
Coin - xuki
http://onlycoin.com
======
nlh
SUPER clever idea -- kudos for that. In theory, this is awesome. As a
consumer, I love it.

As a merchant, however (which I am), there is no chance I would accept this.
None. Unless the issuers (that is, Visa, MC, Amex) drastically change their
policies, which I don't see happening anytime soon.

Why? Because the issuers are very clear about a few things: When push comes to
shove and it REALLY gets down to it, unless the merchant takes a physical
swipe of the actual card AND has backup to prove it (i.e. an imprint of the
physical plastic), the issuers will side with a consumer in the event of a
fraud dispute.

So why, do you ask, do most merchants not bother taking imprints of the actual
cards? Because a visual verification and physical swipe is usually enough (for
99% of cases). Instances of fraud via card duplication are rare, so it's
usually not worth the hassle. But in some cases, it is.

My business runs large-ticket purchases though CCs (average is $2000), and we
take super extra precautions when our customers buy from us. We take magnetic
swipes, visually verify, AND take physical imprints.

We've lost several chargebacks because of lack of doing this. You'd be
surprised how these little-known rules crop up when you least expect them.
"Sorry, customer claims charge not authorized. Merchant doesn't have physical
imprint. Chargeback approved." It's happened and we've been defrauded out of
$thousands because of it.

The ONLY way we've been able to successful combat chargeback fraud is through
the multi-layered approach.

Anyway, I know this is a fairly esoteric perspective and my business may be
different from lots of others where this isn't an issue, but I have a feeling
V/MC/Amex aren't going to get behind this.

~~~
Nursie
I don't know why the US hasn't adopted EMV. It's not perfect, but it has cut
down fraud massively here in Europe.

They're very hard to clone (I won't say impossible, but attacks against EMV
have not generally been of this nature) and the transaction records at both
ends will tell you whether the actual, real card was there.

The liability is more clear-cut as a result. If the customer claims the charge
was unauthorised, that's between the bank and the customer.

\--edit-- of course with EMV cards Coin would no longer be possible or
relevant. Neat product, only useful in a magnetic-stripe world, which is at
least a decade behind the curve now.

Theoretically with EMV you could put all your credit-cards on one chip and the
terminal will either choose a supported default or present you a list, but
that would require cross-bank cooperation, never going to happen.

~~~
busterarm
I want chip and pin cards SO BADLY here.

Mainly because it would make my trips to Europe a lot easier, where many
systems I've encountered won't work on some non-EMV cards.

~~~
XaspR8d
I didn't realize European automated machines would basically never accept my
cards. On a subsequent trip I tried to get chip card, but neither my personal
banker nor the branch manager at Wells Fargo had ever even heard of them and
insisted I was confused about the problem.

Shopping for a new bank, for many reasons.

~~~
saryant
Wells Fargo definitely has chip cards. They shipped me a chip version of my WF
credit card out of the blue a while ago.

------
cik
I think we're all missing a key point here. From reading the FAQ it appears
that the application needs access to their servers. That blows my mind. Why
should my _mobile_ phone application, responsible for programming a local card
via Bluetooth ever need access to the internet? Simply put - it shouldn't.

To me, this sounds like a big data play, except in this case the company is
getting the user to cover the cost of acquisition. I imagine the actual cost
of production on a card like this being well < $20 shipped (disclosure: I've
been involved in shipping and starting up several physical products).

So now, I have something that collects and unifies data across multiple
purchase vectors, sending that back to a single source. In other words, I've
paid for the privilege of helping another company get the same sort of insight
that mint.com was building, except that I'm also including loyalty data.

Colour me out.

~~~
isomorphic
Right. Also, unless I missed something, I didn't see anything in their FAQ
that states categorically that they're _not_ storing your card information on
their servers.

No, Coin, I'm not going to store all of my credit and debit cards in a single
spot on the Internet.

Your app has to work without Internet, or it's a security risk.

------
unfletch
I'm guessing the Coin pre-order is why Protean sent me an email yesterday
reminding me they exist: [http://getprotean.com](http://getprotean.com)

Their Echo card is exactly the same idea, with some minor variation in
implementation. It has not yet launched.

As far as the concerns voiced here (accidental button presses, etc.), Chris
Bartenstein, a Protean co-founder, has addressed some of that in the comments
on this TechCrunch story: [http://techcrunch.com/2012/08/02/the-protean-echo-
reduces-al...](http://techcrunch.com/2012/08/02/the-protean-echo-reduces-all-
of-your-credit-cards-to-one-ubercard/)

