Topic: Bitcoin smartcard Point of Sale terminal - page 3. (Read 26856 times)

How would Square switch to having accounts? Whose accounts? The customer's or the merchants? How would funds get into those accounts? 

If you notice, that's how Square is proceeding.  Step 1 is to get merchants onboard using new software, but the payment methods are the same yet (magstripe swipe or cash).  Added to that is the optional mobile data (where the customer's presence is shared with the merchant ... "pay using your name").

Once there are enough users doing that, Square can switch to having accounts the app also function as a wallet so that transactions for mobile users don't go through their credit card anymore.    Square can do this because the fraud rates are lower when GPS data + security at the merchant's point of purchase (e.g. video cameras, face-to-face transaction with a cashier) makes fraud harder to get away with.

Here's how Bitcoin can piggyback onto Square's progress though:
 - https://bitcointalksearch.org/topic/m.843575

At present, all physical POS methods rely on the Visa/MC networks.

Dwolla uses the ACH to move money among bank accounts. Eventually they could move into prepaid/debit cards. If they do they would run their payments on the existing VISA/MC payments networks.

Paypal also uses ACH as its base. Their payment cards run on the VISA/MC networks.  For vendors wishing to accept card payments, Paypal offers a private label version of ISIS or Square (not sure which) hardware.  You know--those portable plastic mag strip readers that attach to cell phones enabling mobile VISA/MC payments.

One might be able to repurpose those ISIS or Square devices. They read the mag strip and send that data along with the merchant # and courtesy amount to a previously established phone number... ultimately Paypal's third party card processor's data center.

Dwolla basically has mobile web payments, so I guess there isn't any hardware involved.  And Paypal apparently uses standard mag stripe cards.  So perhaps not.

So, what do you think of the P2P upstart BUMP?

the cheapest & easiest to implement would be an android/ios client. nearly everyone has a cell phone, and if you're just signing transactions, you don't even need a data plan. however, this will require some way to transfer the signed transaction back to the POS terminal (maybe camera to scan QR code?), so you're looking at additional costs for the merchant.

If you have access to a desktop running bitcoind or other client, it should be trivial to get said client to track tx to/from your card address. Remembering which tx went where is another story, but at least you could have some idea.


Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

This will be much more convenient!

I imagine the "super" cards will be in the range of $20+.  That's probably fine for elite users and the security-conscious.  It will be competing as a more secure alternative to smart phones.  So it's in a niche market anyways.

For regular smart cards, maybe they could be paired with some type of online service that keeps an eye on merchants and perhaps validates transactions based on buying patterns.  At the very least, it would be nice to receive some type of statement at the end of the month to be able to detect fraud.  Otherwise, with nothing but the blockchain to go by, it would be basically impossible to know whether your grocer has a hacked POS terminal that is ripping you off.

So, just from what we've come up with so far, our universal POS terminal is looking at supporting:

• Smart phones via QR code / NFC
• Super cards via contact (/ contactless?)
• Smart cards via contact
• Online balance service
• Online transaction verification service
• Online "lite client" service?

Then on top of that add interfacing with the merchant's accounting system.  And besides magstripe and contact/contactless credit cards, you're competing with Paypal and Dwolla and that new Canadian Mint thing.  It's likely that none of those will cooperate to share hardware.

Yes I think there's no debate that those cards would be safe, but what do they cost?

5$ range is fine, but I think above 15$ will hurt us a lot.

Anyway there is no reason our protocol cannot include both smart cards and super cards at the same time:
* Same form, shape and chip connectors.
* With normal cards the amount is sent and then you punch a PIN - tx sent.
* With super cards the amount is sent then button pressed - tx sent.

-> The terminal won't really need to know the difference, just send the amount and wait for tx (relaying the PIN with smart cards of course).

This is a good model for a hardware wallet.  It is essentially the same model as the "box with serial port" model that has been discussed in many other threads.

My only objection is that I think that smartcards are a lousy choice for this model.  But, in parts of the world where smart card terminals are common, the network effect may very well be more important.

I see your point now, thanks for clarifying it.

grue, I understand that your attack has relevance to standard smart cards.  How much relevance, I'm not sure, since those basically require you to trust the POS terminal regardless.

But I want you to look again at the hardware I'm proposing be used, and to think about the process flow:

• The terminal sends the transaction amount to the smart card.
• The transaction amount is displayed on the smart card.
• The user presses the button on the smart card to verify the amount.
• The smart card creates and signs the transaction.

There is no way to create multiple transactions without consent.  There is no way to create transactions with the wrong amount without consent.  No sensitive information is transferred to the terminal.  All transactions are created on the card itself using Bitcoin keys that never leave the card.

