Comments on: Turn your iPhone into a Digital Wallet

By: digitalshaman

digitalshaman — Fri, 22 Aug 2008 14:20:00 +0000

respectfully, you might be doing that but under the dmca & even certain contractual obligations (similar to those mentioned by the person from europe above) it may be unlawful … it raises a number of interesting issues – namely how do you balance security with convenience & piracy with privacy & theft of identity in general (your ID, the card ID & any transactional ID) – again, lots of discussion these days never takes into consideration copyright when it applies to items that you would think belong to you (like your cards) but the fact is that the risks and protection measures are the same in information theory … witness the recent MTA hacks by MIT for defcon … security by obscurity is bad but preventing healthy discussion and open debate is perhaps more detrimental …

By: Stephen Fleming

Stephen Fleming — Fri, 22 Aug 2008 03:44:00 +0000

Nice to see some comments here!

Good thoughts about encryption and security. Note that I'm using this for convenience, but not for anything that would really be a risk if stolen. I'm not sure what a criminal could do with my Barnes & Noble discount card, but I'm not terribly worried about it.

By: digitalshaman

digitalshaman — Thu, 21 Aug 2008 21:39:00 +0000

encryption only assures confidence in the communication. once decrypted, there is no "traceability" & to put it mildly your scheme is simple to hack. anyone with those cards can subtract your image from their own generated image – the difference should be the "value" being protected – hopefully unique to you but also unique to the issuers – you do not "own" the card; but, all of the other physical security features have been wiped, by you. I am not certain how liability is covered when you voluntarily rid yourself of security for convenience but what you have shown is akin to what simplistic counterfeiters do. There are techniques that I can provide that accomplish the same thing but they would be inappropriate here. Security versus convenience?expense versus value?

By: Susan Cartier Liebel

Susan Cartier Liebel — Thu, 21 Aug 2008 15:10:00 +0000

I’m just curious. Password protected or not…what happens when you iphone is stolen. No, they don’t have the physical cards to charge but your identity can be certainly compromised. Hacking is just not that hard, or worse, they steal it while you are using it and don’t need to worry about passwords.

A friend had his stolen at knife point…makes me wonder, that’s all.

By: Andrew

Andrew — Thu, 21 Aug 2008 15:08:00 +0000

Didn’t think I’d see the value over other methods at first, but it is sometimes nice to have all of the details. Would be a great one if you ever lost your wallet and needed to know all your CC contact info to cancel cards

One issue though would be bar code scans of “club cards”. I found a great hack on Lifehacker a while back, http://www.justoneclubcard.com. You enter in the store, the corresponding numbers and they spit out a printable card with all of your club card bar codes on it. You can even enter some that they don’t have the formula for on file, just takes some playing around.

By: Anne Bubnic

Anne Bubnic — Thu, 21 Aug 2008 14:57:00 +0000

You're in luck. Splash ID just announced an IPHONE version yesterday!

Your method is quite clever, but I hope you never lose that IPhone. Identity thieves would have a party.

At least Splash ID has password protection!

By: Wei

Wei — Thu, 21 Aug 2008 14:45:00 +0000

I’ve actually thought about this… and the use of mobile coupons as well. Instead of bringing a stack of coupons, launch your iphone and find coupons on the go and just have them scanned as you bring them up.

Though, I do wonder if there are any long term negative effects from having a laser repeatedly hitting your iPhone screen to scan stuff.

By: Shefaly

Shefaly — Thu, 21 Aug 2008 14:41:00 +0000

Interesting idea but a view from the UK is as follows.

We are mandated to use cards that have chips storing cardholder data and then we enter a PIN to validate a transaction when paying. Signature is usually not allowed except when one is disabled etc and has a dispensation for such a bypass. Card fraud has fallen since they were introduced but for the following.

Not using the chip-and-pin system makes all transactions ‘cardholder not present’ transactions which continue to grow as a category of card fraud. Businesses’ exposure is also greater in such cases.

Besides I would like to know what your banks/ various card issuers think of this hack

By: Bill McKinnon

Bill McKinnon — Tue, 05 Aug 2008 03:25:00 +0000

Stephen,
Great idea! I’d be interested in how your transition goes — particularly the “total cost of conversion” (and what sorts of things that iPhone apps can’t quite do just yet). Some day it will be painful to have to give up my Treo.

By: Brandy

Brandy — Fri, 11 Jul 2008 14:47:00 +0000

Stephen,
you continue to defy the time-space continuum. I have only 24 hours in my day. You must have at least 30!