21st century vocab: "Card clash"


#1

[Permalink]


#2

yeah just because it's about oyster RFIDs is no indication that it's automatically worth making a post about it.


#3

This sounds like something that the RFID folks would have maybe thought about before deploying these systems. Prioritize card reads according to the desired use? Hmm.


#4

TFL are so proud of their new phrase. Every time I hear them remind me to "avoid card clash", I mentally replace "card clash" with "being charged extra because we're not prepared to give you the benefit of the doubt".


#5

At least they have noticed the problem, here people are wondering why their rfid travelcards don't work inside their wallets anymore after they get new debit cards with contactless paying. Solution: get a new wallet with rf blocking for bank cards and an outer pocket for the travelcard.


#6

How about fixing the software? If it can tell it has the wrong card, it should be able to pick out the right one. This assumes a moderate amount of foresight in the card designer, but as long as we've had these things we ought to be able figure out how to distinguish individual cards.


#7

My CCs have started putting those RFID chips in, and now local stores don't want me to swipe cards any more. I have to plug my card into their reader and wait until it finishes mumbling to itself before I can remove it. What is the reasoning behind this?


#8

Well, I'm not sure what THEIR reasoning is but here's my reasoning:
Always, always, always, ALWAYS use the chip and pinpad to validate any purchase. If you're ever ripped off wirelessly, you can point to your history of never using the contactless purchase option.

Really, like your time is sooo valuable that you can't wait the four seconds it takes?


#9

I don't think you're talking about RFIDs, I think you're talking about the EMV chip that's embedded in the card? If that's the case, then the main advantage is that it allows payment to be taken without you having to give your card to anyone else, or for them to take the card out of your sight, while they swipe the magnetic strip, which would give them the opportunity to clone the card. It's also one half of the system called "Chip and PIN" in the UK; obviously signatures were a major security problem since they were written on the card they gave access to, and PINs are supposedly secrets shared between you and your bank.

The RFID system referenced in the original post doesn't require you to insert your card into anything - you "present" your card and the reader completes the transaction. So-called "card clash" seems to occur when you're asked to present a card and you present more than one.


#10

Ah, my mistake, not the same thing (Wikipedia's explanation is comprehensive, but tl;dr). Is this the same thing as the (chip? code?) that used to have you simply pass your CC over a scanner without swiping or inserting, or are we talking past one another? All the cards refer to their proprietary systems by a proprietary name which tells me nothing about the system.

BTW, being uncertain of the benefit of the new system makes me wonder why it is apparently less efficient than the old one.


#11

RFID cards are the ones where you wave them over a reader. Chip and PIN cards are the ones that you insert halfway into a reader, type in your PIN, and hit OK. What's confusing is both are referred to as having a chip in them and some cards have both. My credit cards actually have RFID, Chip & PIN, as well as a magnetic stripe to maintain compatibility with the US.


#12

It might be that only the wrong card responds. Passive RFID tags rely on the reader's signal to charge a capacitor that powers the response. So whichever tag charges up first will be the one detected.

I suppose you could design the reader to keep looking for other tags after the first one responds, but it might just keep picking up responses from the first one.


#13

I think people get mixed up about the different evils involved. The evil of Oyster cards is that they identify you personally, and the pricing structure strongly discourages anonymous single-trip and one-day tickets. But that could have been done with mag strip tickets too.

The fact that they're contactless is not malicious, it's just to make stations move faster (and possibly because the procurement bureaucrats were wowed by the futuristic technology). These cards do use radio to communicate, but they draw their power from the radio signal emitted by the receiver, which physically limits them to very close range. Even in controlled situations I don't think they could be read from more than a meter away.

This "card clash" thing is just plain old incompetence. They initially said you could use the card without taking it out of your wallet, and now they're having to backpedal, because it's just not true if you have more than one card. I had this problem years ago when I got a contactless university ID card. Even if both cards are powered up, I'm not sure the protocol even allows for more than one card to work simultaneously.

(It's made worse by London's multiple fare zones, which requires the same ticket to be checked at both ends. That was a mistake they should have corrected back in the 80s).


#14

You said it. If the reader fails to find a correct card, keep looking. It's not terribly complex. It sounds as though they simply didn't think about other organizations using the same kind of cards. To me, picking the right card out of the bunch would be the basic problem to be solved before they could be deployed widely.


#15

I imagine (aside from the 'eh, didn't think of it/assumed we could just make it your problem' logic) that there are some notrivial issues:

Some readers (I certainly haven't played with them all, probably depends on IC and power budget) only register one card if more than one is simultaneously presented. Exactly which one it's going to be seems to be up to the dark, unknowable, gods of real-world RF behavior; but you only get one and no indication that there are others.

If the one you do get is valid for the purpose(and as best I read it, that can be either a TFL-issued card or a bank-issued payment card, at least on some of their systems) there isn't much to go on. You could cut the power, ping again, repeat, and trade time for certainty; but users aren't going to wait for that while boarding(or necessarily know whether the right answer has already been hit, or whether they are about to be saved from the wrong answer).

Assuming that they do have units that read multiple cards simultaneously, you'd think that the answer would be easier: Do they have some sort of pre-paid weekly/monthly pass? Use that first. Credit on a card issued by us? Second. 3rd party payment card, 3rd.

I imagine that they either don't have readers good for that, or they don't want to learn how creative some snarky member of the public gets about structuring the presentation of multiple RFID cards to create favorable misinterpretations. (Something that has already been explored... Who ever would have imagined that a hedge fund guy would bring amoral value-rationality to financial matters?)


#16

https://www.tfl.gov.uk/fares-and-payments/oyster/using-oyster/card-clash

Later in 2014, when contactless payment cards are accepted for travel
on Tube, tram, DLR, London Overground and most National Rail services
in London, one of the following could also happen:
Your fare could be charged to a card you didn't intend to pay with
You could be charged two maximum fares if the card reader reads one card
when you touch in at the start of your journey and a different card at
the end when you touch out
Remember to separate your Oyster card from other contactless cards when touching in and out.

If I were paranoid I would say that the whole card clash thing is intentional, so that people get annoyed with not knowing which of their credit cards will be used for a payment, and decide to readily accept the single state sponsored universal RFID to replace all personal RFIDs.


#17

Wow - that was a fabulous post! Looking forward to hearing more from you - the depth, the breadth, the ... you know, I just so admire it! Wow!


#18

You might not be totally wrong - they're in the process of allowing contactless payment cards to be used the same way as an Oyster card, obviating the need for the Oyster.


#19

Fortunately contactless payment is pretty much confined to London, so it's not much of an issue for the rest of the country.


#20

Your scheme sounds like it would make it difficult for multiple banks and payment processing companies to keep their hands in your pockets at all times, occasionally skimming off a few fees here and there...

I like a good orwellian dystopia as much as the next guy; but you have to consider shareholder value here... Even a colossally fucked government RFID unification scheme might get G4S, Gemalto, and one each of the major banks and CC processors a piece of the action, along with an assortment of 'systems integrators' to chew on legacy databases until the heat death of the universe. Leaving your wallet a radio-frequency war zone, though, means a cut for basically everyone you've ever signed a contract of adhesion with!