~~~
rmason
Doing hardware is hard. Protean's CTO, Henry Balanon, spoke at the Code
Michigan civic hackathon on that very subject:

[http://www.slideshare.net/balanon1/code-michigan-without-
com...](http://www.slideshare.net/balanon1/code-michigan-without-comments)

Its not always the first product to ship that wins, its the best product that
ships. I've seen the product evolve and the echo card is worth the wait.

~~~
unfletch
I didn't mean "it hasn't launched" as a knock. Just pointing out that, like
Coin, it's announced but not yet available.

------
rexreed
How would you prevent mass credit card theft in this case? Couldn't an
unscrupulous person, say a waiter at a restaurant, take your card, use his/her
own Coin to make a copy of your card, add it to their own Coin, and then use
that card at their leisure at a future date? I know, the same question was
asked re: Square and the like, but the difference is that you need a Square
account to steal other people's cards, and that's traceable, whereas here, you
can use the stolen card easily and surreptiously with little notice. Except
for the fact that using a Coin in itself is noticeable.

~~~
bouk
Credit card theft like you describe is already possible and already happens

~~~
sequoia
This sure makes it easy tho, no?

~~~
bouk
There are already crazy small devices that accomplish the same:
[http://www.youtube.com/watch?v=U0w_ktMotlo](http://www.youtube.com/watch?v=U0w_ktMotlo)

------
skue
If there are any Coin founders hanging out here, this seems like a great idea
and cool technology. However, like a number of other commenters, I have a few
questions not covered by the FAQ...

The product/fit questions have already been asked, but there's still this: Why
is Coin taking pre-orders several months in advance just to raise $50k? I
can't help but wonder why a YC company wouldn't just raise the needed $50k
from investors?

If this is an attempt to test the market, are you sure that a crowdfunding
approach is the best image for a financial company? I want any company dealing
with my financial data to be rock solid and reliable, and crowdfunding is the
exact opposite of that.

Also, why aren't you collecting shipping addresses? I read your answer in the
FAQ, but that makes me twice as concerned. You say, "A lot can happen between
now and Summer 2014. For example, you could move. To reduce confusion, we’ll
get those details from you once we get a little closer to getting you your
Coin."

This is a problem for two reasons: (1) you are emphasizing that the ship date
is far in the future, and (2) it comes across as though Coin is run by young
founders who move around a lot and don't see value in long term planning.
That's the wrong mindset for a company handling financial data.

------
sequoia
What happens when the waiter accidentally clicks the button & charges your
business card when it should have charged your personal card? I guess they can
just peruse your cards, see what you've got, and pick which one to charge. :p

~~~
timdorr
Presumably when the card is away from your phone (and BT connectivity), it
would disable the button on the card. Or you could lock it into selecting that
card via the phone.

~~~
ars
> Presumably when the card is away from your phone (and BT connectivity), it
> would disable the button

See the FAQ, It doesn't. It's designed to be standalone with only periodic
checkins (once a day probably) with the phone to make sure you still have the
card.

~~~
diggum
From the FAQ: Q. What if I lose my Coin or someone steals it? A. In the event
that your Coin loses contact with your phone for a period of time that you
configure in the Coin mobile app, it will automatically deactivate itself.

------
pbreit
I worked on a product like this at Amex about 20 years ago and while it was a
totally neat concept it was completely stupid in practice. All those plastic
cards are marketing vehicles that can also transmit a number. And, really, are
they that difficult to manage?

~~~
sixQuarks
Hey, the cool hipster dude with a beard says it's cool, so it has to be.

Seriously though, they did a fantastic job with the overall experience of the
landing page/video. The product, however, is not that great.

~~~
timmins
Cool hipster dude = Adam Lisagor. Really smart fellow with a history of
success.

------
azernik
Great line from their FAQ:

    
    
        Q. Can a Coin be used to skim cards?
        A. No. You can only add cards that you own to your Coin.
    

Ummmm... I hate to be pedantic [1], but the question is using the "is it
possible" meaning of "can", but the answer seems to be using the "am I allowed
to" meaning. There's a line in the previous question about how "As an
additional safeguard, the Coin app will only allow you to add cards you own,"
but no detail on the mechanism of this magical authentication process.

[1] Who am I kidding? I _love_ being pedantic.

