[rtpg]

My understanding here is that there's less risk of double spends here because of the extreme difficulty of cloning the smartcards involved.

So to execute the double spend you would have to find an authorized card provider, convince them to load and sign your double spend-capable program onto the smartcard (with their signature!), and then be found out within a week when reconciliation is off.

So doing a double spend will be found out, and not only will you be on a bunch of cameras doing the thing, whoever made your card will also have been compromised.

I think that in practice the "eventual" reconciliation is fairly quick nowadays. Just that the offline spend can happen quickly, and then the packet gets sent over the wire maybe a minute later rather than before the spend is approved.

[account42]

It's really not that big of an issue when the spends are reasonable sized (e.g. public transport). You don't need to prevent literally all fraud, just enough that it becomes an acceptable cost of doing business. Fielding customer complaints because they couldn't ride due to an offline reader isn't free either.

[Shank]

> I think that in practice the "eventual" reconciliation is fairly quick nowadays. Just that the offline spend can happen quickly, and then the packet gets sent over the wire maybe a minute later rather than before the spend is approved.

This is definitely the case, and it's also "relatively instant" in the happy path. There are cases like vending machines, or during system outages where the reconciliation happens much later, but those instances are definitely becoming rarer!

[beeflet]

Or you can extract the secrets from a smartcard using a variety of side-channels. But the juice is rarely worth the squeeze.

[rtpg]

Maybe you can, but I had the impression that it would be quite difficult given physically unclonable function-y stuff. Handwave-y and I have no clue if Suica-style payments use it but that was my impression.