They say this supports chip-and-PIN, but I don't believe them until they explain how. If I have a chip-and-PIN card from my bank, the chip has an unreadable secret used to generate one-time cryptograms to verify the authenticity of the card. There's no way to get that secret onto my Plastc card. You'd need partnerships with banks to get a new secret the way Apple Pay does. Without those, this sounds like it'll be useless once the chip-and-PIN switch happens in a year or so.
From their website:
"Plastc Inc., this website and the products and/or services offered on this website are neither endorsed, nor sponsored by, nor affiliated with, the above-referenced banking/financial institutions and/or retailers. Each of Visa, Mastercard, American Express, Charles Schwab, Citi, Chase, Bank of America, US Bank, Wells Fargo, and Apple are registered trademarks of their respective owners and this website does not endorse or sponsor any such trademarks or their respective owners."
Interesting that the list of banks is nearly the same as that of ApplePay. I'm glad there are some forward-thinking enough banks willing to push technology forward.
Implementing Apple Pay isn't a technical feat. There's a standard for it.[1] As long as the banks let you access their token generation service, it's straightforward. However, I haven't heard of anyone other than Apple getting that permission. It'll happen soon enough, but the chances that these guys are the first seems slim to me.
I think it might be a bit of a misrepresentation. They will have their own 3rd party payment service ala paypal but you will be able to use the card to decide which payment method associated with that account gets used.
Just a guess! but it would avoid some pretty massive technical hurdles to international acceptance.
As far as the current public information goes, Apple Pay tokenizes your credit/debit card and uses that to pay, which means your bank processes the payment. Apple won't process the payments themselves.
The card connects to your iPhone (for proximity detection) perhaps the card accesses Apple Pay on your phone when making the transaction therefore your phone needs to be in your pocket while inputting the chip and pin? Just a thought.
My point was that there are banks that will never adopt new technologies, then there's the likes of AmEx, Chase, Wells Fargo, etc, who have now signed on to two different (and to a certain extent, competing) technologies that they don't have to adopt, only because it pushes the industry forward.
But yeah, they obviously found a way to implement ApplePay - hell, Apple probably did it for them.
Question is what exactly does "participating" means.
Banks generally hate anything that takes away their branding. Less sleek of this -- i.e. reprogrammable Visa cards -- have been around for a few years but banks never supported them, again because of branding.
It looks like it displays the logo, so it isn't out of the question for banks (now starting to be scared at being disintermediated) to maybe throw in some "support" (aka tepidly allow access). After all, apple pay also reduces branding (and Apple takes a cut), and threatens a lot of the industry as what you pay with becomes a minor manner (and also massively encourages a single default card).
Does Apple Pay actually reduce branding that much? I bet I'm not the only one who saw the Apple Pay demo and noticed that it displays a nice, large, full-color image of the card being used. Cards with a certain cachet, then (AmEx black, other high-end cards) will still be quite prominently displayed. Indeed, a backlit display might even make more of a brand impression than the physical card, in some situations.
I also am not certain that Apple Pay "massively encourages" a single default card. It looked quite easy in the demo to display multiple cards and switch between them. Looked easier than taking a card out of a crowded wallet and putting it back in, actually.
Eh, as far as default goes, it is another step; the second page of google results is easy to get too, but people don't. Part of what generates alternate card usage today is the messy wallet, sometimes the card isn't in the right place, or doesn't come to hand.
Also there are some practical in RL issues that come up with most NFC payment readers (namely a lot of the installed readers have short range, and awkward pad placement) which makes non default much less attractive.
As for the display issue, the issuers concern is that they are pretty limited as far as making things distinct. I mean hell, every card company is going to have black cards. There are no sideways cards, no premium materials, no metallics, etc. They have a relatively small image, which has to still look good even if cropped to lose the bottom 80%. Basically they get space for bank logo, card logo, and a non distracting background.
So if they are willing to give up on all that and a fee, it doesn't seem all that out of the question for them to allow their logos to be used on a flexible card, and (presumably) not pay a fee.
The transaction fees and 15% interest they collect on your charges is probably more important than branding, though, and they'll still get that with this.
Same for loyalty cards. Commercants are eager to give you a card or an app because the want to be seen all the time in your wallet/mobile and you have to carry it around. They probably wouldn't see the point if they're stored away in a virtual list.
That's exactly what I came here to say - if this can do chip and PIN, then can't we assume chip and PIN is broken? Cloning a mag stripe is trivial, cloning chip and PIN should be as close to impossible as is feasible.
Well in defence of Chip and PIN (and I can't believe I'm saying this), the exploits listed above take advantage of "No Signature" provided. This is where the card just gives the basic CC information -- same as what is on the front. The bank can see this and banks only allow small transactions to go through with no signature.
In the demo they buy coffee, etc. with it. You couldn't buy something more expensive with it because the bank would deny the charge.
NFC is similar. You can use it for small transactions, but not larger ones.
From their paper:
"We have observed variations between countries. While
cards from Belgium and Estonia work like British cards,
we have tested cards from Switzerland and Germany whose
CVM lists specify either chip and signature or online PIN,
at least while used abroad. The attack described here is
not applicable to them. However, because UK point-of-sale
terminals do not support online PIN, a stolen card of such
a type could easily be used in the UK, by forging the
cardholder’s signature."
Their attack uses offline PIN mode. This is further expanded upon in section III.
The simplified attack is such: Basically the PIN signed block doesn't get sent to the bank. Verification is only between the terminal and the card, and the card (or rather MITM hardware) returns a "all is well, transaction approved" message when in fact no such thing happened. The terminal doesn't go online and talk to the bank and verify the signed PIN block.
This is essentially misconfiguration of the merchant terminal that ignores the result of the PIN verification.
This is similar to when you tap a card to buy something. If the merchant system doesn't go online to verify it -- which it often doesn't for small transactions (<$10) then you can game the system.
Do they hold a unique token though? Here in the UK, I've definitely gotten "loyalty" offers printed with my receipt even though I've only ever used my debit card there and not a store card.
Depending on the system they can still get an account/card number. They shouldn't be storing it but...
They can certainly get cardholder names and that sort of thing though. Maybe they've figured out a way to generate a unique token based only on non-secure data.
It is. It's easy to see there are ways that cards and terminals can be set up badly. It also looks like there are ways that both ends can be set up correctly to get around most of the problems.
And cloning is still almost impossible. The largest risk appears to be copying card details which allows the fraudster to use cards online or in countries that don't yet have Chip and PIN. Personally I would like to see separate account numbers and details on the Chip compared to the main card number - i.e. you could copy some of the chip details but this wouldn't actually let you get anywhere because the number would immediately be flagged if it was found anywhere else. You'd then have another card number (maybe the one actually printed on the card) that you could use online.
Or perhaps we could just scrap the whole card thing for non-physical use...
(And I'm saying this as a guy who makes some of his money at this game)
EMV has been out in the wild since the late 90s. So far all the attacks I've read about (and some of them are very serious attacks!) are to do with the protocol between card, terminal and acquirer. None that I'm aware of has yet exposed a private key, with the possible exception of one that required an electron microscope.
They are famous last words, but in this case they seem justified.
They could be doing something else funny, like providing their own credit card info to the merchant via the chip and then just billing your credit card in the background, like how Google Wallet works...
If you pay attention to the video, the card sends a notification to the phone with the transaction amount & merchant information.
Knowing the transaction amount is not possible from the "sender" portion of a magstripe. You're simply handing over a credit card number. The credit card amount is negotiated over the phone/internet between the bank & merchant.
This means that the Plastc card likely has one hardcoded number that switches payments serverside. Similar to the Wallaby card or Google Wallet card.
This works perfectly fine with chip & pin. The merchant charges the Plastc card which in turn forward the transaction to the correct bank.
From my careful reading of their released material this is how I think they are doing it:
They clone the magnetic stripe part of a chip and pin card and then have their own chip and pin layer that they put on top.