~~~
markild
I might have skipped a crucial detail in their process, but as far as I can
tell, not only is it possible to skim, this makes it amazingly easy.

------
robotmay
I'm not sure of the prevalence in the US, but does this support chip + pin
transactions? They're the standard in the UK now, and I suspect it's a little
harder to mess around with than the magnetic strip.

~~~
pidg
I understand chip+pin is still a novelty in the US.

Back in 2009, I was (apparently) the first person to use the chip+pin machine
in one of the biggest bookstores in Toronto - the cashiers got excited and all
gathered round to watch. It was a little bit bizarre.

~~~
seszett
For a view on another part of the world, just in 2012 in Japan it seemed like
about nobody knew about these. Some stores didn't even know they had a pad for
entering a PIN, and some didn't know what was the "enter secret code"
instruction.

I only understood that after a week and maybe ten or so places had told me
"your card doesn't work", when some hotel tenant called her daughter to
translate things, and she knew about chip and pin and was excited to see how
it worked.

I'm pretty sure all the other places just saw some message they didn't really
understand, and just thought "the card doesn't work", when in fact they
probably just had a pad somewhere that was waiting for my input.

Just before that, we had stayed in Taiwan and used the same card pretty much
everywhere with absolutely no problem.

~~~
kalleboo
That's odd, how far out in the sticks were you? I've used my european chip
card extensively in Japan for the past 3 years with no confusion whatsoever,
and most places that take cards have a chip reader that they use immediately.
Nobody has ever said my card doesn't work. There's actually way more confusion
when I pull out a WAON card or something.

It's been more of a problem in places in Thailand and Singapore where they're
not really equipped to hand over the card terminal and sometimes I have to go
behind the desk or something.

~~~
seszett
The first place I had a problem was actually a Honda (I think?) car rental
office in Shinjuku, not a place where I expected a problem (and not the
easiest thing to pay in cash, though that's what we eventually did).

Then a few hotels and ryokans mostly around Nagano and Toyama. The 7/11 ATMs
worked fine though (but the card didn't work to pay directly, it did at Lawson
though, IIRC) so we just used cash everywhere, but I liked to keep trying to
use the card, as I was really not sure what was happening.

It's in a small hotel in Obama that I finally understood what was happening,
after the woman first asked me to "write my secret code" on a piece of paper
(she didn't know the keypad was attached to a long cord and that she was
supposed to let me enter the PIN myself, her daughter figured - or knew -
that).

I don't really remember but I think we just didn't have many issues
afterwards, once in the larger cities of the Kansai.

It was kind of a pain to have to use cash so much because my card had a rather
low limit on cash withdrawal at foreign ATMs (of course, my other card had
been mailed by mistake by my bank to my former place just before I left). I
just didn't expect at all that it would be so difficult in Japan.

------
ohazi
With any luck, this will piss off the banks/CC companies enough to finally
roll out chip+pin in the US.

~~~
avree
Uh, why would we want chip+pin in the US?

~~~
joshvm
Means you are always in sight of your card because although merchants can
force the transaction through, customers expect the pin entry ritual. Skimming
becomes a lot more difficult and in most stores you don't even need your card
to be near the cashier because the terminals are separate from the register.

This also stops the frequently problem mentioned about a waiter changing your
card because you'd need to validate the purchase via pin on a POS terminal.

The downside is that you're vulnerable to shoulder surfing and people stealing
your pin (at which point they really have the keys to the kingdom), but given
that signature checks are rarely _that_ stringent in the US I think it's a
moot point.

Magstripes still work, but many stores in the UK have stopped accepting it as
a payment method if the card fails.

