[HN Gopher] Plastic Money ___________________________________________________________________ Plastic Money Author : bertman Score : 227 points Date : 2023-09-04 07:54 UTC (15 hours ago) (HTM) web link (computer.rip) (TXT) w3m dump (computer.rip) | jasmer wrote: | [dead] | xyst wrote: | just a small reminder of how convoluted the process of buyer and | merchant payments has become. | | It used to be simple: | | - buyer hands the money to the merchant. | | - merchant verifies monetary value. If monetary value is valid | then merchant gives buyer the item. Otherwise, tells them to piss | off/get bent. | | - buyer walks away with item | | But major credit/debit card processors (visa, mc, amex) had to | insert their hands into the pockets of every buyer and merchant | to get their 3-5% cut on each transaction. | | Now it's a much more complicated process that happens more | "seamlessly": | | - buyer presents debit or credit card | | - merchant checks if debit or credit card is accepted by their | payment processor --> if not accepted, tell buyer present diff | card or "get bent" | | - merchant swipes/taps/keys-in card information and attempts to | process the transaction. A decision is typically reached within | less than <1 second --> if declined, try again. If further | declined, tell buyer card declined. Buyer insists it's good and | to run it again. Merchant runs it again, it's successfully | processed (wtf?). If not, tell buyer to get bent. | | - buyer walks away with the item | | In the background, in order to accept debit and credit cards the | merchant had to sign a deal with the devil and pick one of the | many payment processors. Merchant could have gone with his bank's | processor but turns out the merchant doesn't have the right | paperwork or lacks the revenue to qualify for a "premium" | account. So the merchant looks elsewhere and finds a promising | payment processor elsewhere but fails to read the fine print. In | addition to the 3-5% fee charged by the major CC networks, the | processor will take a 5 cent transaction fee to process, in | addition to a 1 cent "inter network" processing fee. ALSO, the | "free" equipment that's provided to your business has a $50 month | maintenance fee in perpetuity. On the flip side, if you transact | 100K per month, they will cut the transaction fees by 25%, oh how | generous! | | Oh did I forget to mention that some cards have "premium" fees? | So if a buyer presents a "black card", the merchant is then | charged by the bank issuing the card another fee. Sometimes it's | included in the payment processing terms but this is YMMV. So as | a consumer, if you ever wonder why the small business takes | "visa" but not your "chase ultra sapphire pearl max black" card | with visa logo. That's why. | | Unfortunately, it doesn't end there. | | (2 days later) buyer that bought that item actually stole/cloned | the credit card and the actual credit card owner initiated a | dispute. | | Merchant has now been charged a $25 dispute fee and is now in the | resolution process. If bank and/or credit card processor rules in | consumers favor, merchant loses $25 in addition to the cost of | the item(s). | | At the end of the day, merchants get fucked. Merchants pass on | costs to consumers/buyers. Buyers get fucked with increased cost | of goods. | | Only winners are the useless middlemen. | andrewaylett wrote: | Card-present fraud is low enough that _I_ can accept payments | (in the UK) for 1.69%. The reader cost PS39, but in the last | few months they 've started allowing me to accept NFC payments | using my phone without a separate reader. No monthly fees. | | I'm not running "classic" retail, just stalls at school events. | The cost of cash is the cost of my time and that of other | volunteers making sure we know how much cash we brought in, and | getting to the bank. It's _absolutely_ worth 1.69% to avoid | having to deal with cash. And that 's even before worrying | about having a float to make change with. | folbec wrote: | "- merchant checks if debit or credit card is accepted by their | payment processor --> if not accepted, tell buyer present diff | card or "get bent"" | | This is america, in France (and more generally in Europe) all | credit / payments cards are standardized thru governmental | intervention. Vendors are allowed to say cash only and refuse | cards in general but this is getting real rare. In some | countries (Norway), you can have a real hard time paying cash | in big cities, vendors refuse it. | karmakaze wrote: | My first encounter was with VendaCard being used in mid-80s at | the University libraries for photocopies. Seems they've also been | used for autolaundrymats. | nottorp wrote: | Hmm with cards like these, if they aren't tied to an identity, | the general population could print money faster than the | governments do. | kalleboo wrote: | Wow this discussion unlocked a long-lost memory: the Swedish | "cash card" - a stored value card where you'd use a terminal to | load money off your bank account onto the stored value card and | then use it in participating stores. If you lost the card you | lost the money. The fees to merchants were too high so it never | gained any adoption, it looks like it only was available from | 1997-2004. The Wikipedia references a German version, Geldkarte, | which apparently had a renaissance when it could double as proof | of age for tobacco vending machines... | | https://sv.m.wikipedia.org/wiki/Cash_(betalsystem) | | I'm also reminded of the magstripe stored value cards used by our | public transit agency. These were trivial to rewrite, but since | most people who tried this did it to save money on their commute | rather than random joyriding, it was easy for the agency to | reconcile the usage logs to find out where they went every day | and wait for them at their station... | | These days I think the main advantage to offline systems is | performance. When you have a busy subway station in Tokyo with | massive crowds passing through the gates, nothing beats the | throughout of offline Felicia Suica cards. Their gates default to | open and you walk through while swiping without stopping, the | gates only close if there is a failure. Vs EMV-based systems like | London where you have to stop and wait for the card reader | thatfrenchguy wrote: | EMV based systems aren't necessarily authentification based / | don't always phone home depending on the card issuer. | dfox wrote: | It depends on both issuer, acquirer and the particular | merchant. Second step of the EMV transaction (after the | terminal verifies that the card was issued by known issuer) | involves the card and terminal comparing their authentication | and authorization policies, which might very well result in | no-op being acceptable to both. The system is not designed to | be secure against fraud, but to assign liability for the | fraud to particular party in cryptographically verifiable | way. So as a merchant (think public transport) you can very | well accept cards offline without any kind of CHV step, but | the possible fraud is your problem. | [deleted] | alexfoo wrote: | > Vs EMV-based systems like London where you have to stop and | wait for the card reader | | Throughput depends on the people being ready. | | In London the TfL gates (both train/underground) have a delay | on closing, so it's possible for the next person's pass | (whatever it is) to be scanned before the gates close. At busy | times there are enough people already ready with their passes | that the gates don't shut at all between scans and there is | steady flow of people passing through. It only fails when | someone faffs a bit too long with their pass/phone/watch/etc | and you get a temporary stall. | | Even approaching a closed gate it's possible, with a bit of | practice and an outstretched arm, to walk through without | having to break stride. | | You do have to be careful of some people intentionally using an | invalid card, resulting in the gates closing, and the person | behind them letting them through with their subsequent scan | whilst being left at the gate themselves (easily solved by then | going to see one of the gate operatives and explaining the | situation). | | The things that aren't quite there yet, in terms of speed, are | the QR codes being used for digital rail tickets, they have a | separate optical reader (obviously) that doesn't work | quickly/easily enough to walk through without breaking stride | as you have to faff with a piece of paper or your phone rather | than a simple NFC. | [deleted] | vincent_s wrote: | Germany: Geldkarte (German: "money card") is a stored-value | card or electronic cash system used in Germany. It operates as | an offline smart card for small payment at things like vending | machines and to pay for public transport or parking tickets. | The card is pre-paid and funds are loaded onto the card using | ATMs or dedicated charging machines. The system will be | abandoned from 2024. | | https://en.wikipedia.org/wiki/Geldkarte | zwirbl wrote: | The similar Austrian system was called 'Quick' and has been | defunct for a few years now. I only ever used it for vending | machines, mostly cigarettes | https://de.wikipedia.org/wiki/Quick_(Geldkarte) | PaulRobinson wrote: | As others have said, EMV doesn't have to phone home, and | London's TfL system often doesn't straight away because they | might not even have a connection (my bus this morning | definitely didn't). It's also not charging the payment | immediately, because the charge is unknown at that point - you | might not know until the end of the day or week what the charge | is, because travel rates are capped and dependent on the zones | you're traveling in. | | As to the gates being default closed, well, gates at train/tube | stations can accept a range of things being presented to them | including smartphone/watch payments, bank card contactless, | Oyster card, Oyster season tickets, paper tickets with magnetic | stripes, paper/magnetic season tickets, and Freedom passes | (technically a special sort of Oyster season ticket, I think). | | If you're traveling with a paper/magnetic ticket, you're going | to have to insert it into the mag reader and wait for it to | spit it out before it opens the gates. Can't be swiped. | | That, combined with the fact TfL already have a problem with | revenue protection (some people jump gates), albeit not quite | as bad as you'll see in most of Paris or Rome, means they're | going to keep the gates closed by default. | | Fare dodging in Tokyo is almost unthinkable. Social constructs | mean they can do something at those gates few other cities of | that size can get away with. | kalleboo wrote: | Interesting. So there's no verification of the card validity | at all? I assumed at least they took an auth hold like gas | stations do. If I call and get my card blocked I can use that | now-invalid card and ride for free? | | So why then are the EMV card readers so damn slow? Is it just | a NFC vs FeliCa thing? | | The Tokyo metro system also supports paper (mag stripe) | tickets through the same fare gates. Those are also spit | through the gate super fast. | | On a failed read, the gates close nearly-instantly, I don't | think they would actually aid in fare avoidance, you do see | people run into them painfully when their card has too low | balance. | noodlesUK wrote: | From personal experience, if you use an EMV card that has | been blocked on TfL services, you will sometimes be able to | travel. I did this by accident once. I could see TfL | repeatedly trying to debit my account with incorrect | information for about a week. I doubt all of their readers | are offline, and I suspect that a card gets blacklisted if | it declines. I suspect this is also because they only | charge at the end of the day once they have computed the | correct fare (with capping etc) | kalleboo wrote: | Interesting anecdote! Thanks. I would have definitely | assumed that at least train gates (but not buses I guess) | would attempt a hold! | PaulRobinson wrote: | > On a failed read, the gates close nearly-instantly, I | don't think they would actually aid in fare avoidance, you | do see people run into them painfully when their card has | too low balance. | | I'm talking about the instance where somebody doesn't even | scan: they just walk through. That is possible in some | stations in London, and it's perhaps not a coincidence | that's where the worst fare avoidance occurs. | nayuki wrote: | No, the Japanese fare gates have motion detectors. If you | try to walk through without scanning, the gates close. I | tested this once. | justincormack wrote: | London does not charge online, especially as they don't know | the fare until later, so the billing still happens as batch | like Oyster. | progre wrote: | The wonderfull Cash-chip was embedded into Visa debit card | issued by the bank. It also had "Valid in Sweden only" printed | beside it, on an othervise internationally recognized debit- | card. | | I know of at least one person who had to spend the night in a | detainment cell at JFK and then had to take a plane back to | Sweden the next morning because the customs agent concluded | that they didn't have any money for their stay in New York. | kalleboo wrote: | Oh god that sounds like an unfortunate design haha | rtpg wrote: | I had this for laundry at school in France! I recently was at a | US university, and having to use an app and sign up to start my | laundry was something awful in comparison (though I liked getting | $5 in free credit for some unknown reason) | dna_polymerase wrote: | PSA: The author of this post also runs a niche YouTube channel | that is notoriously under-subscribed. For everyone interested in | retro tech & technical infrastructure in the real world, go head | over here: https://www.youtube.com/@computersarebad | jcrawfordor wrote: | "notoriously under-subscribed" is a generous way to put it. I'm | going to post a cool video soon though, I swear. | xn wrote: | The cafeteria at Visa in San Mateo used smart cards in 1998. | | There were startups focused on smart cards in the 90s: | https://www.nytimes.com/2000/03/24/business/publicard-busine... | deadeye wrote: | Am I the only one here that remembers credit cards before they | used any sort of online processing? | | Back in the day, paying with a credit card was a hassle. There | was a machine that would take an imprint of your card and you | would sign the imprint. There was no authorization. | dghughes wrote: | The authorization was the clerk picked up the phone and dialed | the credit card company. | adamauckland wrote: | I remember doing the authorisation by phoning up a Streamline | who would give you an authorisation code to put on the credit | card form. I worked for Electronics Boutique and we couldn't | give the games out without the code | fellowmartian wrote: | I only know this because of the scene from Home Alone 2. | EvanAnderson wrote: | I worked in a gas station taking credit cards w/ an imprint | machine. We had a book, updated monthly, of card numbers to | decline. That was in 1990. By 1994 we were calling a toll free | number and reading (part of?) the account number for | authorization. | lowercased wrote: | I worked a retail mall job in the early 90s. We had a | computer/POS system that had a built-in swiper for credit | cards. You'd swipe, hit a key, then listen to it dial out, | connect, beep, etc. A CC payment took minimum 30 seconds, | usually closer to a minute. December was always a huge slowdown | for cc payments. _Occasionally_ we 'd pull out the imprint | machine and do a few of those, and... for some reason, I seem | to remember we had to use it for amex or diners club or | discover or some other 'non-traditional' card, but those were a | rarity - I think I may have done 2 or 3 of those a year. | | Most places seemed to have 'swipe in the terminal' only by late | 90s. | OfSanguineFire wrote: | I'm curious to know when exactly that practice ended in Western | Europe and North America. As a millennial, the only time I ever | encountered it was in 2008 in an outdoor shop in Thamel, | Kathmandu's backpacker ghetto. The owners said that they could | not accept my Visa Electron card (standard European debit card) | because it was not a real credit card, and they showed me the | machine they used to take imprints of real credit cards. Of | course, this was all gone by my next visit to Nepal a couple of | years later. | elygre wrote: | If the amount was big enough, there would be a phone call from | the merchant to some call center. | teh_klev wrote: | I'm of that vintage of credit card user that remembers this. I | used to keep my counterfoils (I think that's what they were | called) to reconcile what was remaining on my available credit. | I seem to remember there was a printed list of that some | merchants used to look up invalidated cards before electronic | terminals replaced mechanical card swipe machines. | EricE wrote: | I remember my parents credit card bill coming in on punched | cards - would have been the mid 70's. Ha! | andreareina wrote: | I used to be the one running those cards through the machine! | We actually would call someone (credit card processor?) to give | them the details and we'd get an auth code back that we wrote | down. | pluijzer wrote: | Starting from 1996 we had ChipKnip in the Netherlands. When it | came out you could already pay with debitcards in most shops. The | added benefit was that it was suited for small purchases and | worked in places without a phoneline, like the bus. One problem | is that if you break or lose the card your money will be gone. I | remeber that when I was a child more then once I broke my card | and had to tape it togheter in aome wild fashion in order to use | my money. | miki123211 wrote: | I kind of like the solution adopted by the Polish city of Wroclaw | (and many others, but Wroclaw is the one I'm personally familiar | with.) | | Their transit system relies on bog-standard bank-issued Visa / | Mastercard payment cards, the kind most Polish people already | have in their wallets. When you buy a ticket (usually at a ticket | machine at the stop or in the vehicle itself), the machine | temporarily remembers some of your card information. If a ticket | inspector comes, you just tap your normal credit / debit card to | their terminal, which queries the vehicle's systems somehow. It's | basically the reverse of a storage-value system, they use a | payment card for a kind of identification. | | All transactions are performed offline, usually the next day. | Tickets are cheap enough that fraud is not a big concern, and | there's a system in place to blacklist cards that can't be | credited. If you end up on that blacklist, you have to go to | their website or office, enter your card number / tap your card | and pay the missing amount. | | If you're a resident and not a tourist, there's also a system of | transit cards I believe. | nayuki wrote: | > SIM cards are just smart cards. [...] SIM cards no longer | conform is ISO 7810 in most cases (having migrated to the smaller | micro and nano formats), but continue to be compliant with ISO | 7816 for electrical and protocol compatibility. | | Over the past 20 years, I've used mobile cellular telephones that | take mini-SIM, micro-SIM, and nano-SIM. I didn't get to | experience the full-size SIM card, but learned about this obscure | fact from online photos and museums. Example: | https://twitter.com/phone_museum/status/1287310071907713024 | | > Why is it that SVCs gained so little traction for payments in | the US? | | Another obscure point is that during the Bitcoin craze of the | mid-2010s, the Canadian government tried to pitch MintChip as a | competitor. It fizzled out and went nowhere. | https://en.wikipedia.org/wiki/MintChip | | > Offline systems simplify payment networks in some ways, but | also add complexity, which is often apparent in transit systems | that combine offline terminals (for example in buses) and online | terminals (for example at train platforms). [...] If you add | value to a card with a zero (or near zero) value and then try to | board a bus, it is likely that you will be rejected: the value- | add hasn't been written to the card yet, and the bus terminal | hasn't been told about it. The transit operator often sets an | expectation of one business day for online value adds to be | available if your first trip is an offline terminal If you add | value to a card with a zero (or near zero) value and then try to | board a bus, it is likely that you will be rejected: the value- | add hasn't been written to the card yet, and the bus terminal | hasn't been told about it. | | This perfectly describes the situation in Toronto/Ontario with | PRESTO, adding value, and tapping on buses. | seszett wrote: | Nice and very interesting write-up. | | I'd like to comment on this part, about actually writing on | cards: | | > you can create an account online and associate the card with | your account, and then you can add value online. This is | convenient, but confronts the offline nature of the system. You | add value to the card, but there's no way to write the new value | to it. | | > The solution, or at least partial solution, to this problem | looks something like this: fare payment terminals have to receive | a streaming log of value-add operations so that they can apply | them next they are presented with the relevant card. | | I think that's why new systems often use NFC, since smartphones | can do NFC this has the potential (because many NFC transit cards | don't allow it yet) to actually charge cards from smartphones. In | practice, none of the transit systems I regularly use allow it, | and although it's in beta in Paris they only whitelist a handful | of specific smartphone models so I can't do it either. But it's a | possibility. | | It could work the same with ISO 7816 smartcards if people just | had card readers at home, but in practice here in Belgium where | most people have such card readers (used to authenticate online | with one's national ID card, although this is becoming less | common now that there's a smartphone app for that), this has | never been used for anything else basically. | | And for some reason, smartcard companies seem to be totally | unable to devise user-friendly interfaces. It's been more than 30 | years now so you might think they have had the time to think | about it, but... no. I wish there was just a web standard for | that with a standard browser-provided UI. | dolmen wrote: | Charging the Paris transit card (Ile-de-France Mobilites) via | NFC is out of beta for at least one year now. Much convenient | to bypass queues at the start of each month. | dolmen wrote: | > And for some reason, smartcard companies seem to be totally | unable to devise user-friendly interfaces. It's been more than | 30 years now so you might think they have had the time to think | about it, but... no. I wish there was just a web standard for | that with a standard browser-provided UI. | | Browser development is driven from the US. Smartcards | development is driven from Europe. I expect that the same | frictions that happens in deployment of smartcards for banking | also happens in the browsers world. | 1023bytes wrote: | I've just used this in Malaysia, they have a card called Touch | n Go that is very widely accepted. You