In the UK the only reason you can't use magnetic stripe is because no shops allow it (if they do then they are completely reliable for the authenticity of that transaction) - if you could add a chip and pin layer on top of mag strip data then this might work (would still require a lot of fiddling and as far as I can see transactions would have to go via platc like google wallet).
Plenty of shops still allow it in the UK (source: my chip broke), but hardly any employees know how to tell the till to swipe a card, so it's still difficult.
chip-and-PIN had a * with footnote at the bottom of the page:
"*Plastc card will be available to use across all participating locations and with all participating payments types following an over-the-air firmware update in 2015 to enable Chip and PIN and contactless payments."
Sounds like they are working on those partnerships.
That was my exact concern. Chip and PIN is kind of broken. Someone else linked to sources, so I won't. From what I remember researching about a year or two ago, was that one of the attacks on Chip and PIN was to generate fake transactions with the card. If you replay those transactions to a POS terminal in the same order, they will be valid. If you use the actual card before the captured transactions, it throws off the order, making the captured ones invalid. My guess is that this card is either taking advantage of this vulnerability, or making some kind of deal with individual banks.
> You'd need partnerships with banks to get a new secret the way Apple Pay does
If this is using the EMVCo tokenization stuff, which it is widely believed that Apple is using, I don't think they would have to partner with banks. They'd just have to register with a Token Service Provider.
One gap in my understanding is who exactly the Token Service Providers are. That article says the card networks are, but I guessed that the issuing banks were when I read the spec the first time. I'll read it again eventually, but if anyone actually knows, please share that knowledge.
I've been talking to Visa's tokenization team and several payments experts over the last few weeks about this exact topic. Currently, TSPs are only the card networks. In the future, the big banks and the payment processors will also take on TSP responsibility. It is unlikely that other actors will take on this role, given the requirements and players involved. The role that's more likely to allow for innovation is the Token Requestor role - which virtual wallet providers and e-commerce merchant / merchant processors can play a part. Even this role will require a decent amount of scrutiny in terms of the ability to identify the validity of a transaction, which is ranked on a 0-99 scale. Very interesting future for payments.
It's both. Issuing banks can generate the payment tokens, but often, the networks can "stand-in" for the issuer, and generate the token for them on their behalf (the same way that networks can stand-in and do authorization of payments on behalf of the issuer).
The way I can see this supporting Chip and PIN is if they find a way to act as an intermediate processor -
The chip contains an application for Plastc, this is (like Amex) always acquired by Plastc (and will probably then only be allowed at participating retailers). Part of the Issuer Private Data sent in the transaction is which one of your pre-registered accounts you wish to use. That account is then charged in the background. It would work a bit like a physical Paypal.
Because unless something major has changed, I can't see banks being keen to hand over private keys to third parties.
"Apple Pay" is not some new thing, it is EMV standard that is implemented by many "soft wallets" and this card will probably use this same standard to implement it
WRONG. It is part of the new EMVco standard, but has NOT been implemented anywhere but Apple Pay at this time. There was years of prep with the banks and Apple to get this initial implementation.
EMV® is a trademark dating back to 1999, and it refers to all of the specifications administered by EMVCo. The original EMV Specification (for chip-based payment instruments) is now in v4.3, with backwards-compatible EMV Next Generation Specifications in development. (http://www.emvco.com/about_emv.aspx)
EMV and EMVco are the same thing. It's the standard also implemented by RFID cards such as Mastercard PayPass and apps like Google Wallet.
EMV tokenisation is a new standard that EMVco published this year[0], which allows the person holding the card details to generate an entirely new set of card details which are essentially aliased to the original card details. The result of all this is that Apple don't have to store the original card details.
However, the standard can allow for other things as well - it can allow for users to generate a new token per-merchant which could be used online or in person. Or merchants could generate a new token from a customer's card that'll only be usable with that merchant for storage, thus standardising what the likes of Stripe do while implementing a significant amount of backwards compatibility with the existing system.
here's an explanation: *Plastc card will be available to use across all participating locations and with all participating payments types following an over-the-air firmware update in 2015 to enable Chip and PIN and contactless payments.
no sure why this is getting downvoted? It's right off of their website's fineprint... There was a time when an attempt to be helpful comment like this stayed at 0 in the worst case..
The ridiculous number of features on this card makes it really hard to believe that an unknown startup has the resources to pull it off in the form factor as thin as a credit card. Coin still hasn't gotten there yet (they claim it works at 85% of the locations they visited). Adding more features including wireless charging coils and unknown method for duplicating chip and pin makes me really skeptical that this will ever make it to market.
The microcontroller, smart card interface, eInk screen, bluetooth capability (including antenna), NFC (including antenna), and touch screen all seem reasonable and there isn't anything earth shattering tech wise (but probably a customized asic using off the shelf bits). Connecting this all together on some fiberglass or plastic substrate is hard, and expensive to tool for (I'd expect), but definitely possible.
The interesting bit is how they're fitting the battery and getting anything remotely like reasonable life. Even down in the single digit micro-Amp consumption range (typical for low power microcontrollers plus some resistive touch), a battery small enough to fit inside a credit card will likely only have a few mAh, at best. This will lead to needing to recharge quite often if the bluetooth turns on or eInk screen updates more than once in a blue-moon.
You really believe you can fit an eink display, a touch screen digitizer, a microcontroller, bluetooth and nfc on a card that thin and sell it for 155 dollars?
Yes. If the eInk screen uses the card plastic in place of the glass which usually backs such a screen, it can easily be thin enough for a credit card form factor.
Touch screen digitizing can be done resistively with overlaid wires over the screen. Their touch interface doesn't have to be super accurate, you only seem to touch in a few distinct locations.
A microcontroller is already inside every chip and pin card on the planet. They usually run Java. Yes, Java :)
Bluetooth is just more silicon to do the radio, not hard to stick it on the side of the microcontroller silicon or even have a two-die configuration with wire bonding between the dies. Go look at TI or Freescale 2.4 GHz radio+micro parts, same thing just there it's in a QFN or other solder-down package, but the dies themselves are quite small. A 2.4 GHz antenna is easy to fab out of printed silver or other printable conductive material onto plastic.
NFC is already in many credit cards for the whole "tap to pay" thing. It's just some extra silicon on the side of the microcontroller in existing solutions. Harvesting power from NFC is just some diodes and a resonant circuit along with loop antenna.
Realistically, such a piece of silicon plus the antennas plus the plastic card should only cost you single digit dollars in volume to manufacture. Adding an eInk screen like that is another couple bucks, at most. The $155 price point is probably so they can make back their up-front costs as getting customized silicon isn't cheap, nor is some of the development work they did to get all the features integrated.
If this concept takes off, I'd expect in 2-3 years that cards like this are issued by banks for free to customers. The cost of manufacturing really isn't that high.
EDIT: But getting enough battery packed in to avoid charging every day or two, that's really the novel part if they have real bluetooth operation.
These cards do not run Java, but CardJava. Yes the syntax may look similar at first glance, but it's a completely different beast with huge limitations.
Then - an antenna for bluetooth, NFC and for wireless charging? Combine those and you'll have issues. NFC requires a very small amount of 'wireless power'. Charging a battery requires a more serious amount. Having fried more than one NFC card here at work, I know how tricky it is to work with wireless tech. Good luck managing that.
There is no way this technology exists in the form-factor they're presenting or require. The dynamic magnetic stripe sure is possible, but not that small. You also seriously underestimate the cost of all this. For this to work, they need their own silicon - no way around that fact - which is very expensive, certainly because this is clearly not a product that many people will actually order. But from your pov, "just some more silicon" seems to be a walk in the park. I'm not aware of any e-ink displays avaiable with touch like they presented there. That would by the way need another separate controller. Oh look - more silicon!
This entire picture is not just a "couple bucks". It contains technology you find in current phones at an even smaller scale, with a much smaller target audience. Really - who is going to pay 155 bucks simply to have a plastic card?