I'm surprised to see no mention of NFC in this thing, that would work in
Europe in plenty of stores.

~~~
bjackman
I guess they wouldn't be able to do this for the Smartcards used by Chip+PIN
as the PIN verification actually happens within the Chip. Unless perhaps the
banks worked together on it, but I can't see them doing that!

------
gojomo
Super cool, but my guess is that there's a very small time window for it to
succeed before the phone completely subsumes all card functionality. After
all, the phone already scans the old card and sends the details to the
'CoinCard' (and monitors card-custody) via Bluetooth-LE.

It won't be long before most swipe terminals are themselves augmented with
wireless transceivers, making the "CoinCard" a redundant middleman-device.
That is, your phone could just send archived magstripe details, after your
onscreen-app confirmation of payment-intent, to the retailer's terminal.

Coin's real strategy may be for that world - the hardware will fall away like
a first-stage-rocket at some point... even faster, say, than Netflix moved
from DVDs-through-mail to pure-network-delivery.

~~~
apayan
You can already do this with Google Wallet on Android. Enter your card into
the Wallet app, then swipe your phone over any PayPass terminal and it will
process the transaction. At least half the retailers I visit already have
PayPass terminals (in Los Angeles).

------
mehrdada
Why would you want to carry just one credit card when you can carry zero with
Square (or Google Wallet)?

If it is because of the "tradition problem", it's not much better than Square
Wallet either: In more than one place I've been to the cashier was supposed to
manually enter the last four digits of CC# manually for the transaction to get
through. You'll have to carry a backup card with either Square or Coin.

I like the vision of completely ditching the credit card far better, and the
marginal compatibility benefit does not seem good enough for this to get
anywhere in its current shape.

Of course, things can change.

(BTW, wasn't Google doing the same thing with a physical card for Google
Wallet and ended up abandoning it?)

~~~
ars_technician
>(BTW, wasn't Google doing the same thing with a physical card for Google
Wallet and ended up abandoning it?)

They abandoned it.

~~~
mehrdada
Mmm... Looks like they haven't quite abandoned it, after all. ;)

------
callmeed
Don't forget there is also Loop, which reached it's Kickstarter goal already:

[http://www.kickstarter.com/projects/loop/pay-with-
loop](http://www.kickstarter.com/projects/loop/pay-with-loop)

Personally, I like the idea of using my phone over the coin thingy.

Also, I'm curious about how sturdy this thing is. Maybe it's my wallet or
maybe I just shop too much, but I tend to wear out my debit card really
quickly (< 1 year).

~~~
arsenerei
This is incredible. I like Loop a lot more than Coin, but I would not be
comfortable handing my phone to waitstaff to take it to the back of the house.
If they had an android case I'd buy immediately. I'm just not a fan of
presenting my phone with the fob.

For what it's worth, my cards last have lasted indefinitely in my wallet.

~~~
pbreit
You give the merchant your card, not your phone.

------
wadetandy
One of my biggest questions/objections is about the battery life issue. They
claim that this will run out juice every 2 years or so and that the battery
cannot be replaced, so I'll just need to buy a new one. $100 every two years
for this device seems like a pretty big expense, as opposed to $100 one time.

~~~
beat
Early adopter tax. Once they find other ways to monetize (and they will,
considering they have actually planted a physical device in a revenue stream),
the device cost can drop precipitously.

------
kintamanimatt
I wonder how this would fare in an ATM. What happens if the ATM accidentally
presses the card selection button? If the ATM gobbles the card, now you've
effectively lost your entire wallet. What happens if the cashier presses the
card selection button while running your card too? Oops, now your boss wants
to know why you've just paid for your groceries on the business credit card
and why you've cloned your business credit card!! The first can be an innocent
mistake, but the second can be grounds for disciplinary action.

I can't see the banks being happy about customers cloning their own cards. In
fact, it will probably be a convenient excuse for them to absolve themselves
of all liability in the case of loss, theft, or misuse. Some, if they found
out, might pitch a fit and close the account.

This also is going to pose a lot of problems when used with non-domestic
cards, as they point out in their FAQ. It's possible to use an EMV-based card
with just the magstripe, but it's a pain in the butt and the bank may well be
aware that all your meatspace transactions are not using the EMV-chip. They
may assume that your card is broken or (quite correctly) cloned and block it.
A call from the fraud department may well lead to a fit being pitched.

From wikipedia: "Magnetic stripe cloning can be detected by the implementation
of magnetic card reader heads and firmware that can read a signature of
magnetic noise permanently embedded in all magnetic stripes during the card
production process." [0] Oops, now your card is blocked.

Retailers might also get skittish if they figure out this isn't actual bank-
issued plastic. They may well refuse it because of the risk of fraud. I would.
I really wouldn't want to be running someone's cloned card, even if the
cardholder was the one that did the cloning. In fact, it might jeopardize a
retailer's merchant account if the acquiring bank found out the merchant were
running cloned cards!

The best way to counter a bulky wallet is to not add bulk in the first place.
How many credit cards and debit cards does one need to carry on a daily basis?
I carry maybe two or three cards, some ID, my Oyster card, and a Costa rewards
card that I use daily. I also have a backup wallet that contains a second set
of cards in case I lose the first. The bulk of my wallet is receipts that
accumulate, but even when I carried way more my life wasn't burdened by a
whalelike wallet.

It'd also be a pain in the butt to use this with some rewards cards. For
example, my Costa rewards card is swiped at the same time as I'm paying. Would
I really want to fumble through pressing a button to find the right rewards
card, give that to the cashier, have it handed back so I can fumble through
pressing buttons again so I can pay? Certainly not, and even less so the
impatient people in line behind me.

Sorry to promulgate the Hater News stereotype, but it's just too easy to poke
holes in this idea. It has superficial appeal but I really wouldn't pay $100
for so many potential problems, especially as it would only make my wallet a
few mm thinner.

[0]
[http://en.wikipedia.org/wiki/Magnetic_stripe_card](http://en.wikipedia.org/wiki/Magnetic_stripe_card)

