Coin card

Coin

Commerce


When a company called Coin said it was making a payment card that could digitally store all your credit and debit card information on one device, I was excited and assumed others with fat wallets would be, too. But the company’s announcement last week that shipment of its cards would be delayed until next spring raises new questions about how many stores will actually accept this form of payment when it finally reaches market.

The reason: Coin’s release is now set for the spring of 2015 — only a few months before retailers in the U.S. will be encouraged to stop accepting payment cards like Coin’s that don’t have new embedded computer chips meant to make cards harder to clone. By October 2015, retailers will begin assuming risk for fraudulent purchases in their stores if they do not use a new type of checkout equipment designed to accept these new, harder-to-clone credit cards currently being issued by banks.

Coin lets you add payment info from various debit and credit cards into its app and then sync that with one universal digital payment card so that you can toggle through different payment options at checkout. The problem for Coin customers, who paid $55 to preorder the card during a crowdfunding campaign last year, will be that the card doesn’t contain one of the new chips meant to make cards more secure; it needs to be swiped. Merchants will still have the equipment to accept swiped cards next spring and Coin believes they will do just that.

But will they really want to assume the risk — especially in the wake of the Target breach — that the card is a fake when they know most mainstream banks started sending out chip cards to their customers back in 2014? Or will they train checkout people to ask a customer for another form of payment in these situations?

As payments fraud expert Cherian Abraham wrote in a blog post earlier this week, “success of a swipe depends on the merchant’s risk appetite and certainly cannot be controlled by Coin or the consumer.”

The only way to know for sure will be to test out the Coin card when it is available. We’ll see if a big-box store like Walmart will take my card later this year if I’m accepted into the company’s Beta program.




6 comments
@mkhoury
@mkhoury

Rumor also has it that the credit card banks need to be on board to allow their cards to essentially be cloned, and they're not exactly thrilled with the idea - and that's the major balking point.

mikeemorris
mikeemorris

 The Target breach had nothing to do with counterfeit cards and EMV would not have stopped it.  The vulnerability that was exposed was that credit card track data is transmitted in the clear across the Target networks from the POSes.  Malware installed on computers on the network captured and redirected these credit card numbers.  Real credit cards were stolen and would have been no different if EMV cards were used.


Magnetic stripes will absolutely be around for years to come.  EMV took 10 years to fully transition in Europe.

wakeupz
wakeupz

With this article, you wont be accepted for sure.

mikeemorris
mikeemorris

@@mkhoury How would the banks know the difference?  This is how counterfeit cards work.  At the end of the day, it's going to be up to the merchant.

ThElSt
ThElSt

@mikeemorris No, using EMV encrypts the transmission.  The private keys are stored on the chip, part of the reason they can't be cloned.


So even if the malware snooped all the data, it would be useless without the private key.  They would need the physical card or get into the processing data center, as those are the only two places with the keys.


It should also be noted, you can't read the private keys off the card, this is the way the chip was designed.  Probably why coin will never be able to make an EMV compatible device.

mikeemorris
mikeemorris

@ThElSt  Check out this article that, incidentally uses the Target breach to illustrate that EMV implementations can still can transmit in the clear.


http://bit.ly/1zGdkbY


What you really mean that is inherently encrypted is the PIN.  This is the only thing you don't get with a data capture.  However, this does not stop a stolen card (PAN, exp. date, etc.) from being used for online and phone fraud.


Additionally, EMV chips fail fairly often.  Many times, in these instances, merchants will have to fall back on the mag stripe.  All it takes is a little clear nail polish on the chip to make it unreadable but still have the appearance that it's legit.


Once again, it all comes down to encrypting the data at the read and transmitting securely all the way to the processor.

Follow

Get every new post delivered to your Inbox.

Join 299,551 other followers