can load up the card | using cash terminals or via a smartphone app with NFC, you can | use that to check the balance as well | tuetuopay wrote: | My grandfather was at the head of a French company that pioneered | the smart card for banking use. They started with the payphone, | continued with the Vitale card (public health system card), then | did the credit card. He told me stories of him going in many | countries to sell the tech and concept, and this article nails | it: this is a French thing, so the US did _not_ want it. They did | not want it so badly that magstripe is still commonplace. Its | quite nice to listen to him about the beginnings of computing, | the notion of "datacenter", etc. | Chris2048 wrote: | > this is a French thing, so the US did not want it | | Given how common US things are in Europe, I'm surprised there | isn't more of a trading war over things like this. Personally, | I think the EU should penalise foreign all social media | companies, and fund local start-ups to replaces them. | oaiey wrote: | The US is a huge market within, has very revenue focused | companies and an active "Homeland security"/national interest | management ongoing. | | I totally believe that the first two points reject 90% of | international influence and standardization. | jcrawfordor wrote: | Well, one of the reasons I kind of play up the French | origin of this technology is because I think it turns into | an interesting twist when it comes to US government | adoption. Articles from the time period seem to agree that | the technology was having a really hard time crossing the | ocean from Europe, and while there were several factors I | think a good chunk of it was just the payment networks in | the US not being interested in adopting something new. | | But there's a bit of irony where, post 9/11, the US federal | government decided they needed to really pick things up | when it came to secure identity for federal employees and | military personnel. So they developed and adopted the PIV | standard now used for all federal credentials, which is a | very soup-to-nuts smart-card based identity solution | complete with PKI certificates and offline biometric | authentication. The problem is that smart card technology, | clearly the way to achieve this, hadn't taken off in the | US, so they ended up having to buy pretty much the whole | solution from France. Not that big of a deal in practice as | Thales is a major defense contractor to the US anyway, but | sort of a disappointment considering all the interest in | keeping a strong domestic military technology capability. | | One wonders where the NSA was during this process, but the | NSA has a tendency to both overengineer things to a degree | that widespread use is infeasible, and keep things secret | to a degree that widespread use is undesirable. So the more | homegrown solutions to similar problems, things like the | Fortezza cards, were complete nonstarters as a widespread | solution to identifying federal personnel. So we have one | of the factors here in the United States general lag in | adoption of identity technology compared to other, | especially European, countries. | Chris2048 wrote: | I'm not sure I understand what the first two points are. | | That US corporations are so focused on revenue / a large | market that they are not influenced by government? | | Or that the US market is so big international corps cannot | complete (which is irrelevant in the context of my own | comment). | EricE wrote: | Simpler than that - look up the phenomenon known as Not | Invented Here | sugarkjube wrote: | I doubt offline cash-like electronic money will ever happen. | | Like others also already mentioned, we also had a system like | this 30 years ago for vending machines and cafeteria in a large | corp. | | Banks want tracking (for customer profiling). Governments wants | tracking (for anti-terrorism and anti-money-laundering). So it | won't happen. | kwhitefoot wrote: | It happened in 1995 with Mondex, | https://en.wikipedia.org/wiki/Mondex | | But I suspect that your reasoning is correct nonetheless. | jmclnx wrote: | I believe this is the case too, at least for the US. Why, no | profit to be made from people using these. We have Credit Cards | and the Banks get a cut from the store and from people who do | not pay their full balances off, and the stores hide these fees | from their customers. | | Now some stores are starting to add special fees for Credit | Card use, which the Banks are trying to eliminate these fees | via the US Congress. They know as well as I do, if stores start | charging fees for Credit Card use, many people would jump right | back to cash. This would decrease their profits. | esprehn wrote: | Consumers also want protection against lost cards, fraud and | refunds when the merchant or product is bad. | mindslight wrote: | The general trend that I see is that institutions [0] will | always favor centralization of telemetry and control (eg the | concept of _legibility_ ). You don't even need to phrase it in | the terms of profiling/tracking per se, although those are | instances of the general. | | I think I even feel the same dynamic with something as banal | and informal as home automation. With some kind of computer (eg | microcontroller) at every node I certainly could keep the local | control local. Or I could just focus on publishing data to the | "network" [1] and getting commands back, and making the | interface a given device exports as simple as possible. | | We see the results of this harsh dynamic for platforms that | allow for hub-less control (eg Zwave I think). Nifty and more | robust, but it adds to the bespokeness and siloing/lock-in. | It's just so much more complexity that then has to be | configured, and then grokked to know what the system will | actually do. Whereas backhaul state and control to a general | purpose Linux machine running python and you can do "whatever | you want" (modulo that singular machine having a problem). | | Not a great dynamic for those of us that like freedom. | | [0] or really any entity, corporations and governments can just | fulfill the imperative at scale | | [1] full extrapolation in the corporate context - "cloud" | paulgerhardt wrote: | https://offline.cash/ | | I mean. It's already happened. Thanks to some clever non- | intuitive use of escrow contracts one can create fungible cash- | like electronic money for offline transactions. | medler wrote: | NYC metro cards are reportedly a form of stored-value card. When | you swipe, it reads the value, writes the new value, and checks | that the correct value was written. Transactions are later synced | to a database to catch fraud and so forth. | https://www.reddit.com/r/AskNYC/comments/nsicuj/technologica... | ElongatedMusket wrote: | Talking up the tech of having physical plastic cards hold value, | but ignoring the real-world implications, is kind of silly right? | Maybe it would have been better for the author to get that out of | the way first... something like "if plastic cards held a value, | public figures such as celebrities and CEOs would be robbed, | kidnapped, held ransom, etc due to the values of the cards, so | they are not practically safe in our non-utopian world. But let's | explore the tech behind it anyway" | lxgr wrote: | You're missing an important point: It's possible to carry | _some_ of your money with you, and leave most of it somewhere | more safe, in whatever form, just like with cash. | jaclaz wrote: | And another important point, public figures tend to have | assistants with them that carry the money or the cards or | just pay later. | kwhitefoot wrote: | That's just about the silliest idea I have read this month. | pjc50 wrote: | The cards are kind of a cash-substitute. | benoliver999 wrote: | This guy writes faster than I can read. I love the site! | virtualritz wrote: | I remember getting my first debit card from my local bank in | Germany as a teenager. It was in the early 90s, I believe. | | It had a chip with the ubiquitous brass contacts almost any card | has today. | | My uncle had participated in the patent filings for some of the | tech, years earlier, for his employer. He had explained to me, | already in the 80s, how this would be the future of carrying | money around. | | It never took off. My personal take is that it was simply an | oversight in UX. | | There was no way to check the balance on the chip without going | to an ATM. | | Furthermore only some ATMs of some banks carried the | hardware/software to do so. I also don't recall if you could even | check your balance if the ATM belonged to another bank. | | Also paying by card was far from common in Germany then so few | shops carried the readers. It was mostly only big supermarkets | and department stores. | | I.e. it was double inconvenient compared to cash. | | And Germany being a safe country, the added security in case of | theft didn't help. It was also a minor factor since a thieve that | would steel your purse would simply throw the card away. The | money would be gone either way. | jimmcslim wrote: | Oh wow, a lot of technology in there from my past... in the late | 90's I worked at a startup, Cards Etc, in Sydney, Australia with | the mission to build a back-end system, Arterium, for dealing | with multi-application smart card issuance. | | The product is still mentioned in a couple of articles... | | https://www.afr.com/companies/smartcards-offer-a-world-of-op... | https://www.finextra.com/newsarticle/3534/first-data-selects... | robin_reala wrote: | I spent a few years with a Mondex card[1] (I assume Exeter | university was one of the test locations?) and it was vaguely | useful: most places on campus accepted it so you could use it to | pay for a pint, print or photocopy, or buy course books. Looking | through the list of what it could do though it seems it was | pretty underutilized. In the test location I was in you couldn't | transfer funds to another person or use multiple currencies, and | I don't remember any personal readers. | | [1] https://en.wikipedia.org/wiki/Mondex | vinay_ys wrote: | In more recent times, we had to think about this problem in | Indian market context. I saw this problem as online vs offline | payments problem. | | If both parties are offline, can you still make a secure transfer | of stored value? Yes, with a trusted execution environment and | cryptography, you can do it. So, yeah, smart card works; a | smartphone works, a feature phone with NFC smart card works etc. | For each, the risk profile is different which affects the answer | to the next question. | | Then, when does reconciliation happen? When either party goes | online? What if it is not a closed loop system? Then, | reconciliation needs to happen for both parties independently. | How long can either party stay offline and continue to make | transactions? Is it both send and receive or only send on one | side and only receive on another side? What if one party | (merchant/receiver) is more likely to be online (almost always). | Does it just become online payments problem then? NFC tap and pay | is exactly this scenario. | | In India, right now, we have NETC stored value cards for closed | loop systems like metro. For open systems like UPI we have | recently introduced offline payments capability with very small | stored value stored as tokens on the mobile phone and used for | very small transactions. As the banks learn the real-world | operational risks, the wallet limits and transaction limits will | be increased. | londons_explore wrote: | The real solution is to let the receiver of the money have a | "verify" button which will, if connected to the internet, | contact a central server and check that no double-spends etc. | have happened. Up until verification is done, the money shows | as "provisional" in your account - but you can still spend it. | Only one person in the chain needs to verify for the whole | chain to become permanent. | | Then the users and merchants can decide if they wait to click | the verify button. And the default for anyone with data | connectivity should probably be auto-verification. There is an | incentive to verify, because if any double-spending has | happened, the first to verify is the one who gets the money. | | Double-spends _will_ happen in any system that allows offline | transactions, because a user has to be allowed to log into a | new device (if they lose their old one), and there is no way to | know if the money spent from their old device was synced to the | server yet. | lxgr wrote: | > Up until verification is done, the money shows as | "provisional" in your account - but you can still spend it. | | Who would accept "provisional money" though, if there is a | realistic risk of it being double spent and therefore | effectively worthless? | | > Double-spends will happen in any system that allows offline | transactions | | Only if you assume untrusted devices. That's why in most past | and existing stored-value systems, smartcards are being used | - these have different security properties. | londons_explore wrote: | > Who would accept "provisional money" though, if there is | a realistic risk of it being double spent and therefore | effectively worthless? | | It's up to the receiver whether they want to walk to the | internet cafe and connect to verify it, or if they just | trust the person they got it from. | londons_explore wrote: | > Only if you assume untrusted devices. | | If all the devices are trusted, but can be lost/destroyed | and re-issued, you have the same problem. | lxgr wrote: | There are ways to do reissuance for lost or damaged | stored-value cards, but they require shadow accounts and | periodic reconciliation: | https://news.ycombinator.com/item?id=37380539 | | But these aren't mandatory: Physical cash also can't be | replaced when lost, and only rarely when physically | destroyed. That model might be preferred in some | scenarios. | woah wrote: | I get the idea, but I think this is a terrible UX. People | shouldn't have to worry about whether they have real money or | not. Either the system is secure or it isn't. | Spivak wrote: | Eh, checks and chargebacks are a thing. People are already | used to the idea that money has to clear to be real. | lmm wrote: | Not nowadays. Most people never deal with cheques and | never accept payment by credit card. | vinay_ys wrote: | > because a user has to be allowed to log into a new device | (if they lose their old one) | | You can solve for that by having short validity of the | offline tokens on device and having that equal the cool-off | period for reclaiming those funds when new device is | provisioned. If I had [?]100 unspent tokens in my offline | capable device that I lost, and got a new device provisioned | the same day, then that [?]100 will show up in my account and | be available to load on my device only after, say 7 days, of | cooling-off period. In those 7 days, if someone who found | your device could spend it and if so you lose it. If you know | you are likely to be offline only sporadically for few hours | and not for days, you can reduce the validity (and hence | cooling-off period) significantly to just 12 or 24 hours. | londons_explore wrote: | I think this system has to be designed for some users who | will _never_ be online. Think of villages where there is no | internet access yet (only 8% of Eritrea has access to the | internet for example!). Hence there can 't be a 'if you | don't log in for 7 days you lose your money' mode. | vinay_ys wrote: | Let me clarify: if you have you device with you (didn't | lose the device) and you didn't make contact with another | online device for more than cool-off period, your device | tokens won't be refreshed and they will expire and become | unspendable. You don't lose that money - it is still in | your account and will be available for you spend as soon | as you go online. The "lose your money" scenario is only | if you lose your device and someone finds your device and | spends the money on the device within the cool-off | period. It is equivalent to losing your cash wallet and | someone else spending your cash. Except in case of cash, | that stolen/found cash is lost forever and is valid to be | spent by the thief/finder forever whereas in this case | there is a small time-window after which you | automatically don't actually lose your money! | endgame wrote: | If both parties are offline, exchanging cash trivially solves | this problem. | vinay_ys wrote: | :-) that assumes cash is trivial. It is not for so many | reasons. Cash is bulky and discrete. Cash is visible and | easily snatched/coerced from you. | | Apart from classical robbery held at knifepoint or gunpoint | and taken to an atm and being robbed or being blackmailed to | actually do instant money transfer online which do happen, | there are other lower threshold but more frequently occurring | and more painful cash "thefts". | | One eye-opening story I learnt a while ago was this: the | women daily wage workers (or the household help that comes to | my home) who are typically the breadwinners for the family | are coerced by their drunk husbands to give their hard earned | cash which they will waste on more alcohol or gambling. This | was the situation for decades. Now, with zero-balance, zero- | cost bank accounts being made available at scale in India, | these women can now keep their money safe and provide care | for their children by refusing to give money to their | husbands (usually it involves telling them they don't have | the money to give when in fact they do in their banks). Such | is the social reality for so many. | eldaisfish wrote: | cash also has a fantastic advantage that no piece of | technology will ever have - its ability to level the | playing field in terms of access. No government can | invalidate your cash without simultaneously invalidating | all cash. This is not the case with any digital system. | | See here for one example where the indian state denied | citizens access to their money by freezing their UPI | accounts after unproven allegations. | https://www.thenewsminute.com/article/bank-acs-can-be- | frozen... | jameson71 wrote: | That doesn't sound a lot different than "hiding" the cash. | If she is working, the husband knows she is getting money. | | I do not think the loss of privacy is worth the convenience | when talking about replacing cash in a society. | lxgr wrote: | I fully agree, but in fact stored-value cards offer a | plausible path forward for private electronic money: | | Most existing stored-value systems use "shadow accounts" | for reconciliation (in case one of the card-level private | keys gets compromised and makes it possible to "double- | spend" electronic cash), but that's not really a required | part of the system. If it's secure enough, it's possible | to just leave these out! | | It's probably also possible to create some kind of hybrid | system which does create pseudonymous traceable logs | which offer some trade-off between privacy and security, | similar to how banknotes have serial numbers which can | theoretically be traced, but practically mostly aren't. | | And the enormous advantage of a privacy-preserving | e-cash/stored-value system over cash is that it works on | the internet too. | wtmt wrote: | The story and the connection to bank accounts don't sound | logical at all. It's not like the husbands wouldn't know | that the money _is there somewhere_. If a random person can | do to another person a "classical robbery held at | knifepoint or gunpoint and taken to an atm and being robbed | or being blackmailed to actually do instant money transfer | online", why wouldn't husbands catch on to this? The women | could, in theory, have more than one bank account and hide | how much they earn and save by keeping a lower balance in | the account known to the husband. But the same could also | be done with physical cash by handing a chunk of it to a | trusted person (for expenses and savings) and keeping a | smaller amount at home to be snatched. | | With one or more bank accounts, the woman must now keep her | phone safe and inaccessible from the husband too. Or she | must be very quick and diligent in deleting all the SMSes | sent by banks for all kinds of transactions. This adds more | hassles than saving cash with someone else. | | In all the cases of alcoholism and men snatching money from | the women/household without any other care, it's violence | that keeps that relationship and "contract" alive. That | violence isn't going to disappear just because physical | cash is replaced by a bank account. | | In summary, I don't buy the conclusion you've quickly | jumped to. | MichaelZuo wrote: | I don't quite get the example, like the other user said in | this case the husband would clearly understand his wife is | still working, so of course he won't believe it? So if he | has a alcohol and gambling problem then he will still try | some method? | bertman wrote: | >For open systems like UPI we have recently introduced offline | payments capability with very small stored value stored as | tokens on the mobile phone and used for very small | transactions. | | Sounds interesting! I read about India's UPI for the first time | a couple of months ago in an Economist article: | https://archive.ph/WoqQp | predictabl3 wrote: | Please don't scorch me HN, this isn't an endorsement, just a | question for thought -- but isn't this one of the things | Lightning is sort of meant to solve? | | lol, literally less than 20 seconds. | | > Then, when does reconciliation happen? When either party goes | online? What if it is not a closed loop system? Then, | reconciliation needs to happen for both parties independently. | How long can either party stay offline and continue to make | transactions? Is it both send and receive or only send on one | side and only receive on another side? What if one party | (merchant/receiver) is more likely to be online (almost | always). Does it just become online payments problem then? NFC | tap and pay is exactly this scenario. | | Again, literally the exact problem statement and value | proposition of Lightning, but _stupid, stupid_ me for daring to | mention it here, I guess. Feel free to ignore that the idea | behind Lightning could be useful without being tied to crypto, | but can 't possibly have a conversation about that. Nope. | callalex wrote: | >but can't possibly have a conversation about that. Nope. | | What conversation? You just dropped in here with flamewar | bait and complaining about some self-imagined persecution | without contributing any substance. Hence your comment is now | gray. | intotheabyss wrote: | No, not lightning. If anything, it would be something like | this: https://blog.gridplus.io/the-phonon- | network-59835328b799 | lxgr wrote: | > Then, when does reconciliation happen? When either party goes | online? | | In many existing systems, there's a split between "merchant" | and "customer" cards, of which only merchant cards are allowed | to accept payments. Merchants often have to go online once per | day and batch-submit all of the day's payments in order to be | guaranteed settlement. | | Among other advantages, this allows for a "lost/stolen" card | feature: If a user loses a card, that card can be denylisted on | a global list synchronized to all merchant terminals daily. | After