~~~
RandallBrown
From the looks of it, it will handle rewards cards and whatnot just fine. If I
could just store my Qdoba, Panera, Gameworks, Dave and Busters, REI, Best Buy,
Safeway, Kroger, etc. cards on one single card.

Now I can keep as many rewards cards as I want, without having to stuff my
wallet full of junk I don't need 99% of the time.

The money I save from rewards cards I wouldn't normally carry would probably
pay for the price of a Coin, even if I don't use it for any of my credit or
debit cards.

~~~
ams6110
Every rewards card I have is a scanned barcode, not a mag swipe.

~~~
joosters
Same here. Speaking of which, surely someone has written a phone app that will
scan and display all your barcoded cards on demand?

~~~
bradmccarty
There's an app called Key Ring that I've used for some time that accomplishes
exactly this. It works quite well.

------
UVB-76
Are the card issuers going to be happy about what amounts to card cloning, or
am I missing something here?

~~~
kintamanimatt
Probably not. I imagine they'll also absolve themselves of liability if your
card is ever misused or stolen.

------
newman314
Love the concept but the security worries me. Looking on the site, there is
(as expected) not much information about security.

RED FLAGS:

* Coin is in the process of earning a PCI certification. This should have been done before launch. Also, what level? * Coin uses 128/256bit for security but HOW and WHERE? * Coin essentially skims cards (through the reader) to playback for terminals. I don't see how they can say with a straight face that it is less susceptible to the same techniques. * Adding what are supposed to be funny Q&As to a FAQ trivializes what are supposed to be important questions for people thinking about using this. * I understand the love of "the cloud" but I wish people would also consider scenarios for a disconnected model. These are solutions that do not necessarily require a full time connection.

I could see using this for pre-paid gift cards but not for my actual credit
cards.

~~~
alternize
they are "only" doing a preorder, the launch seem to be in summer 2014

------
taude
I'd really like the ability to add all my shopping cards, membership cards,
and whatever else that constitutes 98% of my wallet. Replacing two credit
cards/bank cards isn't that compelling.

And then really, while I'm dreaming....I just want my phone or an app on my
phone to deal with paying because carrying around a card just feels so 2000s.

This is a slick implementation, though.

I'm also more worried about actual merchants refusing to take something like
this.

------
Ryoku
This is one of the worse ideas I've heard of; security wise. Not even at a
tech-level. All your data and credentials are a robbery away. Of course, if
you get robbed you can probably call in your credit cards from your
cellphone... oh... Now, on the tech side... magnetic? Really? We've been
through this, it's not secure. It might sound secure in an ideal world where
the user doesn't do stupid things like handing over both the card and the
phone to someone just to avoid getting the notification or to be shown how it
works... or because it's a "store requirement". But we are not in that world,
nor we will be.

------
swamp40
I don't know if I can make a suggestion that might be seen with all the
activity here - but if it were me designing it, I would have an option to
lock-in a single card via the smartphone app.

Or, maybe only allow switching within a foot or two of your smartphone.

That would eliminate the concern people have about where the waiter
accidentally pushes the button and switches the active card.

------
TamDenholm
I assume that the Chip-and-pin system isnt standard in the US like it is in
the UK. Can a similar technology be applied to chips?