To me it all looks like someone dreamed up an utopian payment solution for the US market and built a scam from it. It uses seriously outdated magnetic stripes which is irrelevant to most part of the world, and by the time it would actually be possible to make a stripped down version of this, hopefully NFC/EMV will have replaced this insecure mess and everybody will be paying with their phone.
Anyway - keep an eye on Cartes on 4-6 November - which is THE fair for payment related technologies. If it's not there, it doesn't exist.
Right, but it won't be credit card thin for the swipe, chip, or internalized readers. The problem isn't that the technology doesn't exist, it's that it exists in the right size format.
Even if it did somehow exist today, isn't it overkill to load this much tech onto a single card, when you can just generate one-time card numbers on the fly?
The only part that actually has to be as thin as a credit card is the part with the magnetic strip. Below that (where the screen is), it could be as thick as they need and still be swipeable. So they could shove the battery, charging coils, etc. behind the touch screen.
Not the case. For chip-and-PIN cards, the entire part of the card containing the chip needs to be inserted into a reader, as in this example: https://i.imgur.com/0nn5lpo.jpg
Many devices (ATM in particular) have motorised readers that swallow the whole card.
And the other poster pointed out correctly that for chip reading effectively 50% of the card needs to be that thin. You'd end up with a huge lump in the lower right of the card if you were going to play that game...
I'm pretty sure nfc can be passive, the e-ink display doesn't use energy when not changing, and the "touch screen digitizer" could just be a button that is actually a contact (i.e. most of the time the microcontroller is passive).
Also, you could make the card thicker in areas where it doesn't matter (away from the stripe and the PIN
You can't, actually. Consider things like the ATMs that suck in the entire card, or things like Metrocard vending machines that require you to insert the credit card in a slot.
Really good point. I doubt they'll ever[0] be able to put all that tech into a card that's actually as thin as a credit card that fits in an ATM.
But if they can do that, I want one, not to pay with, but for the programmable eInk screen with bluetooth connectivity (and touch? get real).
Then I'd hook it into my phone, that would somehow detect who is nearby/looking at it, reverse/stalk their social networks, local graph, location/environment context, little bit of magic, cold reading and random guesswork.
It would show exactly whatever they wanted/expected to see.
I'd have hacked myself a piece of Doctor Who's psychic paper.
I'm extremely skeptical that this will work as well: they say you can remotely lock the card which would require some kind of bluetooth polling to your phone at a pretty regular interval and I doubt battery life is going to allow for that.
Well, E-ink uses very little battery. The e-reader I use has to be charged only every other month or every month if I read more often. But then again this little card couldn't have a very powerful battery in it.
Also, the fact that their home page video features some poorly motion-tracked simulated display. That alone instills some fear in me that this is just complete vaporware.
Of course it is vaporware. They're trying to prove the market exists, sell the product up front, then go build it. Will it ever ship or be remotely as thin and svelte as this mockup? I'm guessing no, but if they pull it off, kudos.
No, it is the most important and hardest part. My point about it ever shipping or being as good as the promo video alludes to this. It's easy(ish) to create a slick landing page and quirky video demo, it's hard as hell to make a product.
Great point... Honestly it looks great but the feature set is out of this world. Wireless charging, NFC, proximity. I mean WOW. If they deliver on all of them and are hitting it all those targets lets get them to work on the manned mission to Mars.
Although the product looks very attractive, I doubt they will be able to pull it off. This line from their TOS should be a little worrying:
"We are engaging in a new industry, and there is no assurance that the products and Services will contain all of the characteristics set forth herein or in our marketing materials."
It was quite obviously either completely rendered, or rendered on top of an actual video. It felt like a plain commercial, with "cgi" added ontop of it for effect. I mean, no one expects little flying transparent windows to pop out the side of their card, do they? Of course not. So I don't think they were doing it surreptitiously, but merely to make a pretty "commercial" to sell their product.
Well, sure, but for a device that pushes some technological limits (a responsive touchscreen UI built into a credit card) I think seeing it in action is pretty important. So far all I know is what they want it to be like, which means little to me.
That explains how to screencap a real functioning app and composite it on top of real hardware that's otherwise running exactly the same thing. That is not what is going on here.
According to TNW "Plastc didn’t have a prototype for me to see during a meeting" and what they showed was a UI inside of a fake card.
I think the parent's comment still has a valid point. In the app demo it is more a presentation of something that we are presented how it is, the app. When we will download the app we will get what we see in the video, it is pretty and gives a realistic idea of the functionality makes the app pretty, but the app is still the same. On the other hand, the video in op's website is simply a fake as in it's not a real representation of anything concrete. It's a promise, a nice one, but still not concrete or real and we all know that the end product might end up highly different from the promise.
But it also makes it tempting to make the interface appear much better than it actually is. If you're faking it to "make it legible," heck, why not just make it looks really nice as well? Companies like Apple have gotten in trouble for faking their interfaces in advertisements.
What need does this address? Are cards taking up too much room in people's lives?
This solution doesn't reduce the height or width of the encumbrance at all, and reduces the depth only by n*.76mm, where n is the number of cards that will be replaced. I don't get it.
I have a lot of cards. Between gift cards, loyalty cards, and credit cards, I have at least 20-30 that I'd like to carry on me. I end up leaving cards I don't use every day in my car (and am always paranoid about the valet as a result). I use a KeyRing app for loyalty cards, but it's a pain and requires me often typing numbers into things. I often find myself in a Starbucks, realizing I left the Starbucks gift card in my car. Etc.
This would let me get away with a much slimmer wallet and is therefore quite convenient. If it works.
I don't get how you can end up with so many cards, it's seems like a very american problem. I have 5 cards in my wallet:
* Debit card and a Visa credit card: both with chip&pin and allowing me to do secure transaction on the internet
* A public transport card: RFC, also allow me to rent bikes
* An ID card, also with a chip&pin, allow me to sign documents and fill my taxes
* An insurance card which is not even a magnetic or electronic card, it's just a piece of plastic with my client number printed on it
And I don't really see why I should need or want more cards
I'm an American, and I have no idea how someone ends up with that many cards. I carry two: my credit card and by debit (ATM) card. I could easily leave the latter behind, since I very rarely use, but it feels prudent to keep it with me in case I need cash in an emergency. Beyond that, I could understand having a single company credit card if it makes sense for your job (it doesn't for mine).
For gift cards, I suppose it would be nice to have those all aggregated, but I do very little brick and mortar shopping, and virtually no impromptu brick and mortar shopping where having a library of loyalty cards with me at all times would be useful.
The same applies to loyalty cards. I do have a Macy's card, but they can just look that up for you at the store, so I don't carry it. I've probably lost the physical card.
I'm am American. Lets talk about cards for a bit, then?
I have a debit card, a credit card, a student ID that doubles as a payment card and rfid to get me into work. I also have a second rfid card for another building on campus that isn't part of the network, because apparently doors aren't on the internet yet, and a car insurance card that's basically a small slip of paper. That's my everyday wallet carry.
I also carry some keys: 3 for work, one for my car, and one for the apartment. I also have some loyalty cards on the keyring, for grocery shopping, and for the public library.
I also have several cards I leave at home: a debit card that's only for medical expenses paid out of my HSA, a visa gift card from the grandparents, a debit card from the local credit union (which I signed up for because my online bank didn't accept checks at the time and I needed to deposit my first paycheck), a different credit card I don't use often because the cashback is crap outside a narrow set of rotating categories (but can't close because it's also my oldest credit account).
I'm am American. Lets talk about cards for a bit, then?
I have a debit card, a credit card, a student ID that doubles as a payment card and rfid to get me into work. I also have a second rfid card for another building on campus that isn't part of the network, because apparently doors aren't on the internet yet, and a car insurance card that's basically a small slip of paper. That's my everyday wallet carry.
I also carry some keys: 3 for work, one for my car, and one for the apartment. I also have some loyalty cards on the keyring, for grocery shopping, and for the public library.
