also often, an issuer will waive them in all or part.
For Debit cards payment scheme's are already joined on 1 EMV chip. The terminal configuration decides which one is used. To join issuers on 1 card I agree cross-bank cooperation will never happen.
Credit cards are divided by payment scheme's. Banks just issue cards for 1 of the scheme's eg. Mastercard or VISA, ... don't think Mastercard. In this field I don't think Mastercard will want their competitor on the same card. Even technically it's not so easy to implement for a payment processor (I work for a payment processor).
This is a total stab in the dark from a foreigner, but I though that it was only recently that US banks could be larger than a state-level entity. My entirely uneducated guess would be that with only state-level banks, none of them would have the pure muscle to push something as big as this.
Credit card fraud is generally not a problem in the US for consumers or the credit card companies, the two groups that would be in a position to adopt a new credit card technology. The merchants accept all the liability in the US credit card system, and they're at the mercy of the credit card company's policies, and the consumer's desire to use their card of choice or go somewhere else. As a consumer, I avoid cash-only businesses, and even tend to frequent ones that accept my card of choice (Discover) over those that only accept the cheaper cards (Visa/MC.) Businesses know this, and they're willing to accept credit cards so that they can earn most people's business.
I love cash-only places. You know all your money is going to the hard working people making your sandwich instead of the big four credit card corporations.
Exactly, just more for Uncle Sam. At least credit card companies are re-investing their profits to cut down fraud and try to make money transfer easier in general. Could they be doing more? Of course, but the CC corporations have done a lot of good, even for the little SMB / mom & pop shop. The transaction rates these companies charge is very low, and that's all thanks to the competition that has driven down the price over the years
That was exactly the same in Europe. Yet the bank pushed EMV hard.
And the EMV transition has been going on behind the scenes in the US for years too, so expect to start getting cards with a chip as your cards expire over the next couple of years.
No, the merchant takes reasonable liability - if they permit non-EMV transactions (in a customer-present scenario) they assume the risk.
Under law in much of Europe, the consumer is not under much risk. In the UK (for example) the credit card provider is legally a party to the debt and has a responsibility to refund the consumer on demand if the consumer is willing to state (in a legally binding way) that the transaction was not authorised by them. Debit cards are governed by different rules that amount to much the same, though the legal protections are weaker.
EU law shifts pretty much all liability away from consumer.
There's a cap of EUR 150 consumer liability for lost&stolen (physically) cards up until you notify the bank; zero liability for lost&stolen cards after the time of notification, and zero liability for any fraudulent transactions if your card isn't lost or stolen.
Only UK law (and MC/Visa rules for UK) is a bit different, but another poster describes them below.
I don't know about the US, but professional swipe-card fraud is something that the average European will typically have read about in their local newspaper by now.
The US hasn't adopted EMV because it isn't necessary. EMV was created because in Eastern Europe many businesses didn't have sufficiently reliable phone and internet connections to validate credit cards -- in the US we have no such problem.
The cost of rolling out EMV was determined to be greater than the cost credit card companies paying for the increase in fraud and chargebacks out of pocket.
Many credit card companies are starting to issue new cards which are completely flat, making it impossible to make imprint. My new CapitalOne card is an example of this. Is your company planning on refusing to do business with them?
My girlfriend's family wanted to rent bikes at Blazing Saddles in SF and the cashiers there threw a big fit when they realized her card wasn't imprintable. They wouldn't photocopy it or write the number down, they just flat-out declined the business.
Off-topic, but they should have gone to http://thebikehut.org/ : the guys are lovely, the bikes are great, and you only need to give your name and passport number (that they don't even check) before renting a bike. That's right, no deposit. I paid by cash when I brought the bike back at the end of the day. Amazing trust.
I recently used a temporary travel card at Blazing Saddles, and that wasn't imprintable but they didn't make any note of it. They may have changed their policies.
Everyone loses in this case. The card is supposed to facilitate a transaction and it failed to do so; the shop went without their money, the family went without their bikes, and all of the various financial institutions went without their cut.
Which is why the poster above is warning about this; if there will be merchants out there who won't accept it, it's pretty much DOA as you can't replace all the cards in your wallet with it.
Flat may be fine.
However, from what I've seen in the video, the Coin is not only flat but also almost totally anonymized. The cashier would not be able to verify the name against a photo ID or even take a picture of the card. This would be possible with a non-imprintable card.
Unless required by local or state law, most major credit card companies prohibit the requirement of supplementary identification to complete a transaction.
With that said, they require verification of the signature on the back of the card with the one on the receipt / screen.
In the event that the card is not signed, you are then allowed to require identification and the card must be signed by the customer before it is used.
"See ID" is also a signature if done own handed. I've seen a court decision to the effect that you can declare your signature anything you write. Important is if _you_ accept it as such later on.
@Coin twitter confirmed that the coin card actually does have a signature field on the back that you would sign, so the vendor can use that to compare with your receipt.
https://twitter.com/coin/statuses/401939329506746368
Great. That way they can just sign it themselves. That way if a merchant does signature verification, it matches! And then when your CC company comes back and says "Chargeback is in dispute. The signature matches" you'll have to explain why you didn't follow the terms of the cardmember agreement.
Now, this is all very hypothetical for many reasons, but generally it's my practice to follow cardmember agreements that I am, after all, agreeing to follow.
How would the CC company know that the signature matched? At no point will the thief-signed card ever be sighted by anyone other than the merchant, briefly. The thief is going to dispose or destroy the card when they're finished with it; your bank/issuer is never going to see it to compare.
Per the terms of the cardmember agreement that you agreed to, you are required to sign the back of the card. If you do not, you are not authorized to use the card for any transactions.
It's all very silly anyway given that online credit card transactions almost never require a signature.
Quite honestly though, once a thief has access to your card, you have other problems. If they're close enough to see it, they're likely close enough to duplicate it and leave you the card with you ever knowing.
If the signature is that concerning, then use one signature consistently for your credit card transactions that's unlike the one you use for anything else.
If you don't like that option, then you probably shouldn't be using credit cards currently offered.
These are "electronic" credit cards, they've been around for years and they are flat so not to be usable for offline processing (that's when they take an imprint, you sign it, they take the imprint to the bank and it settles in a week).
Except that you can still use just the CC#, Name, and Expiry to authorize a purchase (both online and offline). I've done this at craft shows and such with vendors that didn't have mobile CC reader/app.
Agree, SUPER clever idea. I'm wondering how this would work to make purchases _online_. I know, I know. I'd use my real card. But it strikes me as ironic that the big idea for this digital card is that I don't have to carry my 'analog' cards around. Unless I want to make a digital purchase. Then I need my analog card.
That's not how I read that tweet: just that it shows your name, signature and CVV. The video on their website appears to confirm that. Unless you've memorized your CC#s, you'll still have to pull out the real card when purchasing online... unless you can see the full photograph of the card in the mobile app. Which is still annoying, but at least better.
As an avid road fan, I've been in 47 out of 50 states (no Hawaii, Alaska or Vermont) and roadtriped around 50.000 miles, in the course of 7 years.
I've stayed in hundrends of small cities, from Ogalala, NE to Ozona, TX and Oatman, AZ, and used my credit cards for all kinds of purchases, from Kroger and CVS, to outlet stores, gas, local shops, small eateries, fast food places, restaurants etc.
It still happens. I had it happen at a gas station in the middle of nowhere Nebraska or South Dakota (where he probably didn't have internet) as well as at a gas station in a bigger town where their internet was out.
Older ones did. Newer ones tend to run over the internet. They don't tie up a phone line at either end of the connection, and the information transfer is much quicker, so in most circumstances it works better for everyone.
Yeah, it's a low-end version of a pre-authorization. If the room is already paid for in advance, and you have no extra charges, they can just shred that imprint.
Had my own car for the trips, but have used cabs for convenience in Chicago and NY. I usually pay cabs in cash though (probably because I never think of cabs as accepting cards, thinking by my country's norms).
Better to ask, have you been _outside_ America. For I presume, in most countries who adopted CCs fairly recently, the concept of 'offline transaction' is entirely foreign.
How can you prove the pictures is the card and not just 'shopped though. With an imprint there's a larger barrier, creating an embossed card, doable but a barrier nonetheless.
With credit cards, unless there was a unique image on it then you'd often be able to guess from the number what the other card details should look like.
I'd argue that shopping a believable picture of a credit card that stands up to scrutiny is a higher barrier than the imprint - which really just involves some movable letters and carbon paper...
I go weeks at a time without getting asked for identification when paying with a credit card. Most merchants will happily swipe the coin and move on with their life. Those that question it can still check ID or make a copy of the driver's license. This is a sweet product and I can't wait to dump the 7 cards in my wallet. One extra backup card, a good thing to have regardless, will take care of the occasional merchant who won't accept coin.
btw, it sounds like you should have had a lawyer handling some of those chargebacks, particularly if you had captured the driver's license info. We started using a (cost conscious) lawyer to deal with every chargeback and our win rate went way up. And by "dealing with a chargeback" I mean forwarding along our response on his letterhead.
Merchants aren't allowed by their merchant agreements to require your id in order to accept a credit card. They are supposed to check your signature. https://www.privacyrights.org/ar/Alert-FS15.htm
They are not asked to accept a credit card in the case of Coin. They are asked to accept a device that contains an unauthorised reproduction of the mag-stripe contents of a credit card.
I think you are mistaken about card rules. To protect themselves against chargebacks the merchant needs to keep a copy of the signed credit card slip, not a physical imprint of the card. That's actually better than a physical imprint (which is impossible on many cards these days anyway) because a matching signature can prove who used the card, not just that the card was physically present.
Worth looking into! Thanks. I know there's been at several cases where we specifically lost because of lack of imprint, but another thing I've learned in dealing with the credit card issuers is that, despite what we hope, there is MASSIVE inconsistency in the application of chargeback rules. Sometimes you'll lose a chargeback because the issuer just wants to be nice their cardholder (Amex is guilty of this) and they'll literally make up reasons for the loss.
We actually had Amex _negotiate_ with us over a chargeback once. I had no idea this was even possible -- they actually said "So how about we'll agree to split the loss. We'll cover half, you guys cover half." I had no idea that was even an option.
My understanding is that US banks can write a proportion of the loss off against tax, so 50/50 splits are not that unusual. But it probably depends on the circumstances.
I'm in the UK and this is not really my area, so you'd probably have a better chance of verifying that than me.
If you swiped my card AND took physical imprints, I would be really suspicious that you were storing my credit card information for future fraud. There's no reason for you to take an imprint as well as swipe, since you have the authorization code for the card present transaction, and the signature, which should be enough to fight chargebacks.
I don't understand America's love for credit cards. They're unsafe, both for users and for merchants. PIN cards are safer, and they're much clearer about where the risks and responsibilities lie. Of course modern credit cards also support PIN, but I never see them used that way.
A more convenient way of handling credit cards is a useless idea to me. What we need is a safer and more reliable way to handle transactions. Preferably one that doesn't rely on politically motivated monopolists.
I work for a merchant also... high volume low ticket. My thought is: Since most of our customer transactions (swipes) occur without any cashier involvement - how would V/MC know that the "real" card wasn't present?
My latest Visa credit card has the numbers printed onto the plastic; the numbers are not relieved/raised. How do you take a physical imprint of these types of cards?
You took the words out of my mouth. No merchants should accept this card unless they want to be liable for chargebacks. If this product is actually released I wouldn't be surprised if a clause is added to merchant agreements to explicitly disallow accepting this type of card.
Merchant agreements already disallow accepting it, since it is not a valid card - it's not issued by a valid issuer, it has no Visa/MC logo, it doesn't have the signature on it, etc - the 'Card Present' rules would say that this object is not a creditcard.
It's just like any cloned card - I can easily make a blank white card with a copy of my creditcard's magstripe, and technically it will work in a swipe POS-terminal, but any merchant is required to refuse such a card, and recommended to detain the card and me, if it's safe to do so, or call the cops.
I love the idea behind Coin but what I need is a fat wallet.
I carry 19 cards, of which 16 are essential. Some of them are not for swiping so they wouldn't benefit from Coin. The solution for me is a wallet that can hold 20 to 30 cards, but as far as I can tell there's no such thing.
Out of curiosity, what do you do that requires 16 cards on a regular basis? At some point, the limiting factor of how many cards you can carry becomes your pant pocket (or purse). My jeans wouldn't stand more than a few cards and far less than 30.
* three loyalty shopper cards for my common stores (I need the physical card because none of the apps I've tried using that scan the bar codes work with store scanners)
* a card to pay for my train rides,
* bank debit card for ATMS
* business credit card
* personal credit card
* medical insurance card (this one would be easy to just use a photo of)
* AAA card (would be easy to use photo of)
* Zip Car Card
* Bus pass card for corporate shuttle
* Airlines MVP card (likely easy to just use a photo of, I think....though I'm not sure about speedy checkin).
* Access card for corporate office.
* Drivers license
I have about 25 other cards that I keep at home, like Library, more shopper perks cards (usually because they can lookup by my email address in store), etc..
This doesn't really help my wallet situation that much.
That Lemon Wallet app looks really nice. I'm going to give it a go... I've tired some others, but didn't like them.
Also, I was a user of both Belly and Level Up for awhile. But the merchants around here have been finicky with the services and some of the shops I frequent stopped using them.
Don't know if your personal card is an Amex or not, but my Amex is a Costco Amex and doubles as my membership card.
I'm surprised your loyalty cards aren't the smaller key ring ones. I have half a dozen on my keys and barely notice them.
I leave my AAA and Airline cards at home and pull them out when I need them for trips. Could probably do the same for your Zip Car card (unless you use the service multiple times a week or something) and other rarely used cards.
Last year my medical insurance company switched to paper cards which are much thinner and easier to deal with even if they're less sturdy. Same as my car insurance.