another day of waiting for straggler transactions, it's | possible to determine the remaining balance of the lost card | from the backend, and reimburse its owner, since further funds | on the card can no longer be spent anywhere in the system. | | One day is essentially just an arbitrary timespan here - you | could make it 14 days, or an hour. In the systems I've looked | at closely, one day makes sense because these are historically | transit-focused, and e.g. buses don't have continuous network | connectivity, but do go to a depot in the evening, which is a | good opportunity to clear and settle all of the day's payments. | | Customer cards never need to be online in such a scheme. | kwhitefoot wrote: | > Then, when does reconciliation happen? When either party goes | online? What if it is not a closed loop system? Then, | reconciliation needs to happen for both parties independently. | How long can either | | You can solve that by actually having the money in the device | so that reconciliation is not required, digital cash like the | abandoned Mondex stored value system. | lisper wrote: | The important point here IMHO is that the vast majority of fraud | is not an inevitable cost of doing business, it's the result of | _deliberate policy decisions_ , and the fact that the cost of | fraud can be fobbed off by financial institutions onto merchants | and thence onto consumers without the latter even being aware | that they are bearing this cost. It is quite literally a | conspiracy. | [deleted] | grishka wrote: | Had to read surprisingly far before there was a mention of | transit cards -- which is the first thing that comes to mind when | I think about stored-value cards. | | In my city's implementation the offline-ness of the system is | very apparent. If you add value to your card online, you have to | come to a subway station to stick the card into a reader to have | your new balance written. The turnstiles at the same station | don't do that either despite definitely having a network | connection, you have to specifically use the balance-checking or | ticket-selling machines. | | The only application I've seen that isn't transit is at arcades. | You'd buy a "member" card that you'd put money into. Each machine | would have some sort of terminal where you tap or swipe that card | to add credits to the game. But then I'm not quite sure if these | systems are offline or these terminals are connected into a | network. | hippich wrote: | Sometimes back in 90ties, in Belarus, we had payphones that | accepted prepaid payphone cards. I don't remember if you could | reload them or you just bought one with credits already on them, | but you certainly could change a few bytes on the card's chip | memory to set credits about to any value you wanted. And the | hardest part was actually finding contact board that matched | chip's contacts layout, to wire it up to LPT port. But otherwise | it was "plaintext" value you change in the hex editor. | pjc50 wrote: | The UK had non-chip phonecards for a while: | http://www.telephonecardcollector.com/phonecard-collecting-h... | | I think they were magnetic or magneto-optical? | rwmj wrote: | Yeah they used a laser to read and burn along a strip in the | card. (It was a bit more subtle than I've described it, and | you couldn't see the burn mark.) | throwmeaw wrote: | One of the first stored-value bank cards was called Proton and | trialled in Belgium as early as Feb 1995 [0]. | | I have fond memories as a young teenager topping up the card at | my bank ATM (just transferring money from my current account to | the proton bit of my debit card) and buying my weekly & monthly | computer magazines at the local newsagent. I'm surprised it | survived until late 2014, a nearly 20 year long run. | | [0]: https://en.wikipedia.org/wiki/Proton_(debit_card) | jeffchien wrote: | Coincidentally Japan just indefinitely suspended sales of their | famous SVCs due to the semiconductor shortage, and BART had | issued a similar warning about shortages last year. | reisse wrote: | We had stored value card payment system in Uzbekistan somewhere | from 2003-2005 to 2010-2012. But no-one ever called it "stored | value card", basically, I learnt the word today :) Everyone just | called it "offline cards", in contrast with "online cards" which | required Internet to do transactions. | | The system was called UzKart (do not confuse with UzCard, which | is modern online successor of that system). On the day when | salary was paid, you had to find an online ATM or internet- | connected terminal in the shop, and "load" money to the card. | Then, you could use the money on the card to pay in offline | terminals. Balance could be checked directly in offline | terminals, you had to ask the seller to print it. | | Sellers had a special offline card, called "merchant's card". In | the end of the day they loaded all the transactions from an | offline terminal to a merchant's card, and then brought the card | to an ATM or a connected terminal, to synchronize payments with | the bank account. | | If, for some reason, at the time of synchronization some payments | failed to clear, payer's card was banned and they had an angry | call from the bank. | | When the system was introduced, internet connection was expensive | and unreliable. It co-existed with online cards, but merchants | strongly preferred to deal with offline cards. As soon as mobile | internet become cheaper and more widespread, offline cards died | because of the hassle with "loading" and "unloading" them. | | More info on UzKart and UzCard can be found (in Russian) here | https://gazeta.norma.uz/publish/doc/text97703_uzkart_ot_duet... | and here https://uzcard.uz/ru/news/post/uzcard-bankovskaya- | tranzaktsi... | ksec wrote: | Which is similar to T-Money in South Korea, Octopus in Hong | Kong, and later Suica in Japan. All of which if I remember | correctly came before 2000. | | They are still extremely popular in those region. One of the | thing I dont understand is why these type of payment never took | off in the West. Even things like Oyster card in the UK is only | for transport but not for any other sort of payment. | | Another point worth pointing out, Offline payment are much | faster, with Sucia based on FeliCa capable of doing the | transaction in less than 100ms. This is important in a | transport system as heavily used as the Japanese transport. For | people who are used to these type of payment, everything else | just felt so slow. | | With every iPhone now getting a Felica Chip built in, I was | hoping this type of payment could take off. And yet nothing | happened. | toast0 wrote: | I don't know about Europe, but in the US, offline payments | with regular credit cards are/were a thing. | | In the old days, you could use an imprint machine to run the | card, and mail in the charge slip. Raised numbers and imprint | machines are uncool now, but they lasted a long time as | backup in case the terminal wasn't working or the power was | out. | | As far as I know, most US cards include the metadata for | offline charges, where the terminal processes transactions in | bulk, but there's more risk for merchants than doing an | online transaction. | | Stored value cards are popular in transportation, where speed | is important, fault tolerance is required, and connectivity | is intermittent. But even for gift cards, it's more common to | use the card as an identity token, and get the value from an | online ledger; it makes alternate uses much simpler. | zdragnar wrote: | I'm always extremely leery any time those come out because | the network is down. A furniture / appliance store in my | hometown had an employee use the imprint machine to steal a | bunch of credit card numbers, including my parents' card. | They only found out because