I also have several cards I leave at home: a debit card that's only for medical expenses paid out of my HSA, a visa gift card from the grandparents, a debit card from the local credit union (I signed up for because my online bank didn't accept checks at the time and I needed to deposit my first paycheck), a different credit card I don't use often because the cashback is crap outside a narrow set of rotating categories (but can't close because it's also my oldest credit account).
Well I have no fewer than 4 checking accounts. I have a debit card for all them. I don't use any of the debit cards except at the ATM once in a while so I could probably go without three of them on my person.
Then I have 4 credit cards.*
That's 8 cards right there. Then I do my shopping at 3 different grocery stores, so they all get their cards. 3 because I take advantage of the sales at each and the selection. One doesn't have some of the stuff I want but the others do. This is pretty common, I know if I want a particular product I have to go to a particular store to get it. I go grocery shopping probably 3-4 times a week because I only buy enough stuff for 1-3 meals. This is to reduce waste. Less often shopping leads to food waste for me.
Sure they can look me up, and I used to not carry the grocery store cards, but I find flashing the card about 1000 times more convenient.
We are up to 12 cards.
I have to carry two IDs, driver's license and US GOVT ID. Card count 14.
Then I have a drugstore card that I use to get "points" for filling my prescriptions. These points are really worth it - you cash them in for merchandise and they are very generous with them. While they have ALL MY INFO (after all, they need it to fill the prescription) but about 70% of the time they want my card, I don't know why. It is just a billion times easier to have it on me.
Card count 15.
Library card - card count 16.
The rest are just random rarely used loyalty cards I don't need to carry but at this point why not carry them?
I don't get gift cards.
People ask why I have so many checking accounts, and it is to better manage my money (for example, I get just enough of my paycheck auto deposited to cover automatic withdraws and put that in a separate account so I know that's my "no touch" money) and take maximum advantages of all the rewards and benefits of each card or bank account.
I don't find any of this that daunting. When you already have to carry a few adding a few more isn't that big of a deal. I don't really have a problem with carrying these around and I prefer separate cards to some "smart card" that is some electronic thing to charge and break.
*I want to mention even with 4 CCs I don't have any CC debt.
"Everyone" is a far stretch. More like "people who like to (or don't mind) managing their finances at a finer level and also don't spend above their means."
Which is maybe 35% of the American population.
Some people are just fine not bothering with credit cards because convenience/simplicity/ease is more important to them. It's all about individual preferences and priority.
You could also easily have 5 store credit cards (J. Crew, Banana Republic, etc.) for extra discounts, a few gift cards you haven't spent yet (Starbucks, Best Buy, etc.), an extra 3 credit cards (they have different promotions), a handful of loyalty cards for discounts (a couple supermarkets, three or four coffee shops, a couple of restaurants), various forms of ID and access cards (company, school, gym, apartment complex front door)...
You can see how it adds up. The reasons for almost all of them are discounts or extra value. Keeping track of all these cards and carrying them around could easily save you several hundred dollars a year if you're willing to do it.
I've never seen one of those gift cards in plastic forms. This seems indeed to be very american ;) Every gift card I ever got or bought was just a piece of paper. And my only store loyalty cards are actually from the US (although they exist here as well).
Here they are much more commonly plastic. They look like a credit card and are on display at stores. It is just a much nicer presentation for a gift than a piece of paper you printed. It's also more convenient to hang onto. It doesn't have to be folded and get beaten up in your wallet when you don't use it for 2 months.
The only time you have something printed on paper is if you got it off a credit card rewards site for the most part.
In America, almost every store has its own loyalty card. Some places (God bless 'em) just let you use your phone number but most require you to have the card. There's 10 right there, easy. Everyone shops at a couple different grocery stores, a drug store, home good store, etc. Clothing, restaurants, gym. It adds up.
Then there's your driver's license. Health insurance. Car insurance.
On top of that credit cards. You're a fool if you don't have a few different ones, because they have rotating reward categories that give you bonuses. I bet a get a few grand a year that most people don't. But even still, I only have 3. And 1 ATM card on the off chance I ever need cash.
Plus gift cards. On the one hand, you don't want to carry those on you all the time. On the other, you'd often use them impulsively so you can't just leave them at home.
It adds up quite easily. It isn't that I want to carry all those cards. It's that I get substantial rewards for doing so.
Add in a driver's license, three more credit cards to take advantage of various bonus point offers which depend on what and where you buy things, a corporate credit card, corporate access key car, and three loyalty cards for the supermarkets where you shop most often. Now imagine you have a birthday party and your six of your friends give you gift cards to various stores and restaurants.
I've been minimizing my wallet, but still plenty of cardboard buy-5-get-1-free coffee cards somehow make their way into it. It really depends on the individual. In any case, I think that the idea of this one-card-to-rule-them all is wonderful. I realize it is wishful thinking, but I want to see them pull this off.
The only extra I can think of is gym card. I carry 4 cards. Gym, ID, credit and transport card. Don't see why you need credit and debit card? What's the difference?
Gift card for restaurants? It's that seriously a thing? What message are you supposed to get when you receive one, "I would like to offer you dinner but can't spare one hour to eat it with you"?
Yes, it's an American thing. In the US every retail entity that you interact with will offer you discounts to scan a plastic card in addition to your credit card (it allows them to trend you as a consistent customer for their data modeling, send you targeted advertising, and so on).
If you want to take advantage of these discounts, you build a significant stack of plastic.
This really is something I don't get. I have a pretty busy digital and real life, and I really can't think of having more than a couple of CC (one Credit, one debt), an EC Karte and maybe a couple of cards for gym membership and (in this very moment) H&M giftcard.
Even Apple Pay strikes me as a solution looking for a problem. Maybe that's a fundamental difference between the U.S. and Europe, but I really don't get the gist of all this "scrape the huge heap of card crowding your wallet" excitement.
After reading this thread I'm starting to think European companies use plastic far less than American ones. All I can say is live here for a year and you'll understand.
There are apps, like KeyRing, which I use. The problem is unless the merchant has an optical scanner (many are still on laser) they can't scan your phone. So now you or the cashier has to type in a 12 digit number. If it's the cashier, you have to hand them your phone. It's annoying.
But would you be able to find/remember all those cards if they were stored in this thing? Isn't it the pretty plastic and embossed pictures that scream "Barnes & Noble"? Would burying that inside a Plastc mean you never used them?
It serves the company's need to insert itself into the financial data stream. You know the story: "It's a $2 trillion industry - imagine if we just captured a fraction of that! Step 3: profit."
For users, this must be some retro fad jumping the gun. Given the value of the transaction data going through this thing, it should be free at worst.
Yeah, there's potential to use a device like this to build a service like Simple or Moven but without the need to force users to open a new account with you just to get the necessary data. They even showed the instant feedback alerts in the demo video.
I think this improves things, but I don't know why the focus isn't on a phone, which people are already carrying. In an ideal world, everything else I carry in my front pockets and wallet could be handled by my phone - keys, money, business cards, receipts, credit cards, loyalty cards, ID, etc.
It seems pretty solidly in the "luxury" column. This is particularly clear if you take a long view. It's likely that all physical credit cards are on their way out in favor of digitally distributed credentials. CC companies like you flashing their cards, but not as much as they like lowering fraud.
That being said, it's certainly attractive. If the 'bubble bursts' (whatever that means), I expect this is the kind of start up that will be first against the wall. Just remember frivolous != worthless.
For me, the remote-wipe ability is a killer app. Currently, when I lose a physical card, I have to go through a painful get-a-new-card procedure that involves going to my major websites and giving them my new card #.
With remote wipe, when I lose my card I just remote-wipe it and order a new one. Also, this card will warn me when I'm too far from it so I won't be as likely to leave it behind.
We're working on this exact headache, and we believe it's a killer app. Plastc can't solve this problem for you - the moment your card is swiped or entered into a merchant form, it's vulnerable to being stolen and can't be solved with a "remote wipe." What's needed is the ability to make payments with multiple numbers. To silo your merchant relationships and restrict how a number can be spent. And to also to deactivate your physical card when you're far away from it. Never go through a painful get-a-new-card procedure again. We're called Final, and we're launching tomorrow. We'd love your thoughts.