All that being said I still walk around with about a dozen cards in my wallet, so I can definitely sympathize. But I could probably edit out 3 or 4 right now and not really miss them.
The problem is any time you edit some of them out, you realize soon after that you don't have the one you need. If I don't carry around the cards I will need every day, I am likely to forget to take the ones I need only occasionally when I do need them.
The problem is that Coin doesn't really solve this. It only encodes credit cards; most of the other cards either don't have mag stripes or require other information on the cards than just what's on the mag stripe.
Ironically, I think my AAA card could double as a AMEX. But I don't use it for that.
I do have a lot of the shopper cards available on key. But I run uber-light on my keys and shifting cards from one pocket to another doesn't really help me gain anything. Also, with the key-ring versions, I've shared them with my S.O. so we can keep all our groceries and loyalty points together so they add up faster for household items or discounted gas, etc...
The problem with leaving a card like Zip Card at home is I'm inevitably going to be somewhere that's not home and need a Zip Car.
I managed to cut down the bulk in my wallet by 3 cards by photocopying the barcode side of my loyalty cards and sticky taping them to other cards which don't need to be swiped (nfc based transport card, nfc based car share card)
Ooooh....this low-tech idea is very good. I've often wanted to create a single card (same shape and size of credit card) that I could print my essentials on so they could be scanned by a red laser scanner.
That's why the majority of them stay at home. For some reason, the grocery stores, when doing self-checkout and such, don't have email input or phone number. :(
EDIT: I should add that the main grocery store I shop at, you scan your card when you enter and are given a wand to checkout your groceries as you add them to the bag.
I have an airlines reward card, a business card, and an ATM card. I don't think there's a way to combine the airlines reward with the ATM, even though they are from the same bank.
It's pretty funny, because all of these except a couple (which I noted) are pretty necessary and no work around. It's like people commenting to this thread didn't even read what I originally wrote. Anyway, I'm adding here a list of more cards that stay at home that I occasionally use.
Also, I could elaborate more on why certain cards need to be with me, but I thought things like Costo & Zip Car were pretty obvious.
So the list of home cards:
* MTA Metro Card for when I'm in NYC.
* USA Cycling license for racing (they have an app now that I can use when I show up at races)
* Best Buy Rewards card (I know, I know....but they can look up by my email)
* Several complimentary coffee cards for Peet's coffee (Yeup, they are useless to me at home, but I got tired of carrying them around)
* Borders Reward card (ooops, looks like I haven't cleaned out my home stack in awhile)
* Amtrak rewards card (just need the number and website has this remembered)
* Local Library card (they can use my driver's license, but I can't use the self checkout, which is OK becasue the line isn't ever long and I don't use often enough)
* Library Card for the bigger city by me
* NSSA Press Credentials (only needed when attending certain sporting events - I grab this one as necessary)
* APIS Press Credentials (same as above)
* Bike Club Membership card (provides discounts at local stores, but they know me and I don't need it anymore)
* Panera card (I think I needed this at one time to access Wi-Fi or something)
* Card for my season ski tune & discount (though customized, I think they just look me up in the computer or remember my face)
* Season pass card to get into a apre-ski venue for free
* AMC Entertainment gift card (I go to the movies once/year, and everytime I forget to bring this thing)
* Safeway Card (only useful when I'm on the West Coast grocery shopping. I've since learned to use my Brother's phone number)
* EFTA racing license for mountain bike race series around here in the summer time.
* NEMBA Membership card (mountain bike related)
* Gift Card to another coffee shop
* Home Depot Gift card (exact credit card shape and size)
So, as you can see, I've optimized a good chunk out of my wallet , but it's not all the way there. Though a couple of my cards "could go" there's still about 12 or 13 essential cards I must carry with me.
I carry two government-issued ids; one driver's license; two medical ids; three credit cards, two debit cards and two coordinate cards (two-factor auth) related to three bank accounts; my mother's two debit cards and one medical id (she's elderly and I take care af all her needs); and one medical emergency info card. That's 16. Membership and discount cards are the non-essential ones.
I do have all of those cards scanned and stored in dropbox with 1password, but I don't have good 3g coverage so I carry them just in case.
I carry my fat wallet in a fanny pack. Not very elegant, but incredibly practical.
Many Americans do, indeed, keep bulging tri-fold wallets in their rear pockets. And they even drive their cars and sit at their desks with them.
Often you will spot them with a month's worth of paper receipts crammed inside so the poor wallet is about to burst.
It is just conventionally where a man's wallet goes in America--One of those things where you don't apply common sense because it's just "how it is" and you've never really thought about it.
I'm American and I never understood the back-pocket thing until I moved to the West Coast and started carrying my (bulky, remote) car key in addition to just house keys. Once you have those and a phone in your front pockets, something has to go in your back pocket.
Born and raised in Cali. I've always had keys in my right, phone in my left, wallet in back right.
I remember before I even had a cell phone myself and people in general still put their wallets in the back right, and it was cool to have a chain attached to it and hooked to your front right belt loop. I'd use my front pockets for all sorts of random crap, but I think I always had my keys in my front right. I've been really good about virtually never having lost a key in my life. I used to carry a pocket watch in my left.
Now I am faced with a pocket dilemma. I carry one phone for data and a 5s that I am using with a SIM (connected via pdanet/foxfi hotspot). So the two phones are taking up both front pockets! I'm currently either putting my keys in my jacket or in my back left pocket, which can potentially be quite uncomfortable to sit on. Would be cool if there was an easy way to flatten keys like a wallet.
I simply do not buy pants which don't come with extra pockets over the thighs. They are really hard to find, but they Solve The Problem. (I'm Brazilian, but atypical in this habit)
I have a money clip, a smart phone and keys. Phone needs to be in a front pocket so that I don't sit on it and break it. Keys need to be in my front right pocket so that they are accessible and I do not sit on them and never sit again.
Thus my billfold must go in one of my rear pockets.
For me, the money clip and keys are in the right pocket, and the smart phone goes in the left front pocket.
The keys and money clip are distinct enough that I have no problem pulling out the right thing. And the keys are not going to damage the money clip like they would damage the phone.
Same here. Phone in left. Keys, money clip, change, pocket knife and everything else in right. I try very hard to never put anything in my pocket with my phone. mostly for ease of access but also to avoid scratches.
Phone is too big to be comfortable in a pocket, so I use a horizontal belt clip, which is pretty unobtrusive, especially if you wear a jacket or loose shirts. Wallet and keys in front pockets, leaving my arse free for comfortable sitting.
lmao, so do I. I got a slimmer wallet though, no coins and not much room for junk, six cards and a note container. Made out of plastic. Lasts forever. Kinda destroys the magnetic strips on credit cards though, oops, and cards in the back aren't very accessible.
16 "essential" cards? And most/all are mag-stripe and could go on coin? I have a DL and a credit card. Everything else can be easily stored on my phone.
Answered elsewhere but the Coin is not a good idea for reasons also answered elsewhere (merchants wouldn't take it, your account could be flagged, etc).
I supported the ThinFolio, I'm hoping to have another go with minimizing my wallet utilizing low-tech photocopying/pasting of bar codes to a single card & Lemon Wallet.
I think I'll be able to get down to about 8 essentials, and hope I don't forget the others when needed.
It's paper thin, but strong enough that it hasn't fallen apart after years of use. It only has 6 pockets though, so it's not going to separate all of your cards.
Exactly. I feel like they would have been more successful going after things like rewards cards first and then after proving legitmacy and market need there, trying to take a stab at the credit card market.
Wondering if they could develop a multi-factor auth model to complement the card to make the CC company's happy.
Thinking out loud here... could you make the use of the Coin card dependent on being within range of your bluetooth enabled cell phone. If the card knows that it is being swiped (not sure if it does)... then the in-range phone could know and send a msg to the CC company with the shared secret saying "yo, it's legit". Now a thief would have to steal both the phone and the card for it to work. I'm sure there are a million holes in this, but just putting it out there.
Similar concept could work regular CC's as well. CC company comes up with "card swiper 2.0!" and deploys them to merchants. I as a consumer get some incentive from the CC company to register my device with them. When my card get's swiped at a merchant... card swiper 2.0 tries to detect my device. If it sees it, great, lower chance of fraud. If it doesn't, give me a ring to see if I'm aware that my card was used or deny the charges. Might help the triage the sheer number of transactions out there for what's fraud and what isn't.
Some POS systems ask the cashier to type in the last 4 digits of the imprinted number on the card, which wouldn't work for this. I also know of several merchants (Hertz was one, a casino was another) that actually runs a card through a scanner and records an image of both the front and back. There are several scenarios where this wouldn't work.
On the other side of it, I love the idea, and the only way to get merchants and card companies to begin changing their policies is for someone to be first through the door. This will not work for all situations at first, but if it proves popular it could easily sway these policies. Imagine some of the possibilities. Just as an example, imagine getting a pre-approved credit card offer in your email, then having the new, swipeable card instantly downloaded to this device after a few verification questions. Credit card companies that worked with Coin could gain an instant competitive advantage in the cut-throat credit card marketing business. This could also revolutionize the loyalty card business.
The display on the coin shows you the selected card, the expiration date and the last 4 digits of said card. So I believe your first point is moot, assuming the display stays active at all times or for a long enough duration that the cashier can get the last 4 digits as needed.
You're right that it displays the last four, but the whole reason why the cashier has to type in the last four digits is a check that the physical imprinted numbers on the front of the card match the data on the magnetic stripe.
Typing in the last four on the coin completely bypasses this anti fraud measure since the last four will always match on the coin because the digits it displays come directly from the magnetic stripe data.
Cool product. I want it to work, but I fear it won't be widely accepted.
That said, if they were to license the visa and mastercard logos for it, that would probably be enough to get it accepted during most transactions by cashiers who aren't savvy or don't care.
This is BS. No one takes imprints and you dont need to. I worked in the service industry for years and took a credit card from 80% of all my customers and never once took a imprint or needed to.
I have seen flat cards without numbers that would be impossible to imprint.
I can't remember the last time any merchant took an imprint of my credit card. Certainly not this year, not even on large transactions.
Given your large average ticket, it makes sense to be extra paranoid and take an imprint (mostly to avoid scammers), but certainly doesn't apply to 99% of merchants.
I don't think this would be a roadblock for them. Unless, of course, Visa/MC/Amex finds some obscure legal clause (or technical way to detect the different card) to shut them down.
I purchased one and I'll use it for all my loyalty cards which should help my wallet to be thinner - except Costco since they require you to show it! Not sure I would use it with my actual debit card but it does have the "that's cool" factor, congrats to the team I expect this to be a very successful launch!
Related...some stores have started entering the last 4 digits of the credit card into their POS. This will work even if the card is flat and is obviously used to verify that the card number encoded on the mag strip is the same as the one on the face of the card.
If this becomes more widespread coin will have problems.
For most self-swipe checkouts, it seems like this card would work well (coffee shop, grocery store, etc). But, it isn't too uncommon to have a merchant request to see the card, and some larger retailers (e.g., Lowes) have to input numbers off the front of the card, as well.
Your business is a fringe case that you admit takes "super extra precautions", which clearly doesn't represent the majority of merchants. In fact, as a consumer I can't remember the last time a merchant took an imprint of one of my cards.
Many card reading devices these days support near-field communication and will allow you to pay using your smartphone. In this case there isn't even a card. So some merchants will surely be fine with this physical card solution.
These are some very solid counter-arguments to the awesomeness of what Coin could be, and I really hope you're wrong... but you make some very solid points, with the experience to back it up.
We have already built basic precautions where Coin couldn't be used for skimming. Give us ab it more time to show how when a Coin user walks through the door, you can count on a valid user.
How do you explain the plethora of online stores, including massive and presumably legitimate ones like Amazon, which accept Visa and other major credit cards?
No, most retailers can't accept online payments (or "like an online payment") - if they want to, that's a different kind of agreement with different (higher) fees and more liability for fraudulent transactions.
If they want to book it as 'card present' transaction, then they have to follow the 'card present' guidelines - which, by coincidence, would require them to see the actual card, not just it's magstripe data in some fancy device.
knucklebusters (card imprinting machines) are not required or even recommended by processors. The tide had turned on imprinting in the majority of industries.
I think we're all missing a key point here. From reading the FAQ it appears that the application needs access to their servers. That blows my mind. Why should my mobile phone application, responsible for programming a local card via Bluetooth ever need access to the internet? Simply put - it shouldn't.
To me, this sounds like a big data play, except in this case the company is getting the user to cover the cost of acquisition. I imagine the actual cost of production on a card like this being well < $20 shipped (disclosure: I've been involved in shipping and starting up several physical products).
So now, I have something that collects and unifies data across multiple purchase vectors, sending that back to a single source. In other words, I've paid for the privilege of helping another company get the same sort of insight that mint.com was building, except that I'm also including loyalty data.
Right. Also, unless I missed something, I didn't see anything in their FAQ that states categorically that they're not storing your card information on their servers.
No, Coin, I'm not going to store all of my credit and debit cards in a single spot on the Internet.
Your app has to work without Internet, or it's a security risk.
Not only this but they're entire FAQ is vague and doesn't offer any concrete answers whatsoever. It's a half ass job.
Surprised (sort of) that this is a YC company with all the vetting, mentoring, perfecting and whatever else happens there. They have a lot of problems and a lot of holes.
Payments are HARD but this doesn't make them any easier. Quite the contrary.
I was trying to figure that out too, whether they're making money off the hardware or my data. I found their privacy policy but I am still unsure what they're going for https://onlycoin.com/privacy/
I really think hard about whether these services are really worth forking over that much of my personal data, and as cool as this product is I don't think it's worth it. If vast amounts of my personal data weren't at stake I'd pre-order for sure :(
How would you prevent mass credit card theft in this case? Couldn't an unscrupulous person, say a waiter at a restaurant, take your card, use his/her own Coin to make a copy of your card, add it to their own Coin, and then use that card at their leisure at a future date? I know, the same question was asked re: Square and the like, but the difference is that you need a Square account to steal other people's cards, and that's traceable, whereas here, you can use the stolen card easily and surreptiously with little notice. Except for the fact that using a Coin in itself is noticeable.
