Hacker News new | ask | show | jobs
by 6ren 5349 days ago
A malicious cashier could order things in your name, whenever you were nearby.

This might not happen much in practice, because the cashier would be found out later (assuming they must login). However, the opportunity doesn't arise with existing transactions, where you must physically hand something over (cash/card), and usually get an opportunity to verify the amount, so there's no evidence either way. It will be interesting to see if this is actually a real issue, in practice, in the current roll-out.

Many, many cash-alternatives have been tried and failed, but this one has a new technology (iPhone geofencing) and smart founders. If it does work, they could quickly revolutionize cash - globally (not to mention be the killer-app for the iPhone).
2 comments
ig1 5349 days ago
It happens all the time with credit cards, the practice is known as "skimming"

http://en.wikipedia.org/wiki/Credit_card_fraud#Skimming

link
fauldsh 5349 days ago
But it would be so much easier with this new system, they're told all the information they need and will have to enter legitimately, rather than having to use 3rd-party hardware.
link
ricardobeat 5348 days ago
Then they get kicked out of the program.
link
aero142 5348 days ago
It's better with this than with a CC. You get a notification on your phone immediately, so they are likely to get caught at the moment they do it. You could walk up to the manager and say, "Hey, someone just charged me for something I didn't order. With a credit card, they might take the credit card nimber when you buy something legitimately and then skim it and use it later. It's hard to know which time you used the card and it was skimmed and who purchased something later. This sounds more secure.
link
6ren 5347 days ago
Nice point. A notification just-after is almost as good as authorization just-before.

An exception I see is that it works even when your phone is off, so you wouldn't be aware of the notification (or so I assume - do some phones buzz/beep, even when off?) Of course, it makes it riskier for a malicious cashier. I suppose they could check who has their phone off first, but the risk is certainly mitigated.

link