The big problem with debit cards is if you get it stolen then your money is taken. Sure you'd get it back eventually, but until them you don't have access to your own money and can't spend it.
That's weird. I live in a country where 95+% of all payments are done with debit cards, and I don't know anyone who ever had a problem with fraud.
Maybe debit cards are a bit better at security than "oh let's copy this number and put a fake signature on a piece of paper"? Even the mag-stripe version of our payment system that we have had here since '79 required online PIN verification.
n is big, and depth-millimeters count for a lot in pocket world.
If you're a lady wearing jeans, this could make the difference in whether you need to bring a purse.
For me, it makes the difference re: whether I need to carry a wallet at all, or whether I replace it with a phone case that has a pocket for this and my drivers license.
This and Vessyl feel like the harbingers of Silicon Valley doom. Products that solve no meaningful problem and cost orders of magnitude more than their 'dumb' alternatives. A waste of good brains.
Their argument that knowing your hydration quotient is more important to fitness & wellbeing than knowing your calorie intake should get them pummelled. I don't care if they have an MD on their staff.
For a start if you care about health & fitness to a degree at all you simply wouldn't drink Red Bull, beer to any amount that it makes a difference. If you do it will be in a binge scenario.
I also use the same technique in debate by dealing with likely criticism by mentioning it and countering with a weak counter point. In this case that is the use of the app to enter drinks you would never pour into a horrid big bottle.
I also wonder about the tech they use to determine the liquid content. I'm gonna guess its not that clever. Using light analysis vs a DB of known drinks or something likely to be wrong.
My favourite part of the whole idea is that in order to get the data they say it helps you with, you'll need to carry your cup everywhere. To the bar. To bed. On vacation. Who would ever do that?
They are targeting women with this device. Look at all the marketing materials. Female main characters, a woman is in the facial recognition part, 'you shouldn't buy this for yourself, buy it for your female wife', clothing shops & restaurants, etc.
The women in my life would find this incredibly useful. Several popular iPhone cases can hold a couple cards. This product would allow you to carry your phone, ID, and every other card in one compact package.
Agreed. Besides the minimal space required by using separate cards, my bank will replace my cards for free whenever they break or the stripes go bad, which happens every six months or so. Does Plastc do that?
In theory, this could enable one time use magnetic stripe data, which would solve many security problems. I could get this instead of waiting until all merchants support chip and pin (which is never going to happen in the US).
>I could get this instead of waiting until all merchants support chip and pin (which is never going to happen in the US).
It's going to be supported unless the merchant is happy eating fraudulent charges, which will make them a hotspot for people committing fraud. There's various dates for when that liability kicks in[1]. General trend is 2015 for PoS and 2017 for gas station pumps.
Credit card companies could incentivize merchants to do so by offering better rates on chip and pin, or by only offering worse rates without it the next time a contract is renewed.
I thought the same thing about the new Apple Pay. I didn't consider the process of "take credit card from wallet and swipe" to be a massive inconvenience that needed to be turned into an app.
How does actually commoditize banking products? It just reduces the number of cards that you may or may not have in your wallet, with may or may not be a real problem for a majority of people. My gut feeling as a tech guy with disposable cash is that this looks great and I'd love to have this as a cool toy, but honestly it does not fulfill any real daily need for the mass market or for general good.
Whilst I wouldn't go as far as to say "never going to happen", I am fairly cynical about this and similar products like coin.
Not for any particular technical reason (although I'd be very interested to hear how they plan to make this work with Chip & PIN) but from a risk/liability perspective.
At the moment most banks that I'm aware of provide an online fraud guarantee and a credit card fraud guarantee, so as long as you keep your credentials secure, they'll pay back if you get defrauded (I know it's not quite as simple as that but for the purposes of this comment I think that'll do)
so the problem with this kind of product is that you're adding another company (plastc) to the trusted list, you're going to have to provide them with all the card details. So unless the banks agree to this not affecting your fraud guarantee, you'd be taking a real risk by using this solution.
For the banks to agree that there would need to be something in the deal for them, to compensate for the loss of branding on their cards and the additional fraud risk.
> loss of branding on their cards and the additional fraud risk
Loss of branding is a fair point, but I think this would reduce fraud risk. Automatically deactivating itself when lost or stolen more than makes up for the risk of trusting Plastc.
Possibly although the attack surface of this kind of solution is quite a bit bigger than that of a traditional card. Introducing complications like smartphone apps and increased complexity of programming on the card itself, has quite a bit higher potential for exploitable bugs compared to a traditional Chip & PIN card.
I think most people in the market for something next-generation are going to be looking for more than just "how do I consolidate onto 1 physical card". They're going to want to fundamentally improve the payment system with a completely cardless, PIN-less (save for unlocking it once in the morning), wrist-based device.
Plastc is $155 and you still have to:
1. pull something out of your wallet
2. select a virtual card
3. enter a PIN to unlock it
4. share your real card number with the merchant with all the fraud potential that carries
5. sign the receipt or enter your card's PIN (another PIN!)
Apple Watch is going to leapfrog all that so hard.
- it lives on your wrist
- it stays unlocked as long as it's on your body
- you just tap, no signing or card PINs
- it uses tokenization so you never have to worry about stolen card numbers
- it does craptons more stuff than payments too
One advantage Plastc has is it will work everywhere right away while Apple Pay needs NFC terminals. But those upgrades are happening thanks to chip-and-PIN.
1) The process of selecting a card and paying appears to have many more steps compared to merely selecting the appropriate physical card and using that. Is the sell here something to do with security (not displaying the card number all the time)? Does this support temporary/ burner numbers?
2) I would like to know what target demographic, if any, that that ad was not intended to irritate.
The prospect of getting away without a wallet is exciting to me! If I could get down to just driver's license, this, and billfold, that'd be pretty cool.
I would pay 2x what they're asking if it worked like it's supposed to, and I could leave everything else behind.
But realistically, I think mobile payment systems are much more likely to succeed. Plus, I already have my phone with me anyway, and it doesn't seem too far fetched that it could provide all the info on my driver's license. So with that and widespread adoption of ApplePay (or whatever ends up succeeding in that space) I'm down to just leaving the house with my phone and whatever cash I want to carry.
And why wouldn't you want all your financial and government information sitting on a single computer, network accessible, and running gigabytes of random software, much of which uses the network.
> I think mobile payment systems are much more likely to succeed
It's not either/or. Something like this or Coin are essentially interfaces for what will be legacy devices. If it were either/or, then mobile payments would certainly be the better solution.
That's true, though I think once major retailers, gas stations, grocery stores and ATMs are accepting mobile payments, you'd be able to get by without any "legacy" forms of payment pretty easily.
The problem is doing this without compromising security. There are at least the following problems:
- Remote RF-based attacks on the card.
- Attacks on the phone app.
- Leaks at the point credentials are transferred into the card. It turns out that most chip and pin cards do not use a public key/private key pair, with the private key inside the card. Visa actually recommends against this. (http://usa.visa.com/download/merchants/bulletin-chip-recomme...) So getting the credentials off a chip and pin card is possible.
- Leaks from the servers at "Plastc".
- Customer liability beyond US law limits for bank credit and debit cards. (What if it's Plastc's fault? The bank blames Plastc, and Plastc dumps the liability on the customer, citing their "it's never our fault" EULA).
- The device is a great tool for "carders". Previously, "carders" using stolen credit card info had to make sure nobody saw them putting a white card in the ATM. Using a stolen credit card required access to convincing-looking blank cards and an embossing machine. Now, with Plastc, anybody with a list of stolen card numbers can easily create fake cards. At least if businesses are willing to accept Plastc cards.
The problem I have with this product, as well as Coin, is that seems to be far less convenient than pulling a card out of my wallet. Maybe George Costanza would get some use out of one of these, but I'm usually choosing between an ATM card or one or two credit cards. Plus, I don't need to worry about having my phone, charging batteries, electrical gremlins, &c.