You can already steal credit cards really easily. When you hand your card to the waiter, there are machines that will save that number and you can write it to a blank card easily. They can also jot down your security number. This might make it marginally easier, but it is on one service and tracked.
I have a question - why is the guy in the video giving the card to waiter? What he is gonna do with it, he doesn't know the PIN number to charge it. Or in USA you can charge without PIN? Besides if he can just charge without PIN he also can just push button on the card to charge whatever account he wants, doesn't he?
That is exactly the entire problem with credit card payments, online or elsewhere. Too often it relies on just the number, just the mag strip, possibly with other information that is _right there on the card_ (like that stupud CVC). This is totally insecure, and yet everybody keeps using it.
Dutch electronic payment (online or otherwise) always relies on "something you have" + "something you know" (which is secret and not shared with anyone ever). It's not airtight, but it's a lot safer than relying just on "something that can be stolen".
I'm still constantly appalled and amazed at US/international online payments relying on something as outdated and backwards as just a string of numbers and some other public information.
Really strange. Here in Lithuania we had similar systems in some places several years ago, but everyone quickly changed to always require PIN. Even in restaurants they come with wireless card reader and you don't even let your card out of your eye sight.
Except that names aren't required to match on credit cards. For instance, my wife is an authorized user on my card. Her signature is on the back, my name is on the front. Similar situations abound for business use cards.
We seem to have stronger laws about this sort of thing in place at the moment. In the US, it seems, just swiping the magnetic stripe is still the way it's done. How quaint!
The company card I used had my name on it, as for all other cardholders; and cards with wrong gender are treated in shops as unacceptable if they notice, though in 90% cases they don't, unless if it's a large purchase and they want ID.
Card.io will scan cards and OCR them. Maybe they do something like this to ensure the name matches the registered name on the account? https://www.card.io
I go by my middle name, but some places have forced me to use my first name, so my cards are a mix of my first+last and middle+last name. So then I would look like two different people to this coin wallet?
But a waiter doesn't ask for ID when taking your card... so even if the Coin identifies you as John Smith when you pay your check, the fact that you are Steve Jackson who presented the card doesn't mean anything. And you can have multiple cards with multiple names in your Coin.
Currently, one assumes you can take a picture of any card and store it for visual purposes. There's zero explanation of how they authenticate a physical card (photo) with the swipe data.
Yes, card cloning devices have existed for decades, but this automates the process, allows you to carry a single (disguised) device that can store multiple cards. If one doesn't work, try another card, without eliciting suspicion, and simply replace / swap cards that are cancelled.
The old method requires use of credit card blanks, a duplicating device, and the card itself doesn't look like the card when presented in person. In this case, as someone mentioned, Coin doesn't display the card #s on the front, so it's like a Card Not Present (CNP) transaction, but needs to be treated as if it was.
This doesn't bring anything new to the card skimming operation, but it simplifies, optimizes, and can in some ways facilitate it. They need some sort of ideally biometric authentication and/or a server that identifies when two Coin devices carry the same cards on it to avoid this sort of fraudulent use.
This makes it less suspicious. Traditionally a lot of small-time (i.e. Vegas) skimmers write mag-stripes onto other cards ranging from hotel key-cards to expired credit cards, but in places where skimming is common gas attendants and cashiers are trained to watch out for warning signs including lots of expired cards, trying lots of cards, name on computer doesn't match name on card, and especially hotel keycards at gas stations.
This device defeats all these human security measures by letting me use a startup bling device to try up to 8 cards at once without looking suspicious at all. "Declined? shit, my newfangled e-bling card must have messed up - try it again!" (while silently changing cards using the button). "No name on the card? Card isn't signed? You want my ID? But this is the hottest new toy! Promise it's fine!"
This is interesting. You can just buy blank magstripe PVC cards in bulk for very cheap on Amazon. You can buy an ID printer for a couple grand. Why the need to repurpose old cards?
I'm not actually experienced with street-level card skimming beyond anecdotally, so I'm not sure. But my initial speculation is this:
- Centralized location / evidence. A stash of blank cards and an ID printer have to go somewhere, and look suspicious to start with. The gear to skim cards and write them onto existing magstripe cards can be stored in a small space or on one's person and thrown away quickly; there's no centralized location. I believe hotel keycards are used because of their availiability. There was a sensationalized national news piece a few years ago about pimps giving women hotel keycards with credit cards written on them to buy gas with.
- Start-up cost. A couple thousand $$ in an ID printer is more than $0; that's what would divide street-level carders from professionals who probably wouldn't be passing overwritten cards at retail anyway.
It affects the UX somewhat, but since it has to be in proximity (implying data contact) to your phone to operate, you could just move the "switch active card" feature to the mobile app, not the Coin itself, then you wouldn't have to worry about people in posession of the Coin (e.g., when you put use it to pay the bill in a restaurant) toggling through the other cards stored on it for nefarious purposes. Or, for less impact on UX, put a "lock active card" option on the mobile app, and still leave the actual card switching on the Coin.
I typically hand out a Google Voice # as a sort of DNS for phone calls so that I can change my device number at will.
Wouldn't this allow me to swap out credit cards in a pinch without having to carry new plastic? Or, as you suggest, if I lose my Coin do I have to get all new cards?
If you lose your coin, and someone else picks it up, then you've compromised not just one card, but multiple. Unless I'm missing some sort of authentication when using Coin? And if that authentication exists, how would the non-Coin holder use that card? Is there a timeout that requires the user to authenticate, select a card for presentment, and holds that card in the stripe until a timeout? if not, then there's problems here.
If there are any Coin founders hanging out here, this seems like a great idea and cool technology. However, like a number of other commenters, I have a few questions not covered by the FAQ...
The product/fit questions have already been asked, but there's still this: Why is Coin taking pre-orders several months in advance just to raise $50k? I can't help but wonder why a YC company wouldn't just raise the needed $50k from investors?
If this is an attempt to test the market, are you sure that a crowdfunding approach is the best image for a financial company? I want any company dealing with my financial data to be rock solid and reliable, and crowdfunding is the exact opposite of that.
Also, why aren't you collecting shipping addresses? I read your answer in the FAQ, but that makes me twice as concerned. You say, "A lot can happen between now and Summer 2014. For example, you could move. To reduce confusion, we’ll get those details from you once we get a little closer to getting you your Coin."
This is a problem for two reasons: (1) you are emphasizing that the ship date is far in the future, and (2) it comes across as though Coin is run by young founders who move around a lot and don't see value in long term planning. That's the wrong mindset for a company handling financial data.
What happens when the waiter accidentally clicks the button & charges your business card when it should have charged your personal card? I guess they can just peruse your cards, see what you've got, and pick which one to charge. :p
Presumably when the card is away from your phone (and BT connectivity), it would disable the button on the card. Or you could lock it into selecting that card via the phone.
> Presumably when the card is away from your phone (and BT connectivity), it would disable the button
See the FAQ, It doesn't. It's designed to be standalone with only periodic checkins (once a day probably) with the phone to make sure you still have the card.
From the FAQ:
Q. What if I lose my Coin or someone steals it?
A. In the event that your Coin loses contact with your phone for a period of time that you configure in the Coin mobile app, it will automatically deactivate itself.
Imagine you've dropped your phone somewhere (or had it picked out of your pocket) and tada, now your credit cards no longer work! As a result you're temporarily part of the nouveau poor and can't call anybody for help if you're out and about on your own.
they have an FAQ item for that. But I would submit that the answer seems to be skirting around the issue of an actual (accidental or not) "finger" press.... Especially like when the cashier takes takes your coin out of the check presenter? Grab it by the edges, you say? Suure....
Q. Can someone accidentally change which card is selected on my Coin?
A. We’ve designed the button to toggle cards in a way that makes it difficult to trigger a "press" unintentionally. Dropping a Coin, holding a Coin, sitting on a Coin, or putting the Coin in a check presenter at a restaurant will not inadvertently toggle the card that is selected.
I worked on a product like this at Amex about 20 years ago and while it was a totally neat concept it was completely stupid in practice. All those plastic cards are marketing vehicles that can also transmit a number. And, really, are they that difficult to manage?
I'd argue that, yes, they are difficult to manage. Not from a logistics point of view, but from a physical one.
I carried my wallet in my back pocket from 16yrs of age to 34 and always ended up with broken or bent cards. After taking a cruise outside of the US, I started carrying my wallet in my front pocket for security purposes and started researching minimalist wallets to reduce the bulk. I've backed 2 of those on kickstarter and am eying a 3rd, because the first two don't allow me to acces my cards quickly enough when I have more than 2 or 3.
For me, this solves multiple problems: it makes the minimalist wallets out there that much for functional because now I only need my coin card, my ID, my insurance card and perhaps a backup credit card for any merchants I run into that won't take the coin. 4 cards down from 9, not including any rewards cards which could push it up to 16 easily sounds like a good deal to me. It also keeps me from forgetting lesser used rewards cards and credit cards at home because they're either in the coin already or in the iPhone app and can be switched into the coin when needed.
So much so that I don't carry them, and it costs me money.
The wallet is: photo ID, transit card, and 1 or 2 ccs, depending on if I need my biz cc that day.
Wallets are a pain - though it must be said less so than, keys or phones. All of which dig into me an inopportune moments (usually going around corners on the bike) get dropped, or left on the counter... I'm probably just much to forgetful and clumsy for modern life, but all this /stuff/ is constantly annoying.
I love mine and get comments all the time about how cool or smart it is.
I carry Discover, MC (as backup) a bank debit for Mom's care, business debit, DL, Work ID card, medical, dental, and a couple paper cards like voter registration. No vendor loyalty cards, I give 'em my phone number and if that's not good enough, they can't track my purchases. Business should recognize ME when I walk in. Not the other way around.
I don't know about the landing page. Maybe it works better on touch screen devices, but using the wheel on my mouse left many of the different section badly aligned. I had go back and forth several times which I found to be quite annoying and I still have no idea what the site is about.
Q. Can a Coin be used to skim cards?
A. No. You can only add cards that you own to your Coin.
Ummmm... I hate to be pedantic [1], but the question is using the "is it possible" meaning of "can", but the answer seems to be using the "am I allowed to" meaning. There's a line in the previous question about how "As an additional safeguard, the Coin app will only allow you to add cards you own," but no detail on the mechanism of this magical authentication process.
I'm not sure of the prevalence in the US, but does this support chip + pin transactions? They're the standard in the UK now, and I suspect it's a little harder to mess around with than the magnetic strip.
I understand chip+pin is still a novelty in the US.
Back in 2009, I was (apparently) the first person to use the chip+pin machine in one of the biggest bookstores in Toronto - the cashiers got excited and all gathered round to watch. It was a little bit bizarre.
For a view on another part of the world, just in 2012 in Japan it seemed like about nobody knew about these. Some stores didn't even know they had a pad for entering a PIN, and some didn't know what was the "enter secret code" instruction.
I only understood that after a week and maybe ten or so places had told me "your card doesn't work", when some hotel tenant called her daughter to translate things, and she knew about chip and pin and was excited to see how it worked.
I'm pretty sure all the other places just saw some message they didn't really understand, and just thought "the card doesn't work", when in fact they probably just had a pad somewhere that was waiting for my input.
Just before that, we had stayed in Taiwan and used the same card pretty much everywhere with absolutely no problem.
That's odd, how far out in the sticks were you? I've used my european chip card extensively in Japan for the past 3 years with no confusion whatsoever, and most places that take cards have a chip reader that they use immediately. Nobody has ever said my card doesn't work. There's actually way more confusion when I pull out a WAON card or something.
It's been more of a problem in places in Thailand and Singapore where they're not really equipped to hand over the card terminal and sometimes I have to go behind the desk or something.
The first place I had a problem was actually a Honda (I think?) car rental office in Shinjuku, not a place where I expected a problem (and not the easiest thing to pay in cash, though that's what we eventually did).
Then a few hotels and ryokans mostly around Nagano and Toyama. The 7/11 ATMs worked fine though (but the card didn't work to pay directly, it did at Lawson though, IIRC) so we just used cash everywhere, but I liked to keep trying to use the card, as I was really not sure what was happening.
It's in a small hotel in Obama that I finally understood what was happening, after the woman first asked me to "write my secret code" on a piece of paper (she didn't know the keypad was attached to a long cord and that she was supposed to let me enter the PIN myself, her daughter figured - or knew - that).
I don't really remember but I think we just didn't have many issues afterwards, once in the larger cities of the Kansai.
It was kind of a pain to have to use cash so much because my card had a rather low limit on cash withdrawal at foreign ATMs (of course, my other card had been mailed by mistake by my bank to my former place just before I left). I just didn't expect at all that it would be so difficult in Japan.
Yeah, I can't remember the last time I saw someone sign for or swipe a credit card in the UK: it's all chip-and-pin now, all the time. This looks like cool technology but it just wouldn't work here.
Pro tip: if you're in the UK and think Chip+PIN is a really good way for the bank to shift liability to the cardholder and want to make your life miserable, ask the bank for a Chip+Signature card. That'll fuck things up for you on the regular.
Chip+Sig makes things worse in terms of day-to-day purchasing. Vastly worse. Your card no longer works in ATMs, retailers pitch a fit when they figure out your card is making their PDQ spit out a receipt to be signed (some even will try to refuse your card), and automated machines, like the ones found on the London Underground don't take Chip+Sig cards so you actually have to line up to see a human.
I eventually just gave up and got my cards reissued as Chip+PIN.
It depends where you are, I suppose. I live in an area with a lot of transient foreign nationals working in banks nearby, and they're used to dealing with non-chip cards at my local Tesco. The person in front swiped a Venezuelan Visa with no trouble the other day.