~~~
iLoch
I was trying to look into this as well. Apparently the chips cannot be read
from in the same way unless you authorize it. I don't know how that
authorization process works, but I'm guessing it's possible. I'll be looking
out for Coin in the future when they introduce EMV support.

~~~
PeterisP
You shouldn't be able to read EMV chips with any authorisation - it's supposed
to be safe from bank employees who make the actual cards, so they can't clone
your card before giving it to you.

In the EMV process the private key should be unique to the card (if you make a
replacement card with the same number, it's a different key); the private key
shouldn't exist anywhere outside the chip after the card is made; and there
aren't supposed to be any ways to read the key. Well, cutting the chip and
scanning with a electron microscope works, but it's impractical.

I'm not saying that there aren't any bugs in the implementation, but I'm quite
sure that there are no known bugs that allow simply to get the key; even full
control of the HSM which holds the bank's private key should allow you only to
make/sign new fake cards, but not recreate an existing card.

~~~
iLoch
Guess I have to stick to my shitty baby blue card then. Yes my bank IS Toys
'R' Us.

------
joezydeco
Can anyone elaborate how the magstripe trick works? That's the only thing that
I can't find, and it's kind of the crucial point of the whole project.

~~~
superuser2
A magstripe is literally just a flat strip of magnetic tape, like an audio
cassette. Devices like Square Reader just encode the magstripe as audio into
an iPhone's mic input. You could save that to a Voice Memo, stick the playhead
from a RadioShack 3.5mm/cassette adapter in a reader, and press play. Can't
find it, but I've seen a demonstration on YouTube of someone doing this to
enter their apartment building.

The TV show White Collar's pilot has a cool depiction of Neil Caffrey copying
a guard's magnetic stripe badge using a tape deck by recording it to tape,
then playing it back through the record (write) head on the other side of the
tape player while he slid a new card through. It would be hard to get the
timing right, but there's no reason this shouldn't work.

It's incredibly primitive technology, as is simple RFID - the cloning process
isn't much more difficult. Fortunately my university uses HID iCLASS
contactless smart cards - there is actually a cryptographic handshake between
the reader and my student ID which is resistant to replay attacks. If
implemented correctly, it's impossible to copy the electronic access control
portion of a student ID without the university's private keys. (The same
access control infrastructure that's on my dorm's main entrance also guards
healthcare information, nuclear and virology labs, etc. so that makes sense.)

~~~
joezydeco
But what this device is proposing to do is dynamically change the magnetic
orientation of the ferrite _on the strip_. I don't see the Coin demo guy
running his card through an encoder before presenting it at the cash register.

Best I can find so far is this website which kind of describes what is going
on:

[http://www.cardlab.com/Dynamic-Magnetic-
Stripe.html](http://www.cardlab.com/Dynamic-Magnetic-Stripe.html)

~~~
superuser2
Probably related to this: [http://www.bestbuy.com/site/stereo-cassette-
adapter-for-most...](http://www.bestbuy.com/site/stereo-cassette-adapter-for-
most-vehicles/1854937.p;jsessionid=B8AB077C200E2FF935137CCB51060DEF.bbolsp-
app04-163?id=1218297520012&skuId=1854937&st=categoryid$abcat0307013&cp=1&lp=1)

~~~
joezydeco
Similar but not related.

This is more of the way it works:

[https://www.google.com/patents/US7246752](https://www.google.com/patents/US7246752)

------
driverdan
As a former credit card thief I would have _loved_ this. You mean I don't have
to buy $10,000 of card printing and embossing equipment to create a fake clone
of a card? Yes please!

As a consumer I'd love to have something like this but it will never fly.
Stores will lose liability protection since there is no security. Unless they
partner with card issues to provide some kind of secure card verification it
will end up being banned by merchant agreements. No store in their right mind
would accept it.