the police had been tipped off | and found a bunch of carbon copy slips in the employee's | apartment. | [deleted] | lmm wrote: | > They are still extremely popular in those region. One of | the thing I dont understand is why these type of payment | never took off in the West. Even things like Oyster card in | the UK is only for transport but not for any other sort of | payment. | | From my memory, some newsagents etc. did allow payment by | Oyster. But there just wasn't demand for it. | | In Japan at least, many people don't have credit cards and | are scared of any kind of debt (perhaps because debts are | more enforceable here). So that might be a factor. | loyukfai wrote: | The Octopus is the de facto transport pass in Hong Kong | (well, it's started by the major transport companies) and | commonly used in many shops, it's also used by some for | building access. | | Octopus takes an 1.5% cut, I'm not sure if it applies to the | founding transport companies but I assume the money will flow | back to them anyway. | | Recently, some transport services started incorporating | Chinese e-wallets like Alipay and WeChat Pay which utilizes | QR codes, and the agony of seeing people (mainly Chinese | tourists) repeatedly scan and fail at the gates blocking the | whole queue during rush hours is quite depressing after years | of smooth access. | | Cheers. | hakfoo wrote: | We sort of have two forces pushing in opposite directions: | | * Many transport cards were NFC or RFID or otherwise "you | don't have to take the card out of your wallet" years before | general-purpose cards were. Now, many transit systems just | promote "tap-on and off with your Visa and don't bother | loading money into our closed-loop network." (Interestingly, | I will note that Toronto's system at least is cheaper to ride | if you do use the closed-loop card) | | * Conversely, merchants-- especially large merchants-- have | desperate desire to get away from the general purpose card | networks due to high fees and sometimes clunky chargeback | rules. Notice the handful of "Walmart Pay"/"Kroger Pay" apps | that they'll support rather than enabling Apple or Google Pay | at the till, or even things like Target and some petrol | stations offering propriatery cards that connect to debit for | settlement. | | Transport cards could be appealing for the merchant | audience-- they're likely cheaper to process and represent | funds already confirmed by the transport operator. But | they're not federated, so it would turn into a nightmare of a | thousand individual integrations and a UX like the early days | of (pre-Visa/MC branded) debit where you'd have to check if | the merchant supported the specific network your card was on. | jacobwilliamroy wrote: | I'm surprised we don't have something like this in the U.S. | Just last week I was withdrawing cash from an ATM because I was | worried the power would be out for a few days and my debit card | wouldn't work. | lxgr wrote: | Almost-ubiquitous, almost-free network connectivity can be a | curse when it comes to the development of resilient systems. | | The US has had free local calling for many decades now, so | online card authorizations were always much cheaper than in | many other countries, even long before the internet. | | Still, there were some applications: The article mentions | laundromats, but as far as I know, US military ships have | also had a similar system. | | There's an interesting recent legislation proposal today that | argues for a very similar system, but primarily for the sake | of privacy (although network/power failure resiliency would | be nice secondary benefits): https://ecashact.us/ | mrsalamander wrote: | In the early 90s I lived in Guelph, Canada. We were one of a | couple of pilot cities for Mondex, a stored value card system | that I think was owned by MasterCard. The city got a bunch of | funding to get Mondex working everywhere from parking meters to | buses, payphones, and of course private businesses. Everyone | who wanted one was sent a Mondex card and a portable card | reader which looked like a small calculator. You could put your | card in it and press your thumb on a button to make the display | show your balance. That little device allowed you to transfer | money between cards if I recall, but I never figured out how. | You could also see your past transactions and set a card PIN. | | One of the cooler things Mondex could do was an early form of | online banking. Some households were issued special phones from | Bell Canada that looked like regular Nortel phones with a | yellow card reader attached to the side and a much larger | screen. You could log in to your bank directly from the phone | and transfer money out of your account into the card. You could | also use an ATM if you didn't have the phone. | | It was a pretty neat technology but at just around the same | time Interac debit payments really started to take off and | people were much happier to have a card linked to their | accounts rather than a card with a balance you could lose. The | payments were also pretty slow, so anyone paying for the bus | slowed the line down. | | I still have my card and reader somewhere and I think it has a | few dollars left on it. The last time I looked, many years ago, | the only transactions that showed up on the reader were coffee | purchases at Tim Hortons. | bonestamp2 wrote: | In the mid 90's in Canada we had similar cards, but they were | only for pay phones. Before cell phones became cheap, parents | would buy these pre-loaded cards for their tweens and teens so | they could call for a ride when they were done at the mall or | whatever. | | https://i.imgur.com/aD6ihh8.jpg | mig39 wrote: | Personally, I did the collect call thing to my parents, | especially after the system was automated. | | Robot Voice: Hello, you have a local collect call from "mig39 | is ready to be picked up" -- do you accept the charges? Then | my parents would just hang up and come get me. | techsupporter wrote: | People of a certain age will remember the GEICO ad, | "Collect call from Bob...Wehadababyitsaboy" - | https://www.youtube.com/watch?v=9JxhTnWrKYs | thriftwy wrote: | That's interesting. In Russia, cards didn't really catch up for | a long time, but once they did, they were online cards with | GSM-enabled card terminals. | | Until 2010, most people will get their salary on a card, go to | ATM, withdraw paper money and pay with that. Actually, cards | only became relevant with the advent of contactless/NFC cards, | which started around 2012. Then they spread like wildfire. | | I wonder what caused the adoption of UzKart compared with plain | old cash. I also wonder if any neighbouring countries had | similar systems and what their adoption levels were. | samstave wrote: | Reminds me of minutes loading of SIMs in Philippines in the | early 2000s... Loading was available every single tiny soda | stand to bodega to major shopping - they were Uzbek-quitous :-) | | I have some friend who have made millions over the years in | selling international calling cards and routing them through | their SIP networks... | | There is the ability to make a completely separate | transactional system outside of of Central Bank Control, using | these stacks for card loading and calling (network access) | etc... but generally fighting against Money Monopolies is | suicide for your business. | | And on the one hand, rightfully so - EXCEPT in cases like | SBF... that guy is such a criminal, the central banks like him, | and his parents, and his donations, and his fraud... | | The whole system has holes in every facet. | jackdaniel wrote: | That's super-interesting, thank you for sharing :) ___________________________________________________________________ (page generated 2023-09-04 23:00 UTC)