I had to use ye olde magnetic stripe and signature at a Morrison's a couple of weeks ago. The card reader was broken for some reason. Naturally the magnetic stripe on the first card I tried was also broken and wouldn't swipe...
Means you are always in sight of your card because although merchants can force the transaction through, customers expect the pin entry ritual. Skimming becomes a lot more difficult and in most stores you don't even need your card to be near the cashier because the terminals are separate from the register.
This also stops the frequently problem mentioned about a waiter changing your card because you'd need to validate the purchase via pin on a POS terminal.
The downside is that you're vulnerable to shoulder surfing and people stealing your pin (at which point they really have the keys to the kingdom), but given that signature checks are rarely that stringent in the US I think it's a moot point.
Magstripes still work, but many stores in the UK have stopped accepting it as a payment method if the card fails.
I'm surprised to see no mention of NFC in this thing, that would work in Europe in plenty of stores.
I guess they wouldn't be able to do this for the Smartcards used by Chip+PIN as the PIN verification actually happens within the Chip. Unless perhaps the banks worked together on it, but I can't see them doing that!
We've used pin (and now pin+chip) as long as we use cards.. I pay exactly 0% transaction fees and only a few euro per quarter. Merchants pay exactly 0% transactions fees and a small monthly subscription. It just works.
The Netherlands. I looked up pricing. It is actually not 0% but €0.06 per transaction above the first thousand transactions (which are included in the bundle). The rent for the box and connectivity (mobile or dsl) is also included.
Pretty much no-one accepts swipe-only cards in the UK,because they are a massive source of fraud, pin+chip is a lot more secure and results in a very,very,very few chargebacks for the merchants.
With EMV the banks have introduced what they call "liability shift" which means that if a merchant has a chip and pin terminal and someone manages to use a fraudulent card through it the bank will bear the cost. So there is no chargeback. Though this also means though that if a merchant doesn't have a chip and pin terminal and accept a fraudulent card through the magnetic stripe then they will get a chargeback and have to cover the cost of the fraud.
- less liability for the merchant
- either the transaction was explicitly approved or wasn't
- sense of security for the user
- card never leaves you
- if you ever lose the card it doesn't matter
- there's no reason to sign anymore (less opportunities for fraud)
I can't quite put my finger on it but it does change the dynamic between wait staff & consumers when you're out dining - it just makes things simpler & you have to wait a lot less when you decide to leave.
It means that rather than the waiter taking your card away and coming back 5 minutes later, they bring the machine to you (or you go up to the front desk) and you pay there. Certainly makes me feel much more comfortable, whether or not it's really any safer.
What's the opposition to it? I've had chip+PIN my whole life in fact I didn't know until today that the US was different - how do your cashpoints work?
Super cool, but my guess is that there's a very small time window for it to succeed before the phone completely subsumes all card functionality. After all, the phone already scans the old card and sends the details to the 'CoinCard' (and monitors card-custody) via Bluetooth-LE.
It won't be long before most swipe terminals are themselves augmented with wireless transceivers, making the "CoinCard" a redundant middleman-device. That is, your phone could just send archived magstripe details, after your onscreen-app confirmation of payment-intent, to the retailer's terminal.
Coin's real strategy may be for that world - the hardware will fall away like a first-stage-rocket at some point... even faster, say, than Netflix moved from DVDs-through-mail to pure-network-delivery.
You can already do this with Google Wallet on Android. Enter your card into the Wallet app, then swipe your phone over any PayPass terminal and it will process the transaction. At least half the retailers I visit already have PayPass terminals (in Los Angeles).
Why would you want to carry just one credit card when you can carry zero with Square (or Google Wallet)?
If it is because of the "tradition problem", it's not much better than Square Wallet either: In more than one place I've been to the cashier was supposed to manually enter the last four digits of CC# manually for the transaction to get through. You'll have to carry a backup card with either Square or Coin.
I like the vision of completely ditching the credit card far better, and the marginal compatibility benefit does not seem good enough for this to get anywhere in its current shape.
Of course, things can change.
(BTW, wasn't Google doing the same thing with a physical card for Google Wallet and ended up abandoning it?)
Personally, I like the idea of using my phone over the coin thingy.
Also, I'm curious about how sturdy this thing is. Maybe it's my wallet or maybe I just shop too much, but I tend to wear out my debit card really quickly (< 1 year).
This is incredible. I like Loop a lot more than Coin, but I would not be comfortable handing my phone to waitstaff to take it to the back of the house. If they had an android case I'd buy immediately. I'm just not a fan of presenting my phone with the fob.
For what it's worth, my cards last have lasted indefinitely in my wallet.
I think this is cool, but just >90% of merchants? What happens when I finish a meal at a restaurant and left all my credit cards at home and have to pay for it, only to find that loop doesn't work with their POS system? I'd imagine I'd be boned.
One of my biggest questions/objections is about the battery life issue. They claim that this will run out juice every 2 years or so and that the battery cannot be replaced, so I'll just need to buy a new one. $100 every two years for this device seems like a pretty big expense, as opposed to $100 one time.
Early adopter tax. Once they find other ways to monetize (and they will, considering they have actually planted a physical device in a revenue stream), the device cost can drop precipitously.
I wonder how this would fare in an ATM. What happens if the ATM accidentally presses the card selection button? If the ATM gobbles the card, now you've effectively lost your entire wallet. What happens if the cashier presses the card selection button while running your card too? Oops, now your boss wants to know why you've just paid for your groceries on the business credit card and why you've cloned your business credit card!! The first can be an innocent mistake, but the second can be grounds for disciplinary action.
I can't see the banks being happy about customers cloning their own cards. In fact, it will probably be a convenient excuse for them to absolve themselves of all liability in the case of loss, theft, or misuse. Some, if they found out, might pitch a fit and close the account.
This also is going to pose a lot of problems when used with non-domestic cards, as they point out in their FAQ. It's possible to use an EMV-based card with just the magstripe, but it's a pain in the butt and the bank may well be aware that all your meatspace transactions are not using the EMV-chip. They may assume that your card is broken or (quite correctly) cloned and block it. A call from the fraud department may well lead to a fit being pitched.
From wikipedia: "Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process." [0] Oops, now your card is blocked.
Retailers might also get skittish if they figure out this isn't actual bank-issued plastic. They may well refuse it because of the risk of fraud. I would. I really wouldn't want to be running someone's cloned card, even if the cardholder was the one that did the cloning. In fact, it might jeopardize a retailer's merchant account if the acquiring bank found out the merchant were running cloned cards!
The best way to counter a bulky wallet is to not add bulk in the first place. How many credit cards and debit cards does one need to carry on a daily basis? I carry maybe two or three cards, some ID, my Oyster card, and a Costa rewards card that I use daily. I also have a backup wallet that contains a second set of cards in case I lose the first. The bulk of my wallet is receipts that accumulate, but even when I carried way more my life wasn't burdened by a whalelike wallet.
It'd also be a pain in the butt to use this with some rewards cards. For example, my Costa rewards card is swiped at the same time as I'm paying. Would I really want to fumble through pressing a button to find the right rewards card, give that to the cashier, have it handed back so I can fumble through pressing buttons again so I can pay? Certainly not, and even less so the impatient people in line behind me.
Sorry to promulgate the Hater News stereotype, but it's just too easy to poke holes in this idea. It has superficial appeal but I really wouldn't pay $100 for so many potential problems, especially as it would only make my wallet a few mm thinner.
I agree - I don't see the comments here as Hater News, but rather the exact sort of questions pretty much any consumer or business user would ask. There's a glint of "oh this is useful" and then there's the "oh, but what about this... and that...". That's not Hater News - that's pretty much exactly what any non-technical person would inquire about this product.
I was looking at my wallet the other day, and wondering why i can't slim it down even further to carry one digital card instead of multiple. i even thought it would make a good startup. and here we are.
the only drawback in my mind's eye regarding coin as a business is that there will be no reason to have "swipes" anymore if you can just scan a smartphone, as with the starbucks card.
however, the widespread use of scan technology is years away, whereas the swipe is ubiquitous now.
ergo, IMHO, coin will be a success if they can execute on the product.
But how many of the cards in your wallet could be replaced by Coin? For me it's maybe three. If it can't replace nearly all of them it seems pretty pointless to me - I'm still going to be carrying my wallet, it'll just have two fewer cards in it.
Yay? In any case, it does seem odd to build a business around something that is virtually guaranteed to be extinct in a few years time.
What about bars? A lot of bars I go to hold onto your card until you tab out. I'd hate to keep getting notifications about losing my card every time I'm out on the town. When you go back up to the bar, they ask what your name is to tab out. I didn't see anything on the Coin to do that. I also wouldn't want the bartender to press the button and change to a business account or something similar.
I'm not being a hater, this is just an occurrence where this might not work well. I still think it's an awesome idea though, and I'd like to get one.
Isn't that actually an amazing feature though? Low energy bluetooth can give you a decent range (and some range detection). Wouldn't it be great to tell it to notify you only when you leave a larger radius. Unless you're in a GIANT bar, it could actually help keep you from leaving your card behind accidentally.
Yeah I guess part of it is a good feature, depending on if it lets you do this. But that's still in cahoots with the other "bugs" if you will stopping it from actually being useful in this scenario.
No, that's the point... they held a tab by swiping my card up front, and then didn't need it to close out. They still could have charged it if I ran off.
It's probably like a gas station authorizes your card for a certain amount before pumping, but then actually charges the specific amount you pumped at the end.
My problem is that I tend to wear out card before I get a replacement. For example, my debit card currently requires 3-4 swipes to get it to work. I'd probably keep a backup card in my wallet if I decided to get Coin, just in case, but really like this idea.
I agree. Perhaps I was really just promulgating the Critical Thinking News stereotype instead! I actually love to see progress, especially if something would really make my life better, even in a small way, but I really don't feel like this is going to be worth it.
From the looks of it, it will handle rewards cards and whatnot just fine. If I could just store my Qdoba, Panera, Gameworks, Dave and Busters, REI, Best Buy, Safeway, Kroger, etc. cards on one single card.
Now I can keep as many rewards cards as I want, without having to stuff my wallet full of junk I don't need 99% of the time.
The money I save from rewards cards I wouldn't normally carry would probably pay for the price of a Coin, even if I don't use it for any of my credit or debit cards.
I think you've misread what I wrote. It might be able to handle rewards cards, but the card itself becomes a bottleneck because it can only function as one card at a time. I'd have to select the rewards card, have that swiped, then fumble with the card again to select my payment card and proceed to pay. It seems like a ghastly hassle.
If I had this I could see myself using this for rewards cards only. But then again, I don't have a lot of rewards cards that are fattening up my wallet.
Your fears sound irrational to me. It's just a button, on something already in your hand. I doubt you're going to "fumble" it, or that it's going to be a "ghastly hassle" to press a button one or more times. Once you've shopped at that store at least once, you know exactly how many times to press it to advance to the card you use there. All of this should take less time than putting a rewards card back into your wallet/pocket and taking out a separate credit card, which requires more mechanical actions in which you might "fumble" something.
When I think about standing in line pressing a button, iterating through a list of all my credit, debit, and rewards cards to find the right one, it seems like a hassle. Imagine I go past the correct card in my haste and I've got to keep pressing the button until I've looped back around to the correct one. Did I screw it up a third time? Now people in line behind me and the cashier are getting pissed off with how much time I'm taking. Oh wait, that was just for the rewards card and now I have to select the payment cards? I'd be regretting my mistake and wishing I could just pull a card out of my wallet.
Looking in my wallet to pick the silver card on the middle right and the brown card on the top left is so much easier. People can pick out location and color far faster because of our evolutionary history.
"I go to pay at the checkout counter. Oh wait! I suddenly remember I have a rewards card here. Good thing I carry it in my wallet along with the other 10 rewards cards I have...shoot, which pocket did I put it in? Maybe it's here? no wait...oh shoot, now I have to take all the cards out. I know it's a red card, but so is my Target and Walgreens card. Now all my cards are out all over the place. People behind me in line are getting pissed off with how much time I'm taking. Now all I have to do is collect all my cards from the counter, reorder them, and put them back in my wallet. I wish I just had one card in my pocket that could work for everything."
But this is preventable. In most cases, while you're waiting in line you can get out both cards and be ready to go when it's your turn to order and pay.
With Coin, you have to find the cards serially, no matter how much lead time you have.
That's not ever been my experience at least, even when I carried every rewards card I'd ever applied for! In fact I can tell you where everything is in my wallet right now without even looking!
A "ghastly hassle"? If I don't use this it's because I only carry a few cards and so I don't have the problem it solves, not because of the solution itself.
in their FAQ it says that the coin can only hold 8 cards at a time, but the app can store an unlimited amount. So I assume that you'd have to sync the one(s) you want to use via mobile app (I'd hope) that you'd already have stored, then select it via toggle button on the card. It makes it sound kind of cumbersome for that purpose. I do like the overall idea though, I think its really cool and hope they succeed!
The entire smartphone industry for the last five years has been driven by people paying hundreds of dollars to make their phones a few mm thinner. Why not their wallets? This isn't for your ATM card or your driver's license, it's for those random cards that you either never carry or fatten up your wallet.
I think a lot of that has been driven by the fact that your new phone is faster _and_ thinner. If it wasn't both, I have my doubts that people would always pick the thinner option. The large screen android options of recent years show that size isn't a trump for everyone.
I've got a TGT for $13, it's a band of elastic with a layer of leather stitched to it. It's that slim I often think I've lost it, until I put my hand in my pocket.
Compare the time a phone spends in an owner's hand vs the time a wallet does. Those that fancy the same tactile experience from their wallets usually go for money clips, or single pocket wallets.
As far as "gobbling the card" is concerned, their FAQ states that they can only be used with "dip" ATMs, which may also address the button pushing issue.