------
Dirlewanger
Personally, I'm not into a single point of failure device. Same reason why I
eschew paying with a cell phone. More convenient? Sure. But lose your cell
phone and you have a lot of things to account for, doubly so if you have no
form of remote wiping it.

~~~
jonstjohn
A wallet is a single point of failure device. It's a lot more of a hassle to
remotely wipe my wallet (remember all the cards, cancel them all
individually).

~~~
Dirlewanger
A wallet contains many different things that can be added and subtracted at
will. If this Coin thing is to be used as I think it is, it is all your cards,
all the time. I can't just bring one card, it's all of them.

Not to mention the fact that now one service has all of my cards and their
information? Coin better know what they're getting into. I'd prefer the hassle
of many sites than one with everything, just not worth it to me.

------
Tomdarkness
I think this highlights how insecure cards are that just rely on magnetic
strip information rather than something like EMV (chip & pin). It should not
be possible, or at least extremely difficult, to clone a card.

I'm from the UK and EMV (Called Chip & PIN) has been around for years now. No-
one issues non-EMV cards anymore, except perhaps for cards designed
exclusively for use in ATMs. Something like Coin would not be possible and,
frankly, I'm happy this is the case. While having to carry multiple cards
around is not an optimal solution I'd much prefer this over the ability for my
cards to be trivially cloned.

Aside from the security issues how would this work in relation to fraud with
your card issuer? I'm not sure if it is different in the US but if you are the
victim of fraud and you were not seriously negligent (i.e stored your PIN in
the same wallet as your card) then the issuing bank will refund any money
fraudulently taken/spent. Assuming something similar operates in the US, would
using this service give the issuing banks a excuse to hold you responsible for
fraud? I'd also wonder if you were breaking any agreements you have with your
bank in relation to your use of the cards they issue you with.

------
DEinspanjer
::Sigh:: It sounds exciting.. but so did/do all the others trying to do the
same or similar things. Unfortunately, banking regulations and reluctance to
push technological boundaries at the risk of being liable or losing money are
the big hurdles to clear here. Another slightly smaller hurdle is being able
to design a product that is high enough quality and durable enough to survive
without costing way too much.

The first one I ever heard about was back in 1999, PocketVault from Chameleon
Networks. They lingered with a website that was updated every couple of years
promising a release soon.

Next came the iCache. That one did a Kickstarter and actually made it out to
market... sorta. I have one, but the company ran into huge manufacturing
issues and folded under very odd circumstances.

A few others I've kept an eye on are:

Dynamics, Inc. Card 2.0 -- Was supposed to come out with exactly this
product.. ended up doing a very reduced feature set that lets you just select
A or B rewards.

Protean Echo -- Same concept. Originally promised 2013 but recently updated
saying they weren't ready yet.

There was another that was a similar concept company/site, but I can't find a
link to it or remember the name at the moment. :/

There is also a recent company that had a successful Kickstarter: Loop. Rather
than a programmable credit card, they are hacking the magnetic readers
themselves by making a mobile phone case or dongle that emits a magnetic field
that tricks the reader into registering a card swipe. Pretty neat stuff to
compete with the struggling NFC solution, but unfortunately, it isn't 100%
compatible with all swipe readers, and totally incompatible with dip readers.

------
ta_euccoin
I remember the US refusing to rely on foreign technology, hence refusing to
issue plastic money with chips.

But this changed after the CIA got their hands on the technology through in-q-
tel acquisition of the french company gemplus then world n°1 company in the
business. Then cards with chips were coming the US and it was expected for the
rest of the world to get backdoors with their US issued chip cards, years
later the french government finally bought back control of the company but way
too late.

Now that they have the technology, I'm surprised the switch has not happened
yet, even more so since cloning and other kind of fraud is quite easy with
magstripes (not that it is that much harder with chips, see yescards).

The coin introduced here seems anachronistic to my european eyes which have
not seen a card being swiped in the last 30 years and a great opportunity for
fraud. Better use than reducing the number of card in a wallet is obviously to
charge other people for your expenses by cloning their cards.

~~~
Nursie
>> (not that it is that much harder with chips, see yescards).

Never heard of that before, interesting.

I used programmable test cards when doing EMV and did wonder what would happen
if I made such a card but (as the wikipedia page says) they're of very limited
utility as they don't have the right keys to do anything but low-value offline
transactions.

Cloning chip cards is still pretty hard, IMHO, though that is interesting.