All I'm seeing is an expensive ($155?!) solution to a non-existent problem.
Also, credit cards are simple, cheap, and robust. Most of them become pretty thrashed with a year or two of frequent use -- this thing would theoretically be used more than any single card; how robust will it be?
(And you'll still want a backup card in case it fritzes.)
Hmm, I thought this might be what Coin turned into but I see that onlycoin.com is still taking pre-orders for their all-in-one card. I get the consumer appeal but find the appeal for the banks less strong. I would love a one time credit card app where every time you swiped it, it changed numbers. And it seems making the card 'smart' like this could enable that sort of thing.
This is what we've wanted for a while, and exactly the product I'm working on right now. It's called Final. We can deliver one-time use numbers via our mobile app, and pay via NFC or our standard EMV card.
I met with one of the Coin founders and he had something really interesting to say on this topic. If apple-pay is successful it will disintermediate the banks from the money process/transaction. They are clearly not wanting this to happen and so are happy with things like plstc and coin.
Is Coin not even on the market yet? Hah, fancy — they started taking pre-orders almost a year ago. Would anyone pay $155 for a Plastic Card if they knew they wouldn't get it until October 2015?
What would actually be slightly lower in cost and leverage existing infrastructure better would be this Plastc card but remove the bluetooth, the touch interface, chip-n-pin, and the internal battery. Just have an app on your NFC phone and have it send the card data over NFC to the card when you want to use it. In this way you could just have an app on your phone which can work with the bank over the Net to generate throw-away numbers for every transaction.
Having any credit card number which you've ever used only usable for one single purchase would make fraud have to change to adapt. But you could probably sell such a thing easily today with all the recent loss of credit card number news. Granted, the vendor of such a card has to partner with a bank to enable this feature set, and then only a small number of people will want such a card as it imposes a new workflow for paying for things.
Yes. Keep all your financial information on a general purpose consumer computer accessible over the network, and never worry about the safety of your financial data ever again ;)
I already do this. Amazon knows my credit card info, so do many other merchants. If I'm doing any kind of mobile payments thing then my phone has access to my bank somehow, too.
My concept is basically just "mobile payments" but enabling it for locations where merchants don't have the infrastructure yet. The added benefit is every transaction has a different card number, so merchants who store card numbers and get hacked provides no benefits to the thieves. Granted, any of the mobile payments things should be doing this kind of security thru obscurity, but I have no idea if they are.
One of the costs associated with fraudulent card use is turning a set of number into a physical object. Several retailers will avoid the "Just write the number onto an existing card" approach by verifying that the last four digits on the card match the number on the magstripe, which increases the cost per cloned card by a reasonable margin. Using Plastc instead would break that assumption. It'll be interesting to see how merchants react.
But, more problematically, this answer:
> What happens if one of the cards stored on my Plastc Card is declined?
> The acceptance of any transaction has nothing to do with your Plastc Card. In this event, we recommend you contact your bank.
seems like a problem if the auth failure that comes back is one that requests that the merchant retain the card…
If I were a merchant, I would not accept one of these. Fraud claims always side with the cardholder, what do you say as a merchant? "Yeah, some guy came in with this black piece of plastic and a screen on it and I just swiped it."
It claims to support Chip & PIN (EMV) but I don't see how this works. EMV is designed so that you can't clone a card and in practice is it impractical to attempt to clone a card that uses EMV.
The only way I could imagine it would work is if you have the support of the bank that issued the card. However, I doubt any bank would agree to a scheme to allow a 3rd party to generate a clone of an EMV card.
Agreed, if they did it would seem that this is a card cloner's wet dream. Maybe I'm missing something but I just don't see how it is possible to support Chip and Pin without proving the system is broken.
I really like the idea, but at $155 this is a luxury item for people who have disposable income. Also, with the release of Apple Pay, I truly think eventually all brick and mortar businesses will support paying with your phone.
>eventually all brick and mortar businesses will support paying with your phone
There are brick and mortar businesses that don't even support credit cards. It could be a long time before all brick and mortar businesses support phone payments.
Hey, if I had my way, everything would have been star wipe. Scroll -> star wipe to next page. Scroll -> star wipe! Scroll -> star wipe! It could have been AMAZING.
Except the Automobile has already been invented in this case. NFC, Apple Pay, mobile payments. Mobile phone payment technologies will quickly make cards obsolete. In places like Bangladesh (bkash) and Kenya (m-Pesa) mobile has bypassed the need for cards.
Am I do only one having a huge (yet still growing) list of preordered and backed projects and waiting for their delivery? If I sum up the pending ones up, it's thousands of dollars. If I put all that money in the stock market and buy the products after they are on the market, and read the reviews, I'm sure I'll be saving money and not be worried that I'm getting schemed all the time.
The money in your savings account decreases in value with inflation, so that's not a risk-free strategy either. Maybe inflation-indexed treasuries are what you want, but those are also not risk-free!
Oh gods, that sounds like a horrible idea (the site is unavailable at the moment, so I can't see the list of features). Only slightly worse than the idiotic start-up idea that made the rounds two years ago, whereby all of one's cards could be combined into one (Oh goodie, if I lose one card, I lose EVERYTHING!).
It could be handy if when it runs out of battery it remains as the last selected card. Not sure if the re-programmable strips require a charge to hold their pattern.
Check out the privacy policy: https://www.plastc.com/legal
These guys expect to own every part of your information. Yet they still charge through the nose for the tech. Have your cake and eat it why don't you.
This is a either a future vaporware from naïve people or a straight up scam. Either way, I'm betting that before the tech will be good enough for this kind of product the Apple Pay and similar products will be ubiquitous - this is simply a faster horse.
I would assume the same thing, the problem is if I leave my wallet upstairs and take my phone downstairs (breaking the BTLE tether) will it also wipe? If so does it automatically re-load when I get back in range? If it doesn't auto-reload then it sounds like a PITA and if it does auto-reload it sounds like a security nightmare (Clone the BTLE MAC and get the victims phones to unknowingly push all their charge cards to your sniffer).
I turn my phone off in unfamiliar cities to save battery for GPS.
I turn my phone off at movie theaters and airplanes.
I rarely keep bluetooth on to save battery (I don't really use it save for once in a while) and I also quite often turn mobile data off unless I take my phone out to use it.
Sometimes it runs out of battery.
Quite often I keep my phone in a different room of my house than I am in, especially when it is charging.
Sometimes your phone breaks or malfunctions (hopefully not often).
You've just described the bigger startup/crowdfunding scene, my friend. Technology is religion these days - most people aren't able to penetrate the mysteries, and instead have faith in a positive outcome.
Unlike the scammers of Coin, these guys might have thought a bit further. Unfortunately this looks too ambitious. We have been making these kind of cards for years (for other companies) and know what kind of things you can cannot do currently; you can actually do this technically, but you'll be in a lot of pain getting this mass-produced. Let alone the things like patents, certification and adding 3rd party cards to it (oh the hell...); all politics & money. Good luck anyway.
Seems like most people who will opt for "payments 2.0" will just wait for Apple Pay and Google Wallet to be more mainstream. Especially with wearables in the mix.
I pre-ordered Coin and have signed up for the beta and while this card seems to be much cooler (and 3x more expensive) I feel like Coin has a better chance of making it to market. Their idea and product just seems more "do-able" than this.
It's easy to throw up a list of tech specs on a website, it's a lot harder to actually ship those features. I'm highly skeptical of their support for chip-and-pin. In my (uneducated on this matter) mind it seems like the ability to do this undermines a large security consideration with chip-and-pin. What's to stop a crook from swiping my card on his reader? Does this not just make it all the easier to clone cards?
Also the battery life is an annoyance. Not one that I couldn't live with (I look at my Pebble and Pulse battery levels every few days to determine if I need to plug it up at night) but Coin's approach to this problem seems cleaner. Coin was a reach for me, this is way out of what I would spend to "fix" this problem. Also as other's have said with Apple Pay entering the fray Coin is rapidly losing its appeal as neither Coin nor this card offer the consumer protection that Apple Pay does (like not giving them your real CC number).