EDIT: More details from the FAQ:
Q. Can someone accidentally change which card is selected on my Coin?
A. We’ve designed the button to toggle cards in a way that makes it difficult to trigger a "press" unintentionally. Dropping a Coin, holding a Coin, sitting on a Coin, or putting the Coin in a check presenter at a restaurant will not inadvertently toggle the card that is selected.
My phone, like many others, has a simply way to lock it so it doesn't accidentally call it. That doesn't make it difficult to make phone calls, it just makes it difficult to accidentally make phone calls.
I can imagine multiple ways they can handle this, all of them fairly trivial.
> Oops, now your boss wants to know why you just paid for your groceries on the business credit card and you have to explain that you cloned your business credit card and there was a mistake!!
I'm not sure how every corporate card works, but I have accidentally made purchases on a Corporate Amex before and it's not a problem. I just pay that part off myself and don't mark it to be expensed. Don't see this as a problem.
OTOH in other companies you might be in serious hot water. Or, if you work for the government, potentially going to jail for putting personal expenses on a government card.
I had a purchasing card when I worked for a state university. They monitored the transactions on the card extremely closely since it was tied to state money and federal grant money. If I had mistakenly charged a personal expense on it, I would have had to contact a couple different administrators, explain the mistake, and get the transaction refunded (and then pay for the expense myself). It would have been a bureaucratic pain, but I would not have gotten in trouble for it, certainly not jail.
This is a bit hyperbolic - mistakes like this happen all the time and I have serious doubts you'd ever go to jail or even lose a job over something like this, as long as you get it corrected once you recognize the problem. The issue in my mind is that the hassle of correcting this kind of error quickly negates any convenience you'd have gotten from using the card in the first place.
In cases like that it would be unwise to put your company card on this card. You'd now be carrying two cards. In the case of having to carry two cards, it still fixes my George Costanza wallet.
I know mistakes happen and things do get charged to the wrong card, but can you imagine your boss being a happy bunny if he or she found out you've cloned the card?
Why does my boss need to know I cloned the card? I'm saying, mistakes like these already happen without cards being cloned, it won't be introducing a new problem. You don't need to say anything to your boss more than, "Sorry, I used the wrong card."
Many Amex cards look very similar, for instance. I and others I know have accidentally handed the corporate amex over instead of the personal one. I've also had the case where, a company (in this particular case, a rental car company) had saved my corporate card, and automatically billed that when I went for a personal purchased.
At a minimum, cards should be issued to a specific person and immediately revoked when no longer authorized. If this infrastructure is in place, why should the employer care?
If it's not, then we're assuming a shared account, which increases the risk exposure for normal loss, theft, etc. by the number of people using that account. Can you afford to have your organization's payment ability severely hampered because a field rep got mugged?
In regards to accidentally pressing the card selection button, I think a simple idea would be some sort of "hold to lock" functionality. You hold down the selection button for 3 seconds or so and the currently selected card is "locked in" until you perform the action again.
That sounds more complicated than pulling a card out of my wallet that I've instantly identified by position and color -- something the human brain is really good at doing without much thought. It's far more of a cognitive burden to fumble through a voodoo incantation of keypresses at the register to make the wizard card clone the correct card.
> Oops, now your boss wants to know why you've just paid for your groceries on the business credit card and why you've cloned your business credit card!! The first can be an innocent mistake, but the second can be grounds for disciplinary action.
What's your point? If you're not allowed to clone your business credit card, and you do, of course there will be disciplinary action. That would be true if you used this "coin" or any other method to create the clone.
Love the concept but the security worries me. Looking on the site, there is (as expected) not much information about security.
RED FLAGS:
* Coin is in the process of earning a PCI certification. This should have been done before launch. Also, what level?
* Coin uses 128/256bit for security but HOW and WHERE?
* Coin essentially skims cards (through the reader) to playback for terminals. I don't see how they can say with a straight face that it is less susceptible to the same techniques.
* Adding what are supposed to be funny Q&As to a FAQ trivializes what are supposed to be important questions for people thinking about using this.
* I understand the love of "the cloud" but I wish people would also consider scenarios for a disconnected model. These are solutions that do not necessarily require a full time connection.
I could see using this for pre-paid gift cards but not for my actual credit cards.
I'd really like the ability to add all my shopping cards, membership cards, and whatever else that constitutes 98% of my wallet. Replacing two credit cards/bank cards isn't that compelling.
And then really, while I'm dreaming....I just want my phone or an app on my phone to deal with paying because carrying around a card just feels so 2000s.
This is a slick implementation, though.
I'm also more worried about actual merchants refusing to take something like this.
This is one of the worse ideas I've heard of; security wise. Not even at a tech-level. All your data and credentials are a robbery away. Of course, if you get robbed you can probably call in your credit cards from your cellphone... oh...
Now, on the tech side... magnetic? Really? We've been through this, it's not secure. It might sound secure in an ideal world where the user doesn't do stupid things like handing over both the card and the phone to someone just to avoid getting the notification or to be shown how it works... or because it's a "store requirement". But we are not in that world, nor we will be.
I don't know if I can make a suggestion that might be seen with all the activity here - but if it were me designing it, I would have an option to lock-in a single card via the smartphone app.
Or, maybe only allow switching within a foot or two of your smartphone.
That would eliminate the concern people have about where the waiter accidentally pushes the button and switches the active card.
No, because chips, by design, can't be copied by the user. They are roughly small computers which encrypt messages with a secret key, but the key itself is never let out outside the chip.
You would need some cooperation from the card issuer to clone the card, or some sophisticated technical equipment to open up the chip and read it.
I was trying to look into this as well. Apparently the chips cannot be read from in the same way unless you authorize it. I don't know how that authorization process works, but I'm guessing it's possible. I'll be looking out for Coin in the future when they introduce EMV support.
You shouldn't be able to read EMV chips with any authorisation - it's supposed to be safe from bank employees who make the actual cards, so they can't clone your card before giving it to you.
In the EMV process the private key should be unique to the card (if you make a replacement card with the same number, it's a different key); the private key shouldn't exist anywhere outside the chip after the card is made; and there aren't supposed to be any ways to read the key. Well, cutting the chip and scanning with a electron microscope works, but it's impractical.
I'm not saying that there aren't any bugs in the implementation, but I'm quite sure that there are no known bugs that allow simply to get the key; even full control of the HSM which holds the bank's private key should allow you only to make/sign new fake cards, but not recreate an existing card.
Theoretically, you can put a large number of payment applications on a single EMV chip already, and a transaction will either use defaults or present you with a choice.
Unfortunately cross-bank and cross-scheme cooperation has never been there to the extent that this has been possible so far.
With my new card I always get a dialogue when I pay where I have to choose between something like "direct payment" or "pay in three installments". I suppose that's the kind of applications you're talking about? I didn't know this was possible before (and I don't remember my bank ever telling me about it, not that I really care, but it's a useless step slowing me down).
I see it on every terminal I use here in France, so it seems to somewhat work already here.
I've been out of the payments game a few years now (going back in on Monday though) but in EMV speak an 'application' is usually something like Visa, or Mastercard or something along those lines. Some cards I looked at in the past had a few on them for local schemes, for instance we had "Switch" cards here in the UK that were the equivalent of "Maestro" in Europe, but were different enough that a lot of UK debit cards had both applications on them.
If "pay in three installments" is a sort-of credit facility provided by your card issuer(?) then I suppose it could be coded as an on-card application. In fact if you wanted to give your customers that choice on every single transaction I can't think of a better way.
Why would a bank allow that? It creates all kinds of liability issues, hurts the issuing bank's branding, and there's no big source of fees to allow Coin to simply buy cooperation from them.
Heck, they're running a kickstarter for funding, while even dreaming about being a card issuer would require to start with posting multimillion security deposits.
A magstripe is literally just a flat strip of magnetic tape, like an audio cassette. Devices like Square Reader just encode the magstripe as audio into an iPhone's mic input. You could save that to a Voice Memo, stick the playhead from a RadioShack 3.5mm/cassette adapter in a reader, and press play. Can't find it, but I've seen a demonstration on YouTube of someone doing this to enter their apartment building.
The TV show White Collar's pilot has a cool depiction of Neil Caffrey copying a guard's magnetic stripe badge using a tape deck by recording it to tape, then playing it back through the record (write) head on the other side of the tape player while he slid a new card through. It would be hard to get the timing right, but there's no reason this shouldn't work.
It's incredibly primitive technology, as is simple RFID - the cloning process isn't much more difficult. Fortunately my university uses HID iCLASS contactless smart cards - there is actually a cryptographic handshake between the reader and my student ID which is resistant to replay attacks. If implemented correctly, it's impossible to copy the electronic access control portion of a student ID without the university's private keys. (The same access control infrastructure that's on my dorm's main entrance also guards healthcare information, nuclear and virology labs, etc. so that makes sense.)
But what this device is proposing to do is dynamically change the magnetic orientation of the ferrite on the strip. I don't see the Coin demo guy running his card through an encoder before presenting it at the cash register.
Best I can find so far is this website which kind of describes what is going on:
> Magnetic stripe cloning can be detected by the implementation of magnetic card reader heads and firmware that can read a signature of magnetic noise permanently embedded in all magnetic stripes during the card production process. This signature can be used in conjunction with common two factor authentication schemes utilized in ATM, debit/retail point-of-sale and prepaid card applications. -- http://en.wikipedia.org/wiki/Magnetic_stripe_card
It might work like a bunch of tiny electromagnets appropriately arranged on the back of the card, like pixels on your screen. These electromagnets can probably be polarized in a particular way to match the original card.
This was a crude first pass, which is evident from the fact that the shim is a sawed off kitchen knife. In principle if you make the electromagnets smaller you could fit three. Make them adequately decoupled and you're away.
If these guys have an alternative approach I would be interested to read about it, but as far as I can tell they don't describe the method anywhere.
As a former credit card thief I would have loved this. You mean I don't have to buy $10,000 of card printing and embossing equipment to create a fake clone of a card? Yes please!
As a consumer I'd love to have something like this but it will never fly. Stores will lose liability protection since there is no security. Unless they partner with card issues to provide some kind of secure card verification it will end up being banned by merchant agreements. No store in their right mind would accept it.
Personally, I'm not into a single point of failure device. Same reason why I eschew paying with a cell phone. More convenient? Sure. But lose your cell phone and you have a lot of things to account for, doubly so if you have no form of remote wiping it.
A wallet is a single point of failure device. It's a lot more of a hassle to remotely wipe my wallet (remember all the cards, cancel them all individually).
A wallet contains many different things that can be added and subtracted at will. If this Coin thing is to be used as I think it is, it is all your cards, all the time. I can't just bring one card, it's all of them.
Not to mention the fact that now one service has all of my cards and their information? Coin better know what they're getting into. I'd prefer the hassle of many sites than one with everything, just not worth it to me.
I think this highlights how insecure cards are that just rely on magnetic strip information rather than something like EMV (chip & pin). It should not be possible, or at least extremely difficult, to clone a card.
I'm from the UK and EMV (Called Chip & PIN) has been around for years now. No-one issues non-EMV cards anymore, except perhaps for cards designed exclusively for use in ATMs. Something like Coin would not be possible and, frankly, I'm happy this is the case. While having to carry multiple cards around is not an optimal solution I'd much prefer this over the ability for my cards to be trivially cloned.
Aside from the security issues how would this work in relation to fraud with your card issuer? I'm not sure if it is different in the US but if you are the victim of fraud and you were not seriously negligent (i.e stored your PIN in the same wallet as your card) then the issuing bank will refund any money fraudulently taken/spent. Assuming something similar operates in the US, would using this service give the issuing banks a excuse to hold you responsible for fraud? I'd also wonder if you were breaking any agreements you have with your bank in relation to your use of the cards they issue you with.
::Sigh:: It sounds exciting.. but so did/do all the others trying to do the same or similar things.
Unfortunately, banking regulations and reluctance to push technological boundaries at the risk of being liable or losing money are the big hurdles to clear here. Another slightly smaller hurdle is being able to design a product that is high enough quality and durable enough to survive without costing way too much.
The first one I ever heard about was back in 1999, PocketVault from Chameleon Networks. They lingered with a website that was updated every couple of years promising a release soon.
Next came the iCache. That one did a Kickstarter and actually made it out to market... sorta. I have one, but the company ran into huge manufacturing issues and folded under very odd circumstances.
A few others I've kept an eye on are:
Dynamics, Inc. Card 2.0 -- Was supposed to come out with exactly this product.. ended up doing a very reduced feature set that lets you just select A or B rewards.
Protean Echo -- Same concept. Originally promised 2013 but recently updated saying they weren't ready yet.
There was another that was a similar concept company/site, but I can't find a link to it or remember the name at the moment. :/
There is also a recent company that had a successful Kickstarter: Loop. Rather than a programmable credit card, they are hacking the magnetic readers themselves by making a mobile phone case or dongle that emits a magnetic field that tricks the reader into registering a card swipe. Pretty neat stuff to compete with the struggling NFC solution, but unfortunately, it isn't 100% compatible with all swipe readers, and totally incompatible with dip readers.
I remember the US refusing to rely on foreign technology, hence refusing to issue plastic money with chips.
But this changed after the CIA got their hands on the technology through in-q-tel acquisition of the french company gemplus then world n°1 company in the business.
Then cards with chips were coming the US and it was expected for the rest of the world to get backdoors with their US issued chip cards, years later the french government finally bought back control of the company but way too late.
Now that they have the technology, I'm surprised the switch has not happened yet, even more so since cloning and other kind of fraud is quite easy with magstripes (not that it is that much harder with chips, see yescards).
The coin introduced here seems anachronistic to my european eyes which have not seen a card being swiped in the last 30 years and a great opportunity for fraud.
Better use than reducing the number of card in a wallet is obviously to charge other people for your expenses by cloning their cards.
>> (not that it is that much harder with chips, see yescards).
