Fashion statement

I am just out of the Cartes show. A bit depressing, mostly because of the current circumstances and the number of “Absent exhibitors”. However, there werea few interesting highlights. One of them came in the Wearable and IoT conference track, in a presentation from Oberthur’s Olga Titova Candel about Wearable Payments for Fashion.

The main message of this presentation is that payment in wearables is going beyond basic plastic bands and special watches. The new trend is now that payment is being integrated into normal fashion accessories, like the Swatch deployment in China, or the integration of payment in the latest Jawbone UP4. These deployments are linked to a payment scheme: China Union Pay for Swatch, and American Express for Jawbone. Still, it is exciting to see mobile payment integrated into generic devices that you mostly get for other things (like, you like the watch, or you like the fitness tracking features and band design. Here, payment is just an extra feature, which is likely not the main reason for selecting the object.

From a sales point of view, this looks important to me. If payment is successful in these first deployments, it could lead the way to many more similar objects. As a longtime user of vision glasses, my glasses would be the perfect object for payment, as I wear them in almost all circumstances (plus, the form factor is interesting for fitting an antenna).

This does raise a few security-related questions:

  • Transfer. Such devices all come with some kind of enrollment process, for instance through the UP mobile application for Jawbone. This is nice, but the life of the object continues beyond enrollment. A fitness tracker may be given or sold to another person, and it is reasonable to expect that the payment feature will need to be disabled, and potentially reenabled later (and again).
  • Loan. A fitness tracker is very personal, a watch a bit less (my teenage daughter can borrow mine if she happens to like the design), and I am sure that some other payment-enabled wearables will be shared, at least in a limited community. I am happy to share my watch, but I want the payment feature to be disabled when that happens.
  • Steal or lose. Here, the problem is that these payment-enabled objects become an extension of our wallet. Losing one is very much like losing a wallet, and this may become dangerous, especially for people who only use the payment feature very occasionally. Also, checking that the person using such an object is legit will be difficult or at least different.

I don’t own any of these devices, so I don’t know how they handle that. Maybe that all these issues, and more, have already been sorted out technically. Yet, there is a human aspect to that will also need to be field-tested. The users need to be aware that they are wearing payment cards. Not much of an issue when you only have one payment-enabled object, but this could become a problem if we get more and more such objects.

But then, these are interesting problems, and I can’t wait to find my own payment-enabled fashion statement, and to see how this evolves in the near future.

About PIN, the iPhone is about 20 years behind smart cards

I was astonished when I read this article on breaking the iPhone PIN. Some guy has built a device that can guess your iPhone PIN, and he is using a very old trick that was performed on cards years ago. Of course, the exercise is pointless; as noted in the original article, Apple can (will) […]

Did Apple just boost mobile security?

I have been working on mobile security for many years, and things haven’t moved much: justifying mobile security is always painful. Whyshould Ispend more money? There aren’t that many attacks! Some business use cases seemed like a good justification, but the economics are unclear and remain in the order of “if youget hacked, it could […]

The Off-Card Bytecode Verifier is fine, thank you!

REWRITTEN on 23 Nov. 2013. A few weeks ago, a friend sent me a link to the Cardis program, with the message “A bug in the verifier?”. Looking at the program, I saw a paper entitled Manipulating frame information with an Underflow attack undetected by the Off-Card Verifier, by Thales Communications and Security. This sounded […]

Twitter going feudal on security

I have recently experienced security issues with Twitter, as my account was in some way hacked. And I am not happy of the way Twitter handles this situation. First, here are the facts that I know: Two weeks ago, a got an e-mail from a colleague warning me that he just received a spam Direct […]

Experimenting NFC, things

Following my little NFC rants, I have kept on experimenting with Android NFC applications and reading about the Internet of Things (experimenting remains harder, here). The combination is trendy these days, as this week will see the launch of a new initiative in France with the French chapter of ACM SIGOPS (in French). I won’t […]

NFC Tags to Empower Users in The Internet of Everything Else

Here is a continuation to my ramblings about the solely private use of NFC tags. I have already mentioned that there would be many benefits in considering some tags as public goods, and now, I wll focus on tags to be associated to things, as owned by companies or individuals. I have pompously called this […]

NFC tags as Public Goods

I have now seen a number of NFC applications, and they all have something in common: they consider their tags as a private and exclusive property. They believe that they will be the only application using this tag. That may be true in some cases, where tags are deployed inside the premises of a company […]

POPWings again, after MWC

I now have two POPWings cards, as I made a new one with my professional contact information on Gemalto’s MWC booth yesterday. I also have had the ability to “pop” one or two persons, giving me a better experience of the application. So, I owe an apology to POPWings here. When I first tried their […]

POPWings is a cool business card, but where is the platform?

UPDATED March 1st, 2013: See follow-up article. I have been quite happy to hear a few weeks ago that Gemalto finally decided to consider NFC as more than secure services, by launching their POPWings service. I immediately ordered one of their business cards, excited to get a new NFC service. So, I got a card […]