Coin doesn't handle the chip and pin problem at all for the moment. Even they say that the next version of the card will work with chip and pin. As far as the battery is concerned, Coin will just stop working after two years. At least with this card, it will be rechargeable, even if I have to do it monthly.
My biggest concern would be pre-ordering anything like this for the time being. I was left pretty jaded with Coin promising for a year that they were running on time with shipping. Summer 2014 came and went and they finally admitted just two weeks after the previous update that they wouldn't be able to make it for at least another 6 months. Now this product is advertising a more advanced feature set to be released at around the same time. I wouldn't bet on it.
I too am jaded by Coin's delays (though after a year of Soylent delays, each one promising delivery "next month", I guess I should know better). As for the battery life I really don't expect to still be using the same Coin in 2 years. I imagine I will have an upgraded Chip & Pin version or just be using Apple Pay by then. I fear that all of these card-replacement solutions will be downed out by things like Apple Pay (I assume other companies will introduce competing services, and no Google Wallet is not a competing service IMHO). I might be able to get a Coin refund but I'm not a huge fan of pulling funding from them (even if it's only $50) and I still think it's a nifty idea. I'm still very much so looking forward to getting my Coin sometime in December (supposed to ship by the end of November), that is of course if they stick to that timetable.
I doubt that it actually supports Chip & Pin; it probably supports the kind where your card number can be read via those contacts, but still requires your signature to complete the transaction.
Another option is just proxying your card; their card has a valid chip & pin and credit card number, and when they process the charge, they pay for it by charging your actual card. If I recall correctly, the credit card companies don't particularly like this, but maybe things have changed recently.
How they will support chip and PIN? Will they need cooperation from the issuer? If not, then they need to clone the cryptographic keys inside the chip, and I thought those were supposed to be tamper resistant.
Which is increasingly important because that "far date in the future" of October 1, 2015 in less than 12 months away.
On October 1, 2015 "Liability will shift to acquirers for domestic and cross-border counterfeit fraud card-present POS transactions if the merchant does not have an EMV-enabled POS device."
Over the next year nearly all merchants will switch over.
I'm calling shenanigans after reading their specs.
Here are my reasons:
NFC + EMV secure elements are issued by banks and can't be reprogrammed. You can't switch between them on the fly. You can only house "multiple" EMVs if you can by some grace of god magic convince the different banks, and Amex to take your card to their facility and program it with their secure info and then give it back to you.
E-ink displays are WAY thicker than they can fit in there. They are also made on GLASS substrate, much more fragile than something you want to put in your pocket. If you looks closely at the video the e-ink screen is faked by CGI. It doesn't perfectly register in the same location on every frame. There is a shake.
Driving an e-ink display requires high bias voltage, ~+/-20V. Often done via charge pumps with chips such as TI's TPS65180 (http://www.ti.com/product/tps65180). The chip alone (minus PCB) is thicker than a credit card and therefore a credit card slot. The switching capacitors you'd need to generate the voltage would also be too big to fit within that footprint.
"E-ink displays are WAY thicker than they can fit in there"
No, I have in my pocket a PayPal Security Key: it is the same size and thickness and flexibility as a credit card, yet it houses an e-paper display: https://www.paypal-community.com/t5/image/serverpage/image-i... They have been on the market for 5+ years, so the technology is there. Plastc has a bigger display, but there is no doubt it can fit in a credit card because an e-paper display does not require that much supporting circuitry. See this guy who tore down the PayPal card: http://www.stahlke.org/dan/displaycard/
They have a full pixel display. They are different. E-Ink displays are 1.18mm thick per their spec sheet and you have to add some mechanically stiff backing to that.
Looking at a detailed photo [1] it looks like a STN segmented LCD but I could be wrong.
Incidentally, do you have a pair of callipers handy? Could you measure the PayPal Security Key?
I don't think it is the same thickness as a credit card.
I looked at more teardown pics. It is definitely a segmented display which is far easier to drive than an active matrix (i.e. "pixels"). They also don't have wireless and a host of other things that this device proclaims to have.
There are several variants on the NFC protocol. Some contain secure elements (with a CVV3, which is a cryptographically-signed incrementing number), but I believe they can also just dumbly-send the normal card data over the air.
I've also seen credit cards made from glass. I think they're NFC-only, though, because of the thickness, but I could be mistaken.
You are correct in that the NFC is just a protocol but for it to be used without a signature you need a secure element. In their "mock-up" they show a smart car interface on the front and in the FAQ they claim EMV. It is very puzzling.
2. charge pumps can be made out of discrete components and the largest part is a coil, which can easily be laid flat and thin. You can also charge a ceramic cap (low self discharge) slowly and use it when you need to change screen contents, thus allowing you to have a smaller charge pump yet
3. PCBs can be made very thin (a cheap pcb fab I use will make 10 PCBs for $10 for me at 0.2mm thickness). And you can also make them on a flexcable that is thinner yet.
You are right about EMV though. It is supposed to be uncloneable.
1. With respect to e-ink on a flexible substrate... it was announced but I've never seen it happen. I've dealt with e-ink fairly recently on two projects. They don't have a flexible design to sell you beyond prototype. and for custom sizes Their MOQ to begin exploring a custom option is 100K units.
2. There is no coil in a charge pump :). They use capacitors and switches. There is no inductor. For a charge pump to drive an eink like screen you need caps of about 10-20uF. I've designed about 3 different boards that drive high-res e-ink screens. You can't get those caps below 1mm at the very best.
3. Are you sure you are getting 0.2mm PCBs? That is only 8mils thick! Most standard PCBs are 62 mils ~ 1.5mm. Can you tell me who these guys are that would do super thin at prototype prices? I would want to use them (no sarcasm).
Minimum IPC thickness for 4 layer board (which is what you need for the EPSON driver to those e-inks) is 12 mils but even at that you'll have mechanical problems with that PCB. Credit card thickness FYI is 30 mils = 0.030".
What I would say to these guys is: "show me a prototype with the appropriate thickness. You have a prototype, right?"
A prototype is a requirement here. Seeing the team, I see no technical person, but two brand designers (just the people to make a great demo video). Not to say they don't have someone who can pull this off, but it is a thing that has not been done before exactly. Like Lockitron, Coin, and others before, the variety of physical interfaces involved plus the need for it to work 100% of the time make this non-trivial. This is not just a neat digital interface problem.
I can't help to think this and Coin are each a solution in search of a problem. Do you know many people that use more than 3 cards regularly? If the norm was to have so many cards they barely fit in your wallet this would be perfect.
Well - I carry 3, and would carry 7 if I wasn't trying to slim down my wallet.
Those 3 are:
* An personal AMEX cashback card, that gives me a very nice 5% back in certain categories, and 1% back on everything else.
* A Visa Airline miles card, for places that don't take AMEX or travel spending where I earn 2x or more miles.
* A business Visa credit card for the business my wife owns.
The other cards I'd carry if I wasn't annoyed by a thick wallet are:
* A Costco AMEX that gives me extra cashback at Costco.
* A couple store-specific Visa cards that give me nice benefits at stores where I shop at least semi-regularly.
* A work credit card for my work.
I'm a bit of a miles/cashback junkie, but I'll bet many people have at least a few cards they'd like to consolodate. The average American family has 8.
Like I said in another comment, I'd be thrilled if I could replace all those with one card, and I'd be happy to pay what Plastc is asking if it worked. But the most likely scenario I see for that happening is mobile payments a'la ApplePay.
One I use for everything, until their idiotic fraud department is confused as to how I'm spending money in Chicago after taking a flight to Chicago I bought with that card.
Another I use as a backup, for this situation.
Debit card, for extracting paper money from ATM machines.
>> Do you know many people that use more than 3 cards regularly?