Never heard of that before, interesting.
I used programmable test cards when doing EMV and did wonder what would happen if I made such a card but (as the wikipedia page says) they're of very limited utility as they don't have the right keys to do anything but low-value offline transactions.
Cloning chip cards is still pretty hard, IMHO, though that is interesting.
When Serge Humpich, a french engineer, found the vulnerability the yes card is based on at the end of the 1990's, he got in touch with the GIE in charge of european bank cards to warn them and propose a fix in hope of landing a job.
They asked him for proof, as an engineer he gave them proof by buying metro tickets and sending them the tickets, the receipt and the card used to exploit the vulnerability. The GIE CB then went on pressing charges and using those as evidence of the crime and Humpich was sentenced to prison, the flaw was not fixed and the whole story got in the media.
Then yes cards started to appear all over France and Europe and people would draw money directly from atms with yes cards, until all ATMs were replaced by fixed version gradually over a few years.
The amount of fraud related to yes cards and subsequent iterations was never disclosed, but it was estimated to be in the tens of billions euros per year.
In 2001 a network of gas stations got exposed for copying the magstripe of chip cards which were then sent to be cloned in other countries and the same CBCarbon surfaced, a software dedicated to cloning chip cards issued after 1999 (those including the crypto bump from 320bits to 768bits)
I suppose this is not the low hanging fruit of getting the money from ATMs as the current method is a physical attack based on making them explode using gas but I sincerely doubt chip cards are really secure nowadays, probably just not as easy as it used to be.
I have my doubts it was anywhere close to that amount as it would work only in very specific circumstances.
The mag stripe thing is a weakness in mag stripes. The effectiveness of EMV is amply demonstrated by the fact that the numbers had to be sent to othe countries to be useful.
And yes cards in an ATM? The ATM software was not up to the standards that are required by the banks for third parties then. Implementation bugs, nothing more.
It's not uncommon in this sort of situation for them all to get upvoted. Firstly, different people will upvote different ones, so if there's a popular story then a large number of upvoters split by 3 is still a decent number on each. Then there are people who will upvote more than one, either because they think it's important enough to deserve multiple links, or because they think the links offer enough difference in content, or because they upvote the first one they see, then see there's a better one (e.g. "oh shit, I upvoted blogspam, better upvote the official one now")
"...attracted the attention of Osama Bedier, the former head of Google Wallet, who’s an investor in Coin. Bedier spent years attempting to make Wallet the NFC payments standard of future phones, but Google abandoned his work to pivot the product into yet another PayPal competitor. "[Bedier] sees scale at Coin … where he didn’t see scale in current solutions," a company spokesperson said on Bedier’s behalf. And for what it’s worth, Parashar says he hopes to develop a way to let users activate Coin (or disable the "lost" feature) even when a phone’s not around."
Coin's logo seems to be very similar to Macquarie Bank's[1]. I'm not a lawyer - but Coin may be infringing on their United States visual trademark[2] (of concentric circles), especially as they are also a financial service. I may be very wide of the mark here; but my first thought with this was that this was a product of Macquarie.
This would be an excellent opportunity to add some encryption to credit card numbers. Imagine taking this, except for it has a pin-pad where you enter in your password/passkey. All credit card numbers stored on the device are encrypted with this key, so it's impossible for a thief to swipe your card. However, it doesn't solve the malicious waiter problem.. but of course, you could still keep it locked down so that the most the waiter could get is one card, rather than all of them.
Ideally, it'd be something like:
* Entering your key keeps exactly one card decrypted for up to 2 minutes
* Changing cards requires a reentry of the key
You could even go crazy and do things like allow different cards to have different passkeys. Not sure how useful that would be though
This is very neat and a super cool idea. However, there's no chip? I try to avoid non-chip cards as much as I can for security reasons.
One more thing that crossed my mind is, what happens if you give this to the waiter, the waiter goes away to handle your payment and it happens to be outside of reach of your bluetooth ping; then you will most likely become worried that the waiter ran away with your card, or you will start ignoring it when it notifies you that it is outside of reach.
While talking about the waiter, what happens when the waiter accidentally clicks the "change card" button and takes the personal lunch on your business card? You might not notice until it's too late and people start asking questions..
Well, don't give the card to the waiter? I was honestly spooked when my colleagues handed over their credit card to a waiter when I was in the US a while ago, leaving it out of their sight and hands for a while. We're warned in TV adverts here to never hand over your card - it could get skimmed by the attendant behind the counter. Less of a risk now that the magnetic strip is hardly used anymore, but still. Give someone a few minutes with a chip card and they can do plenty of things with it.
Paying by card here happens either by using a mobile card reader, or by just getting up and walking to the cash register before leaving. Much safer.
Handing over your card to the waiters is standard in the US. You are basically trusting the waiter to not skim/copy the card. In the case that it is skimmed, the fraud policies I've experienced are very favorable to the consumer.
I was surprised to see in Quebec City that all the stores/restaurants had portable card machines they brought to you. That does make a lot more sense to me.
It's "the way that they do it" in most places at least where I have been, that is giving the waiter the card and wait for them to come back.
In Sweden restaurants have started to come out with portable devices and you even have to put in the amount you want to pay (because they want tip which is already included in the price..). I find this really good but at the same time less convenient because I don't want to fiddle with their device.
I would feel much better if I had my cards stored "securely" in my phone and could do "Tap to Pay" over NFC instead and have the waiter bring over an NFC device to tap against my phone.
I wish it allowed a card selection process to be made with iPhone instead of clicking on the actual card itself, so that the person who charges it does not toggle between your cards. With a fingerprint sensor that would be really cool!
This will never catch on in Australia unless they can clone paypass/paywave. Now most of our transactions are contact free with chip and pin as an option for large purchases.
Just having to enter a pin in Australia is going backwards.
I'm more concerned about the price point. Seems cool, but not a problem I spend a lot of time thinking about. I don't see myself spending $100 to solve the problem of carrying multiple cards on me.
I would maybe pay $50 for the beta card because I think it's super cool and I love trying new tech, but definitely not a price point I would pay to solve a problem that is hardly a problem at all. (to be fair, this might be one of those problems that you don't realize how bad it is until you solve it.)
I can't see myself paying more for this than I would spend on a wallet, which is less than $20.
So I have to turn this over to a bartender to keep behind the bar when I go out and drink? If I forget to grab it before I take a cab, now I'm out $100 and ALL of my credit cards. No thanks.
Is that system still popular? I've started lots of tabs in the last few years, and it's always been purely an oral conversation - they only get my card at the end when I'm settling up.
Sure. If you are a regular they probably and some small bar they won't need anything, but if you head to a large nightclub with hundreds of people they'll want a card to keep behind the bar while you have your tab open.
It's not bad, but I feel it will be short lived. Like other pointed IC cards are standard in many countries and are coming to the US.
Moreoever, I'd rather have my smartphone do it all, and by all I mean all: cc, id, insurances... Most places I care about now accept IC cards and RFID, which means I should be able to pay directly by pointing my phone at something while punching an sending a encripted 4-digit pin.
Using Google Wallet, Paypal, Square and others would be even better. It's coming and the pace is just accelerating...
This is very cool technology but I'm skeptical for its practical usage. Lots of people have already brought up the obvious pitfalls (atm use, accidental presses, banks potentially removing card liability) but I'd also probably carry around my important cards in my wallet just in case. So they aren't really solving the problem of carrying too many cards - at least for me.
It would be useful for things like gift cards and reward cards - but is it worth it for that?
I hate this kind of scroll website, using the mouse wheel to scroll just means everything is really jerky and isn't ever quite lined up, or correctly faded.
Here's how it works. Users register their cards on the company Web site and upload the information into the iCache. When they want to use it, they activate the device with a fingerprint on its biometric strip, scroll through a list of cards on its screen and choose one. Out pops a plastic card with a magnetic stripe, temporarily loaded with the chosen card's data. Just swipe the card and pop it back into the iCache. After one use, the information on the card disappears. The device even works with loyalty cards, such as those handed out by supermarkets.
The hardware technology is certainly more advanced, but I'm of the opinion that the true endgame is going to be a scannable or NFC "card" stored entirely on the user's device (ala Passbook), not using a physical middleman.
The problem with the iCache was that it was very short lived, and once apple moved away from the 30pin connector, the icache folks never updated their case for the smaller form factor or new connector configuration.
My iCache is now sitting in a drawer with a bunch of other "good tech gone old," but, I've had issues with servers understanding what my iCache card was, had Enterprise Rent-A-Car flat-out refuse to rent a car unless they could see the raised digits on a card, and a shit-ton of other things.
I was lucky -- I didn't have any issues with the actual encoding on the card (apparently, there were some folks from kickstarter who couldn't use it at all), but, I'll deal with the five cards in my wallet and generally be happy about it.
at least in the non-us market, this awesome idea comes a bit late: not only are chip + pin pretty much standard nowadays, and new means like contactless payment creditcards / nfc-payments are being rolled out now.
i really would love to see a one-card-for-all tho that supports chip + nfc, but my understanding is that card issuers are eager to ensure that this will not happen.
Coin looks great, I want to make that clear. No ifs ands or buts, I think it's a great product.
However - if you're looking for the future, I think I've got something interesting - feeless payments bank to bank by oAuthing consumers directly into their online banking. Completely secure - merchants never get the personal information, they just get paid. Better: I've built it, and we have beta customers. I'm posting a couple comments on HN to start the conversation, because anyone who cares about payments or accepts them online - I'm trying to talk. You'll be hearing more from me in the coming weeks and months - and it's going to be exciting. We're going to kill credit card fees, because we don't need them anymore.
If you want to talk, email me @ tommy@thecityswig.com and let's just chat. I'm not selling anything - we just need to know what hackers are thinking about payments. It's the most valuable info we can have.
It's a neat concept, but I just don't think this gets anywhere.
Dead in the water - as much as I would personally like to see them succeed.
The biggest problems here are security.
() Merchants will hate it since there is no physical imprint / swipe of the bank-issued card. This will lead to chargebacks in favor of the customer. So this alone kills this company/product.
() Banks might change their terms forbidding customers to create digital copies / clones of their card. As per card holder agreements, if you (or Coin) has ever read one, you don't own your card. You're fully bound by the terms of the agreement.
() There is the issue of PCI-DSS compliance. They mention they're "in the process of earning" it but this is a lengthy, difficult and _costly_ process ($100 k). They're using a loophole to ensure consumer peace of mind but this won't last at all.
() Adding a card seems flawed. You're asked to take a picture of the physical card after swiping to "prevent fraud" ok but unless Coin uses some advanced image processing/OCR to validate the card with the swiped data, you can take a picture of any card. So big fail here.
() Coin seems to access a cloud service. Another major reason that this simply isn't going to work. If you've paid any attention to the NSA situation within the past 6-months, ordinary/average consumers (not the HN crowd) are becoming weary of cloud/hosted service. Not to mention, Coin will never ever work outside of the US (or San Francisco for that matter).
Practical usability problems:
() Most users are totally fine with credit cards and big wallets. It's actually empowering to them. I spoke to a guy who loves the fact that he has every color Amex card! So in essence, this is geared towards a micro-niche of tech savvy SF/NY/LA crowd.
() Selecting a card by tapping the button - great. What if the waiter taps the same button? Or someone you're paying does? So many issues with this button here.
"We’ve designed the button to toggle cards in a way that makes it difficult to trigger a "press" unintentionally" -- yeah, well most of the time, credit card fraud is an intentional act. What a stupid response. And quite frankly, offensive to anyone with half a brain.
() The obvious issue of losing Coin and losing everything. People like backups. It's a mindset.
() Battery issues with digitizing a non-battery product (credit card). Be in no doubt that more than half of users will forget to charge their credit card (as if we don't have enough things to charge). So you'll see people having lunches and presenting a dead Coin. And since you don't have any plastic, well, now you're screwed.
Products are supposed to make life better, easier, more intuitive.
Conceptually, it sort of makes sense. But the execution is flawed in so many ways.
You're being sold a product that now requires more steps than you did before. And that is the killer fellow HN'ers.
I don't want to have to sync, take photos, select a card by pushing a button, make sure it's within range to my device, update the app when needed for it to work, deal with merchants who won't take it, CHARGE my credit card (!), deal with issues because I tapped/selected the wrong card - vs - take out and swipe. Done.
If you've paid any attention to the NSA situation within the past 6-months, ordinary/average consumers (not the HN crowd) are becoming weary of cloud/hosted service.
Quite the opposite. The HN crowd is becoming wary of cloud services, ordinary/average consumers aren't even aware of the NSA relevations.
Anyone with half a brain knows the NSA and other agencies have been capturing data from telcos for decades. That's the nature of their business. And frankly, given the world we live in and the amount of sick fucks roaming the land, I don't blame them for doing some intelligence work. PRISM, MUSCULAR and whatever else we don't know of (yet) are without a doubt abuses of power and they have simply gone way too far. So this is wrong and needs to be changed. But the Internet will never be the Internet of the 90s.
Companies like AT&T have dedicated rooms for the NSA with spliced fiber to dumb daily terabits of data to. For decades. This is nothing new.
with regards to payments and consumer awareness of breaches and security issues, well, consumers today are becoming more AWARE of these facts brought on primarily by the Snowden leaks. Sure, a lot are still clueless and that won't change but there is still an inherent reluctance to trust new products/services/technologies especially when it comes to banking and finance.
The status quo are not early adopters. Never have been, never will be. The mainstream products are the success. When you sign up for an Amex or a Chase card or whatever bullshit they're selling on TV, they sell a sense of security, confidence, TRUST.
The problem with a startup like Coin (aside from the dozen or so issues mentioned above by me and a few others reading the thread now) is a narrow focus. They aren't really solving a problem, rather they're creating many more.
They've created a product that a handful of people in the SF Mission district will use to buy a $7 coffee and a croissant while they Tweet about it (from the Coin app hopefully). But this focus forgets the rest of the world (which is a big and lucrative place).