Well, I may have been a bit hasty in writing that opinion.  Since then I've taken a look at the vid that benjamindees has posted, and the technology is indeed impressive. If these cards and readers are adopted in the broader marketplace then repurposing them will indeed have been a great insight.  The logic behind decisioning in this matter is simple. The S curves for  the merchant and consumer adoption rates are not uniform. In this case we would be somewhat dependent upon merchant adoption rates as you'd want merchants in "closed" or "protected" markets to blend in with the "norm."  More importantly, for distributed or open systems, it is far better to have a symbiotic relationship with the dominant design. I am a huge proponent of commensalism, (a class of relationship between two organisms where one organism benefits but the other is neutral-- with no ill effects or benefit) when designing alternative payment systems.

Best practice would suggest that the next step is to get a sense of the reaction to this technology. Is MC going to push it across their installed base? Do the biggest card issuers see an advantage in adopting this new technology, and if so, will they push the cycle time (meaning faster than the normal replacement rate of the cards already in the hands of their customers) What are the odds makers predicting (Gartner Group, Sullivan and Frost, etc.) in terms of adoption rates?

The above notwithstanding, I continue to believe that we must crack the code on mobile devices, as card usage will likely NEVER take root on most of this planet. Indeed, the average person throughout the Pacific Rim, Central and South America and Africa are already embracing "mobile banking." (The top 10 telcos are making a big push, Verizon is # 18 globally and the Gates Foundation has mounted a major offensive.)  It can be difficult for most of us to appreciate just how large this market is (people not petro dollars) b/c we tend to travel the Epcot Center route when doing business within but particularly outside our western democracies. Of equally important consideration, since a good deal of the world's supply chains originate in these markets, overlooking them would be a fatal error over the long run.


Guess I misunderstood, and assumed that the "businesses" in your outline are elements of markets by "Geography."  I'd suggest that we separate Businesses from Geographies, making "Grandma" 4th generation.

Yes, there will be significant overlap between these two markets, (like a Rubix cube) however, both categories are sufficiently large and complex that breaking them into two will make them easier to understand and our work less prone to error. I would further argue that one tends to think of countries from the bottom up (conditions on the ground) and Industries regionally and ultimately Globally, or top down.  Of course, all change resides in the individual and thus is local by definition. So designs derived in think tanks, no matter how diverse and multicultural, will be best customized and disseminated by actual users under their actual market conditions.

and do you realize that my attack simply involves making a second transaction, which for all intents and purposes is identical to a normal transaction? until there's a way to prevent the attack, i don't see any point in discussing merchant adoption of an insecure system.

Timing mechanisms:
1. Capacitor:
* Not a full power supply, could keep it running for those 30-90sec or at least enough for you to pull the card out.
* Just before it runs out it unlocks the card.

2. Clock:
* While the card has power from the terminal it counts chip cycles.
* The time from giving PIN and pulling the card will only be half the necessary waiting time.
* The other half will be counted down in the next terminal used at another merchant.
* This adds maybe 10s of waiting time when you start to use your card.
* This waiting can be mitigated by slotting in the card while the cashier is scanning your wares.

I believe that solves things?

BitCoinAndie:
1. I don't think new supercards are the way, at least right now - as it has been said we don't want to have to train people in new tech + they may be expensive hindering BTC market penetration.
2. For the paranoid super users it may be an option though - our protocol should just allow for communication with both types of card.
3. One-time codes are safe, but I don't think it is practical without super cards - which I again do not see as an option.

I think I kinda mentioned it in my second market ("businessmen"), but yes definitely a good way to go.

I think a "third generation" market would be something like my grandma using it.

First market would be "converts" and BTC dependent business start-ups (run by converts).

This is exactly right.  The card must sign the transaction itself, and it must do so only after showing the transaction to the user and getting confirmation.

But the details are tricky.

grue, do you understand that the entire point of a smart card is that the private key never leaves the card?


This is what I have proposed.  If you'd like to discuss any flaws you see in what I have proposed, I'd love to hear them.


No idea.  I haven't had a chance to speak with the manufacturer.  Obviously that would depend on particulars such as being able to source cards with the features you'd need, including memory and cryptographic requirements.  For long-term storage, you'd probably also want to know what happens when the battery runs out.

As for dual-usage, I can fairly confidently predict that no credit card company would consent to this.  I'm guessing that you mean for some type of proprietary payment network?  Which, sounds like an interesting idea and I'm sure would work in theory.

Thanks for link. Excellent Technology!

benjamindees here's a question for you. Could we issue these cards here in the US, buy the hardware and use the chip as form of Cold Storage? With an eye toward make these cards dual wallets (USD & BTCs)?