It's not so much about use as it is about carry. I may use only 3 cards regularly, but I carry 13 in my wallet. Most of the lesser used cards are ID I have little choice but to carry or loyalty cards for places where I shop.
_IF_ the claims about chip and pin capability are true, I'd be able to pull out at least half of the cards in my wallet, which would be a significant amount of bulk.
If it were just credit/debit cards, I'd agree with you, but this purports to support gift cards. I've had too many gift cards to carry around, and ended up not using them because when I was actually in the store they were at home. So I do think it does solve a problem. That said, the problem this solves isn't important enough to justify the price tag (for me).
My question is whether these are the same people that came up with coin and this is simply another ploy to get people's money for a product that will never make it to market. Both domains are private registrations from GoDaddy. If either was a genuine corporate entity you would think they would have real information in their domain registration.
Lot of comments here is how Apple pay will rule. But not everybody can or want to buy iPhone. Or even expensive Android with NFC... That is why I think Coin and Plastc - if little cheaper may be succesfull. I usually have 2-3 debt cards, one credit card and I have few bonus cards for different stores - that I do not take with me, because I like small wallet. This solves my problem.
> But not everybody can or want to buy iPhone. Or even expensive Android with NFC...
An Android phone with NFC is not as expensive as you think, and it will be cheaper by summer 2105.
And by summer 2105, payments by phones/smart watches/wrist bands would be ready as well.
I hate to be so cynical, but product names nowadays are bordering on parody. And what's with the poor special effects in the background video? The e-ink display doesn't even line up with the card when it moves! You'd think they'd put just a little more work into that, since it's the first thing people see.
Looks interesting. Was thinking of waiting until a v2 just to let them work through security issues. Seems like the website itself has some front-end glitches - like the "About" page for example (this code visible: <?php if( extension_loaded(‘newrelic’) ) { echo newrelic_get_browser_timing_header(); } ?>)
Sorry yeah my bad, was in the middle of re-writing git history when this got pushed, took a few minutes to revert :) No security problems on frontend, in fact it was the parser protections which kicked in, preventing <?php from parsing etc.
I think something like this should replace credit cards used today (or at least having it as an option seeing the price). Authentication on the card could be extremely useful and secure. They should ditch the magnetic stripe tho, it's completely insecure, use only the chip.
Situations:
1) someone steals your pin code (there are overlay devices for ATMs, could happen), after that they steal your card (they can't clone it since it does not have a magnetic stripe). They can't use it since it has locked itself (default state being locked, unlock before transactions).
2) Buy something online, specify that you buy with plastc, it guides you to a challenge response authentication page. Type the challenge in the card, type back the response to the page. They hack the site, get every credit card info and your money on your bank account remains safe.
Cool at first glance but I do have skeptical questions:
(1) Durability was my biggest question -- how much flex and bend can this thing survive? How about being chewed on by a toddler, put through the washer and dryer (high heat), taken into a hot tub by mistake, dropped and stepped on with hard-sole shoes, etc.
(2) Ditto the other skeptical questions re: chip and pin.
(3) How big is the niche for this? I mean, I only have one debit card I use routinely and one credit card I use rarely. Carrying two plastic cards is not that big of a deal. I wouldn't pay $155 just to merge them into one card that can run out of battery power.
(4) Speaking of recharge... now there's another device I need to plug in or otherwise mate with some kind of charger? No thanks.
Like a lot of my fellow news hacker I preordered coin and was still waiting for it until today. Today I asked a refund. Between Apple Pay, Bitcoins and all the other payments technologies coming up I'm less and less convinced that my problem is to carry 2 cards in my wallet. I realized that my problem is to have to carry a wallet. I might end up buying the Coin or this fancy Plastc, but really I don't need it at all.
Does anyone else get the idea this is just a turbo-charged horse and buggy? Have they actually done market research beyond "oh that's cool" to "I actually have pain pulling out a separate card?"
It seems like they are making an age-old start-up mistake. Swift death to the founders so they can move on to something far more interesting than a re-imagined credit card.
With chip & pin (and the October 2015 deadline for the US to switch to chip & pin) this is awesome, and might actually make it up to Canada, where we've moved onto NFC and chip & pin.
I have a sneaky feeling that Coin's long radio silence and pushed ship dates are them re-engineering to have chip & pin at launch.
Reprogrammable stripes have been around for a while, and while this is a more attractive implementation the new EMV rollout (accelerated likely by the recent card breaches) will make this impractical. You can't reprogram an EMV.
I do agree that the process of selecting a card on the device is a bit more tedious than just pulling one of my 3 cards out. But the idea of having less bulk in my wallet - or - not caring one at all is pretty exciting.
As someone who frequently travels all over Africa, I would want a secure password on this. If this card gets stolen without such a password it would mean the thieves can empty out several of my cc accounts.
If they don't mess up the implementation then it would appear to be more secure than traditional cards. Especially in places like Africa (I assume) and the US where Chip and Pin has yet to be rolled out.
I appreciate the point you're making in that stealing this one card is equivalent to stealing a whole wallet-full. But isn't it usually the case that you lose the whole wallet in one go?
Actually, according to this worldwide map of card and terminal EMV deployment, Africa/ME had chip & pin tech, as of Q4 2013, in 38.9% of cards and 86.3% of terminals.
The difference is when I travel I don't take all my cards out with me, I would leave at least 2 backups in the hotel safe and another at home which can get sent to me in an emergency. Realistically imitating this behaviour on such a device probably won't happen.
A little bit off-topic: Would it make sense to use something like this for GPG? It feels safer than fingerprint to me and it's definitely better than those smart card readers that with keypads.
If the card presented by the customer can show the picture and signature for authentication, my hacked plastc will show my picture and signature along with my fraudulent magstripe.
If your bank allows generation of one-time-use temporary CC numbers, you could load this up with a bunch of them, and have any fraud be limited to the number you have left unused. Cool!
I am leery of pre-ordering unproven but fancy looking items given the history of many kickstarter projects. I would love to buy one if they actually make one.
It appears that your data is stored on your phone. So I think that the sentence "Completely wipe your card data from your phone." doesn't mean that you will remotely delete data from your lost card using your phone but delete data from your lost phone using some other device. But yeah, it is very ambiguous.
From reading the front page and only blog post, I gathered it is paired with bluetooth to your phone, and you set a timeout before self-destruct.
So if you set an hour, if your card hasn't been paired with your phone in over an hour it can erase itself. The phone probably rewrites the data as soon as it identifies the card again and the pin is entered.
so, my main question is where would I source the ble chip that is this thin? I know its probably just a rendering to test the market but it would be nice to be able to source some of the supposed parts in this thing.
I hate cash and can't wait until it's gone forever. I hate wasting time getting it out of the bank, I hate having to make sure I have enough at all times, I hate the crappy little coins I get back in change, I hate not being able to track where my money went easily.
I prefer paying with cash. But I don't keep the cash in my wallet--I hate wallets. But for my ATM card, various credit cards (used for large purposes), and driver's license, I'd go without a wallet. The one I currently use is a small one anyhow, intended as a business card holder.
Pick pockets aren't as common as they once were, at least in the U.S., but I never use my back pockets for anything. Even disregarding pick pockets, it's much easier to lose stuff that way, like when getting on and off a bus. So pocket space is at a premium for me, especially after I relented and bought a cell phone, which keep getting bigger and bigger. (And I would never keep my financial data on a cellphone, even if they promised it was safely embedded on a crypto chip... I just wouldn't trust them to have done it properly.)
Frankly, I think Plastc seems quite useful, at least superficially. The devil is in the details.
Nope. I prefer my merchants keep more of the money, and the banks less. Also, I have a better grasp of the money running through my fingers, literally.
Well, I briefly scanned through some of the comments here, one thing I didn't see mentioned was the fact Coin is not rechargeable, once it's dead, you are required to buy a new Coin.
Apparently according to plastic, it is rechargeable, therefore once you buy it, you never have to buy another. Another interesting point was it's wireless rechargeable from the video, which is interesting.