I think this is the problem with a lot of Bay Area startups. They're so caught up in the YC dinners, the SF startup scene, the networking, and the conferences that they limit their focus to a very narrow audience.
I agree with many of your criticisms (made a few of the same in another comment), but you missed a few points in their favor; looks like you spent a lot of time on this rant, it would have been good to spend a few minutes reading their FAQ and watching their video to make sure your criticism were valid.
Adding a card seems flawed. You're asked to take a picture
of the physical card after swiping to "prevent fraud" ok
but unless Coin uses some advanced image processing/OCR to
validate the card with the swiped data, you can take a
picture of any card. So big fail here.
Why do you expect them not to do image processing and OCR? Credit cards have standardized, highly OCR-able fonts. I would be very surprised if they didn't OCR it.
Most users are totally fine with credit cards and big
wallets.
I'll have to disagree with that. There may be a few people out there who appreciate the physicality of the cards, but based on personal experience, I'll bet a lot more would love to streamline it. In fact, I would love to not carry a wallet at all, just maybe a billfold and a single card or my phone. The problem is this doesn't go far enough; it only eliminates a few cards from the wallet, it does nothing about all of the health insurance cards, rewards cards, drivers license, membership cards, subway cards, etc that clutter people's wallets.
The obvious issue of losing Coin and losing everything.
People like backups. It's a mindset.
According to their video and FAQ, the cards are backed up to your phone. If you lose it, you can just get a new one and transfer your cards to that. And your phone will warn you when you lose it. Actually, one of the big draws are those two features together. Much less anxiety about leaving your card behind.
Battery issues with digitizing a non-battery product
(credit card).
They explicitly state that the battery is non-chargeable and non-replaceable. You don't charge it. According to their usage model (which includes much heavier usage than I use any of my cards, I generally use a card once or twice a day, maybe 4 or 5 times on a weekend), it will get two years life.
While I share the same concerns about privacy, compliance, card not present, and so on, I feel like you went out of your way to pick out problems, ignoring several things that were obvious from their FAQ.
> there is no physical imprint / swipe of the bank-issued card.
I think you're mistaken. There is a swipe. It perfectly mimics the magnetic strip of the bank-issued card. The issuer wouldn't even know you didn't use the real card.
It wouldn't work for physical imprints, but neither does my Chase Sapphire Visa card. Point being even card issuers are comfortable EOL'ing physical imprints at this point. And it's not used for anti-fraud these days (real-time authorizations of swipes have replaced that); it's just a backup for when merchant systems are down.
It's about losing all of your cards when you lose one. And most people aren't going to spend money ($100) on one - yet alone TWO - cards vs. the free cards they get from their banks 24/7. If I lose my Amex, I can walk into an Amex office and get a free card in under an hour. Or have it overnighted for free.
This is purely anecdotal: every time I have lost one card I have lost all of my cards (because it's when I lose my wallet or the bag my wallet is in). In this case I'd be able to go home and grab my 'originals' and use those as my backup cards.
Maybe I'm missing your point. You don't lose the ability to get a new card quickly with Coin (i.e., Coin gets stolen, cancel cards and Amex will send a new one), you just don't gain the ability to get a replacement Coin.
"So in essence, this is geared towards a micro-niche of tech savvy SF/NY/LA crowd."
I disagree. I sent the Coin video to my technology phobic parents in the midwest. They are hesitant to use most smartphone apps and online banking but they were really excited about Coin and could see themselves using it. It really appeals to them that 1) it's only slightly more complicated to use than a regular credit card (whereas, say, online banking requires you to learn a relatively elaborate user interface) and 2) keeps them from having to actively worry about leaving a card or wallet behind.
When you make a user interface a slight variation of something the user is already very familiar with, you can draw in the less tech-savvy because it's less intimidating. It's the same reason why my parents are avid Dropbox users but it's hard to get them to try new web apps.
() Battery issues with digitizing a non-battery product (credit card). Be in no doubt that more than half of users will forget to charge their credit card (as if we don't have enough things to charge). So you'll see people having lunches and presenting a dead Coin. And since you don't have any plastic, well, now you're screwed.
Clearly you didn't read the site. Maybe you should pay more attention to things you criticize.
As someone who's been actively involved in engineering Bluetooth LE devices, believe me, with constant daily usage, it will NOT last 2 years. There are so many factors involved with BLE, not just limited to usage, but with respect to range, environmental conditions, etc.
What's your point? None
I actually forgot to add something to my original critique: if your device (iPhone) dies, and Coin isn't authenticated you can't use your card(s)!! Haha
Can't believe I missed this. There's another bullet of flaws to add.
Their FAQ is vague and doesn't really answer any questions, especially the important ones. They attempt to give clever and confronting responses to serious questions and most people can see right through that. Comments on their FAQ like "Should last" and "a lot can happen between now and Summer 2014" - get out here. If you want customers to pay (a premium) for an experimental product - be concrete and firm.
Q. How do you figure that a Coin will last 2 years? What constitutes
normal usage?
A. Here’s how we modeled typical usage. On a daily basis, we assume
you’ll toggle which card you want to use and swipe your Coin 10-20 times
a day. In addition, you may adjust which cards you want to store on your
Coin a few times a week. Initially when you’re getting to know your Coin
you will likely be syncing often. Over time we find that most people
sync much less frequently once his or her cards are on a Coin. If you
swipe and sync more frequently on a consistent basis, your Coin’s
battery will drain more quickly.
'() Merchants will hate it since there is no physical imprint / swipe of the bank-issued card. This will lead to chargebacks in favor of the customer. So this alone kills this company/product.'
Apparently this criticism is not valid, since physical imprints / swipes are rare in Europe.
> () Merchants will hate it since there is no physical imprint / swipe of the bank-issued card. This will lead to chargebacks in favor of the customer. So this alone kills this company/product.
Yeah I know right, this is why I can never buy anything online, oh wait.
> () Banks might change their terms forbidding customers to create digital copies / clones of their card. As per card holder agreements, if you (or Coin) has ever read one, you don't own your card. You're fully bound by the terms of the agreement.
The bank that does not enforce these agreements will have my business. Bring it on.
> () There is the issue of PCI-DSS compliance. They mention they're "in the process of earning" it but this is a lengthy, difficult and _costly_ process ($100 k). They're using a loophole to ensure consumer peace of mind but this won't last at all.
Every startup has to start somewhere.
> () Adding a card seems flawed. You're asked to take a picture of the physical card after swiping to "prevent fraud" ok but unless Coin uses some advanced image processing/OCR to validate the card with the swiped data, you can take a picture of any card. So big fail here.
I've used the camera to accurately scan my card data into 3 different apps in the past week.
> () Coin seems to access a cloud service. Another major reason that this simply isn't going to work. If you've paid any attention to the NSA situation within the past 6-months, ordinary/average consumers (not the HN crowd) are becoming weary of cloud/hosted service. Not to mention, Coin will never ever work outside of the US (or San Francisco for that matter).
Just... stop.
> () Most users are totally fine with credit cards and big wallets. It's actually empowering to them. I spoke to a guy who loves the fact that he has every color Amex card! So in essence, this is geared towards a micro-niche of tech savvy SF/NY/LA crowd.
You talked to one guy who loves that he has every color Amex card, and then came to this conclusion?
> () Selecting a card by tapping the button - great. What if the waiter taps the same button? Or someone you're paying does? So many issues with this button here.
I've had my card charged twice before, so what you are telling me is that the same thing that happened to me before might happen to me again? Thanks.
> () The obvious issue of losing Coin and losing everything. People like backups. It's a mindset.
You mean like how people lose their wallets?
> () Battery issues with digitizing a non-battery product (credit card). Be in no doubt that more than half of users will forget to charge their credit card (as if we don't have enough things to charge). So you'll see people having lunches and presenting a dead Coin. And since you don't have any plastic, well, now you're screwed.
So once every 2 years, I might have to ask my wife or a friend to pay for my meal at a restaurant, and I trade that for the convenience of not having to carry a wallet? Where do I sign up?
> Products are supposed to make life better, easier, more intuitive.
If everyone was using Coin, and then you introduced me to the concept of a wallet, it would be downright laughable.
iPhone only, no chip and pin, won't work with any cash machine in the UK, no apparent protection against people skimming random cards (I'm suddenly very suspicious of anyone putting my card anywhere near an iPhone) AND it stores all your card details on their servers for no apparent reason?
"Q. Will my Coin work outside the U.S.?
A. Not in all cases.
U.S.-based customers: Coin will work overseas, but we recommend that you bring a backup card when you travel.
Customers located outside of the U.S.: Coin does not support EMV yet. If the country you live it requires it we recommend holding off your purchase for now."
Swipe, click-to-switch, swipe, click-to-switch, swipe... Why steal one card's data when you can copy the whole wallet? :-) Or, run one card but take down the information for another.
It also appears that the Coin is programmed over Bluetooth. Why bother swiping to steal when you can run a smartphone app and take all of the cards on all of the coins in range?
If this takes off and fraud goes up, credit card companies will drop the discount vendors currently get by swiping. Maybe vendors that currently swipe will start entering CVVs? Will Coin then start storing CVVs per card?
Vendors might refuse to accept Coin in the first place (there's already a comment here from one who won't). Or credit card companies will have Coin outlawed as a counterfeiting tool. I can see how this seems like a good idea, but I don't think it will work out.
For some reason, all the cards I keep in my wallet get destroyed. I have a decent leather wallet but they still crack and chip and the paint rubs off. I don't know if I want that to happen to a $100 device.
Does this happen to anyone else? It has happened with the last two wallets I've owned.
I ordered the dev kit early on, got charged for it, now waiting anxiously to have it show up. Nice to hear they are moving along. I really think that something like this is a solid answer to some of the vulnerabilities in the current card system and for a subset of identity problems. My interest is in solving one such subset which is this:
At the time of account creation, create means by which both the web site and the user can prove unequivocally at a transaction later, that they are the same person who was there when the account was created.
Nothing about "who" they are, or "what" or "where", but just that the person or entity doing this transaction right now, is exactly the same as the person who created the account.
If I have to use this card, do I also have to have my cell phone with me all the time? If I go downstairs to get a Bagel in the morning, I need to take my phone, or else no Bagel for me? And it seems from the "Iphone will alert you using Bluetooth" facility, that I need to have Bluetooth on all the time, which I normally do not, to save battery life (adds an hour or so on my Iphone4). To me this is a functional gridlock.
Does it also need to be connected to some data network or the other to work?
If I lose this Coin card, then is it same as losing all my cards? If my assumption is true that this needs to be paired with a phone always, then will it not be possible to nullify the card, using the app on the phone, in case I lose the Coin card?
How is this different from Wallaby Card? Is this a live product? My understanding is that the networks were not allowing such products. For example, Google and PayPal both planned to issue dynamic "wallet cards" but were blocked by V/MC.
I'm slapping my head and thinking "this is such a great idea, why didn't I think of that?". I'm sure lots of other people are doing the same, and it's a sign of a truly great idea. Congrats on launching!
In my case, I actually did think of this idea! Just never had the hardware knowledge to even know where to get started (and I was worried about the trouble it'd cause as card skimmers used it to easily clone cards - hopefully we'll learn more about how coin solves that problem). I'm mostly glad they're trying to make this a reality, because I'd really like to get rid of all these membership/point cards that stuff up my wallet.
Yes. This happens all the time to me. I'll sit and burn out my brain trying to think of problems to solve... and I can never think of any then I see this and I want to just bang my head on the keyboard because it's just.. so.. simple.
I think he meant that swipe-only cards are a dying breed(at least here in EU) and most places don't even take them anymore. If your card does not have a chip+pin system it won't be accepted anymore, even if it's a Visa or Mastercard card.
Well-implemented idea, as others have said. It's ridiculous that in 2013 I'm still carrying around a wallet full of junk (and keys but that's another story).
However this feels like an awkward stop-gap between the current card-payment system and online payments. I don't want to give a waiter a piece of plastic and get a little paper receipt back, give me some kind of abstracted account ID and I'll transfer you the money from my phone/laptop/smartwatch/glass (/whatever we'll all have by the time a new payment method is sufficiently penetrant to be useful).
It seems like this would be much more useful if the front and back of the card were OLED screens, or something similar, so that you could toggle the appearance of the card. I feel like that would solve most of the problems people are suggesting here - i.e., it could replace driver's license, photo id's, wouldn't be a problem at bars that hold on to your CC, etc. Personally, I'm going to hold off on getting this until there's some functionality similar to what I outlined above, because currently this could only replace 2 out of the 5 cards in my wallet.
There are some theft and risk concentration concerns, along with potential feature problems (accidental card selection change), but this would be great for credit cards rewards hacking- a lot of cards have different bonus areas.. 3x-5x points/cash back on different categories, like dining, gas, groceries, travel expenses, specific department stores, etc. This would easily allow you to maximize your rewards without having to carry around all the different cards. 2x-4x extra back means this will pay for itself pretty easily.
It's a neat idea, but what I'd really like to see is a way to use randomly-generated numbers as my credit card for one-time payments instead of handing over my full credit card details to an online store. I hear this is done by a few credit card companies now but I have yet to see it in Canada.
Coin could even take this idea one step further and allow you to store your credit card, but when you swipe their card it provides the merchant with a randomized credit card number useful only for a one-time purchase. Now that'd be cool.
I like this randomized credit card numbers idea but I don't understand how it would work?
How would the terminal know it's debiting your account?
Where would the authentication take place?
Where would the randomization take place? And what would this be based on?
Credit cards are actually very simple in nature (and why there are billions of dollars of fraud occurring every year). It's simply an account number printed on a piece of plastic. But this account numbers is solely responsible for the transaction behind the scenes.
Who does this random number now? I've been studying payments for years and have never heard of this.
Presumably the idea is that the account number (i.e. credit card number) is randomised for each transaction - but still valid. So authentication etc. would happen exactly as it does right now. But that number would become invalid immediately after it is debited. That way even if someone intercepted the number they would not be able to use it in the future.
Obviously this only really works for online transactions that don't require a physical card - and even then introduces a ton of complexity to things like refunds. But the idea is interesting.
But this doesn't answer the question of how the terminal/processing system knows it's your account being debited?
The whole concept of randomization with payments (or anything for that matter with respect to authentication) is impossible. There will ALWAYS have to be some sort of static identifier in order for this to work. Common sense I think.
The idea is interesting but I'm not sure exactly what the idea is!! :)
If you have an AMEX and you randomize the account number on each transaction, AMEX still has to IDENTIFY your account with something? A name? A PIN? A unique ID? AKA an account number.
But this doesn't answer the question of how the terminal/processing system knows it's your account being debited?
It doesn't. It debits an account that is signified by the randomly generated account number. The connection between that number and your actual account would be done by AMEX/in the backend somewhere. In fact, the whole point of such a system would be that the terminal would be blind to it.
There would always be a static identifier, but the key is taking that identifier away from the end user. That's where the card details get duplicated.
If you're an issuing bank, then it's technically not that hard for online purchases - have a button on your netbank that will generate a new creditcard number (virtual card), show it to user and add it to your auth system - and block the number after it's used.
But IIRC the rules allow such virtual cards to be used only in online transactions, not for normal 'card present' sales.
This is very cool. However, in Jamaica where I live. An id is required to use a credit card, so they can check your name and your signature. Is there are way to displaying that info on the card.
I just don't think an ATM is willing to take the coin in, which makes it unusable for me. Also, here in Europe, the magnetic strip is hardly used anymore, as the (EMV) chip has taken over.
Dear downvoter , please tell me something innovative you did in life , other than throwing downvotes . What is happening to HN ? I work in a small start-up and I know what efforts it takes to build something instead of downvoting or discouraging.
Thats a sweet idea, i would really like to have something like coin.
The problem is that in Finland there is very few places that uses the "swipe" your card and sign method anymore. Back some 2-3 years ago it was a custom, but for security reasons (anyone can swipe a stolen card and sign it, the law does not require an ID unless the amount being paid is over 100 euros) it was abandoned and now you simply enter your PIN and that that.
Im not sure about other countries, but atm this is the norm in Finland.
America is so behind with payment systems. The rest of the world has chip cards and now touch-less payments. I am astounded to see that the US is still using magnetic strip cards.
A. In order for the meringue to peak properly we suggest adding a little lemon juice to the béchamel. This strengthens the mixture and prevents tragedy.
Nice execution. I saw several pitches for unifying cards while working for a VC.
As a consumer I have a few suggestions:
1. Make the card switch/activation button detect the fingerprint of the owner. (The merchant or waiter sliding the card could press the button accidentally and switch to a different card)
2. Show me that a tap-scanning tool can't take the data for all of my cards. (from hackers to accidental taps)
3. Can a magnet disable this card?
4. What happens if someone steals my coin? Can I disable it remotely with the app? Can it happen automatically?
3 and 4 were answered in their FAQ - a stronger than average electro magnet will break Coin, and Coin is automatically disabled when it's out of range of your phone.
This wouldn't work in the UK, we use chip and pin here. It's extremely rare these days to find a place that will swipe your card and loosely verify your signature.
Seems crazy that it only holds 8 cards. I'm not about to go through all this effort only to replace some of the cards in my wallet but not all of them.
About 15. And sure, most I barely use. But sometimes I want to use them and they're in my bag and not in my wallet. This would be a great solution to that problem for me if it could hold all of them.
I have a money clip, and only carry my most pertinent cards - ID, ATM, and CCs. The remaining cards, like reward cards or library cards, are in a tin can in my car - which I drive to wherever I'm shopping, and just remove the card I need. I can't imagine carrying 15+ cards in my pocket, especially if it is in your back pocket.
I carry around the following:
1 Debit card
1 Credit card
1 Drivers license (usually I travel with public transport, but I'm required to carry an ID by Dutch law)
1 Ov chipknip (card for public transport in the Netherlands)
1 Health insurance card
2 Loyalty cards for competing grocery stores (I attend both of them on a regular basis)
Even though Coin doesn't solve this problem, especially since it doesn't have EMV which is required in Europe, I'd love to have all off them one card. I have another boatload of cards at home that are rarely / never used because I never have them on me when I could use them.
So basically: very cool idea, needs some more thought for the european market though.
Yeah, pretty easy to just store all cards in the app and switch out the infrequently used cards for things like loyalty programs when you actually need them.
Isn't this back to front ... surely you need a trusted player and then you need Amex/Visa/Mastercard to be able to use that token (the credit card) to aid identification of a person.
So the card would be like Coin's but would have fixed credentials. Then when you open an account you'd provide your ID for the bank to register (or sign the registration with your public key); that account would be added to your card as an option.
Do they know that their logo very closely resembles Australia's largest investment banks? http://macquarie.com.au/
I know this oversight can happen and it sucks, but the two are in the same industry (Macquraie has a global presence and quite a substantial US one), so it might come under some sort of copyright infringement. Just a heads up!
of course with the exception of it altering you if you left it at home, however that is a bit creepy, and, well let's just say I won't be getting a coin for my wife anytime soon
It looks identical in scope and execution ... someone mentioned they did something at Amex like this 20 years ago, wonder if the patents have expired now.
I've always thought that the real solution for the "too many cards" problem is to get all credit card companies to agree on a card-less payment protocol that anyone could implement on any device. (And in the process, make all the transactions a lot more secure by using modern cryptography.)
Alas, I'm afraid that kind of disruption cannot be brought forth in a market context...
Simple looks like a completely different thing to me. It looks like a debit card connected to a fancy budget tool. It looks like a tool for people who have basic finances and need help to avoid overspending.
Coin looks like a device that replaces my existing cards, which is a problem I want help with. I don't want to close my business bank account or get rid of my credit cards, I just want a lighter wallet.
I'm a simple user but I don't see any % of this existing in my Simple account. If I've overlooked a glaringly awesome feature in Simple I'd be happy to find out.
Here is a part that I don't get. Do they actually change the magnetic strip on the 'coin'? Or does it have a fixed VISA number that is tied to your ID and owned by the 'coin' company. Then they just use the coin app and the timestamp of the transaction to know which card to charge in the backend.
That would mean the company gets a log of all transactions.
At Whole Foods they often want to see the back of the card to see the signature if the purchase amount is over $100. They most had gotten burned sometime in the past because I go to this Whole Foods in my home town at least 2/3 times a week and the checkout clerks know me and my wife but they still insist because sometimes we use different credit cards.
I wish your phone had some kind of a unique ID it could broadcast. Then you could take it to the bank and they would associate it with your account, then you could just use the phone as your card. You just hold it over the receipt thing and push a button on an app and boom done.
Now if you could get my phone to be as slim as that Coin that would be pretty sweet too.
Seems cool to me, obviously a few flaws but not so much that I'm not thinking about getting one.
Question: what kind of BLE technology goes in a card that thin? Looking into some applications of BLE myself and I haven't seen anything like that. I'd love to know what's in the card and how I could build a similarly small bluetooth device.
While there are perhaps many issues regarding whether or not merchants will accept this product for payments, one thought occurred to me.
What happens when merchants/banks start offering the ability to make purchases using your smartphone? Doesn't that render this product obsolete? (if I'm not mistaken, you need a smartphone to set it up)
Wonderful! This is a great tool for restaurant service people to clone your card. I had my card cloned in a restaurant 2 times. Both times they were able to trace it to an employee who was cloning mag strips and selling them online. With this tool it's even easier! Awesome idea, if we lived in a more honest world.
A lot of cards also moving towards a smart chip implementations on cards. Also I carry 3 cards with me, 2 CC and a debit. Perhaps I am not the intended customer for this thing, I do like gadgets but my wallet is fine for now. Still a very nice idea. I would def follow up to see what happens after Summer 2014
wow, I think this seems to be HOT Topic, took a while for me load this.
I know of an alternative that I bookmarked a long time ago. Have just submitted a link to their landing page, they're practically doing the same, but allow more card types to be fused and it's a mini-computer. They were on the market much earlier than Coin and it looks very prestigious & elegant.
(A post, because I'm curious how the Echo is worse or better, without interrupting the Marketing of the Coin, on this board)
I am not sure how to think about this in general, but @nlh has really good points. I agree with him that he needs the imprints, but to be honest, those imprints don't guarantee security.
Sometimes swipe using one of my cards never works. It just does not work. Even if you swipe 10 times, it just does not work. Weird thing is this happens randomly. It may work just perfectly at the next shop.
If this happens with Coin then I guess I'm screwed and embarrassed.
What problem does this solve? After watching the video, their value proposition is: "my wallet is filled with cards, too many" - i.e. using one card instead of a few. Is it gaining popularity because of the technology, or because we're addicted to gadgets like this one?
Anybody else feeling uneasy about committing to spending serious cash immediately for a scheduled delivery 7-10 months away for something that could have many legal ramifications (with the associated delays)?
At $50/card, with anywhere from 5 to 15 cards, it quickly adds up...
What stops the person taking the payment from pushing the switch button accidentally or intentionally. Also I can totally see how people can steal your card, use the app to put it into their coin then place the card back so you don't know you've been robbed.
There's a reason HUGE banks with customers who have significant existing relationships (Citi Bank - Mastercard, Visa Debit, Heloc, etc) has not done this, don't you think? Not cause the love printing and mailing plastic....
Unless I'm missing something: if I lose my Coin card, ALL of my credit and debit cards are compromised. That's a showstopper. A thief could drain not just one account, but every account I have.
The way it looks is that it is connected to your cellphone via bluetooth or something of that sort (since it notifies you when it is out of range from your card). An easy solution would be for the card to auto wipe when disconnected from your phone, then re-download all the cards from the app when you reconnect. Problem solved!
Well if the coin can be deactivated when it's out of range, that would mean the coin has to be "smart" because it wouldn't be the phone app doing the deactivation but the coin itself. In that case, why couldn't the coin take extreme measures and just wipe its memory? Inconvenient for legitimate situations where the card is out of range and not accidental ones, but I imagine it's quick process to reload the coin with your card(s) data.
Just that it is much easier to do that - when you can set computer power to it locally. i.e. you can download all the credit card data onto your local hard disk and throw computing power at it....as opposed to trying to compromise a remote server that may be monitored.
0_0 This is one of the worst ideas I've ever seen. Yes, let's put all of my cards in one card so that if it's stolen, then all of my cards are gone. @#$%^ing brilliant!
Seems really cool technologically, but I just don't get it as a consumer. $100 so I can carry less credit cards that take up virtually no space in my wallet? What am I missing?
Im curious if Coin will capture my purchase data when I swipe. It's bad enough credit card companies sell my data...I am super paranoid about Coin doing the same thing.
this is pretty cool. I'm into having a thin wallet but there are a number of cards I need to carry around currently.
however, $100 is way too much for what is basically a very minor convenience. $50 is too much. For $20, I'd consider it.
from a business perspective, I wonder if they have deals with the banks. I wouldn't be surprised if they get slapped with some cease n desists just because the megabanks want their shiny pieces of plastic on display at all times.
This looks like one of those game changers that everyone says will never work. But then somehow they figure it out and change the world. VCs should be all over this.
Some merchants make you have to give over the card so the person at the register can type in the last 4 numbers. This won't work with that use case will it?
A company wants to have access to information about who I am as well as all of my purchasing behavior regardless of which merchant it is? Where do I sign up?!?!
Mastercard and Visa might be able to embrace the technology - adopt it as a part of their cards and allow people to add on store cards and such. They might then be able to capture processing info from all the other cards present too.
The big card issuers then are warranting the card as a token and allowing others access to verify the token holder. Seems like the way forward to me.
oh wow. Just a month ago I and a couple of colleagues were talking about this very idea and that this would be a great startup, though we dismissed it because none of us had any experience in this field and we were afraid of possible legal issues.
It's great to see that someone actually brought this to life!
Throw enough money and brains at the problems, and it becomes a thief's nightmare. They've already got a good start, it seems. The credit card industry already eats significant small-scale fraud, so if you can create a system that makes it harder, rather than easier, to defraud cards, the big companies will be all over it. And THEN there will be big, big money.
"Works like a debit card when you swipe it" - I'd probably get this if I wouldn't effectively be paying several hundreds of dollars per year for it in losses of credit card rewards.
As a merchant, however (which I am), there is no chance I would accept this. None. Unless the issuers (that is, Visa, MC, Amex) drastically change their policies, which I don't see happening anytime soon.
Why? Because the issuers are very clear about a few things: When push comes to shove and it REALLY gets down to it, unless the merchant takes a physical swipe of the actual card AND has backup to prove it (i.e. an imprint of the physical plastic), the issuers will side with a consumer in the event of a fraud dispute.
So why, do you ask, do most merchants not bother taking imprints of the actual cards? Because a visual verification and physical swipe is usually enough (for 99% of cases). Instances of fraud via card duplication are rare, so it's usually not worth the hassle. But in some cases, it is.
My business runs large-ticket purchases though CCs (average is $2000), and we take super extra precautions when our customers buy from us. We take magnetic swipes, visually verify, AND take physical imprints.
We've lost several chargebacks because of lack of doing this. You'd be surprised how these little-known rules crop up when you least expect them. "Sorry, customer claims charge not authorized. Merchant doesn't have physical imprint. Chargeback approved." It's happened and we've been defrauded out of $thousands because of it.
The ONLY way we've been able to successful combat chargeback fraud is through the multi-layered approach.
Anyway, I know this is a fairly esoteric perspective and my business may be different from lots of others where this isn't an issue, but I have a feeling V/MC/Amex aren't going to get behind this.