~~~
ta_euccoin
When Serge Humpich, a french engineer, found the vulnerability the yes card is
based on at the end of the 1990's, he got in touch with the GIE in charge of
european bank cards to warn them and propose a fix in hope of landing a job.

They asked him for proof, as an engineer he gave them proof by buying metro
tickets and sending them the tickets, the receipt and the card used to exploit
the vulnerability. The GIE CB then went on pressing charges and using those as
evidence of the crime and Humpich was sentenced to prison, the flaw was not
fixed and the whole story got in the media.

Then yes cards started to appear all over France and Europe and people would
draw money directly from atms with yes cards, until all ATMs were replaced by
fixed version gradually over a few years.

The amount of fraud related to yes cards and subsequent iterations was never
disclosed, but it was estimated to be in the tens of billions euros per year.

In 2001 a network of gas stations got exposed for copying the magstripe of
chip cards which were then sent to be cloned in other countries and the same
CBCarbon surfaced, a software dedicated to cloning chip cards issued after
1999 (those including the crypto bump from 320bits to 768bits)

I suppose this is not the low hanging fruit of getting the money from ATMs as
the current method is a physical attack based on making them explode using gas
but I sincerely doubt chip cards are really secure nowadays, probably just not
as easy as it used to be.

~~~
Nursie
I have my doubts it was anywhere close to that amount as it would work only in
very specific circumstances.

The mag stripe thing is a weakness in mag stripes. The effectiveness of EMV is
amply demonstrated by the fact that the numbers had to be sent to othe
countries to be useful.

And yes cards in an ATM? The ATM software was not up to the standards that are
required by the banks for third parties then. Implementation bugs, nothing
more.

------
sidcool
The same link has been submitted thrice with different accounts and upvoted to
3 points.

~~~
minimaxir
It appears the release was embargoed for 12PM EST, so it's not surprising that
people submitted simultaneously.

It is surprising, however, that _all_ of them received a significant amount of
upvotes.

~~~
corin_
It's not uncommon in this sort of situation for them all to get upvoted.
Firstly, different people will upvote different ones, so if there's a popular
story then a large number of upvoters split by 3 is still a decent number on
each. Then there are people who will upvote more than one, either because they
think it's important enough to deserve multiple links, or because they think
the links offer enough difference in content, or because they upvote the first
one they see, then see there's a better one (e.g. "oh shit, I upvoted
blogspam, better upvote the official one now")

------
arnoldwh
"...attracted the attention of Osama Bedier, the former head of Google Wallet,
who’s an investor in Coin. Bedier spent years attempting to make Wallet the
NFC payments standard of future phones, but Google abandoned his work to pivot
the product into yet another PayPal competitor. "[Bedier] sees scale at Coin …
where he didn’t see scale in current solutions," a company spokesperson said
on Bedier’s behalf. And for what it’s worth, Parashar says he hopes to develop
a way to let users activate Coin (or disable the "lost" feature) even when a
phone’s not around."

[http://www.theverge.com/2013/11/14/5103820/coin-
electronic-c...](http://www.theverge.com/2013/11/14/5103820/coin-electronic-
card-to-hold-all-your-credit-cards)

------
sfrechtling
Coin's logo seems to be very similar to Macquarie Bank's[1]. I'm not a lawyer
- but Coin may be infringing on their United States visual trademark[2] (of
concentric circles), especially as they are also a financial service. I may be
very wide of the mark here; but my first thought with this was that this was a
product of Macquarie.

[1]:[http://static.macquarie.com/dafiles/Internet/mgl/com/furnitu...](http://static.macquarie.com/dafiles/Internet/mgl/com/furniture/images/logos/macquarie_logo.gif?v=1)
[2]:
[http://tess2.uspto.gov/bin/showfield?f=doc&state=4807:8dpjzg...](http://tess2.uspto.gov/bin/showfield?f=doc&state=4807:8dpjzg.2.1)

------
earlz
This would be an excellent opportunity to add some encryption to credit card
numbers. Imagine taking this, except for it has a pin-pad where you enter in
your password/passkey. All credit card numbers stored on the device are
encrypted with this key, so it's impossible for a thief to swipe your card.
However, it doesn't solve the malicious waiter problem.. but of course, you
could still keep it locked down so that the most the waiter could get is one
card, rather than all of them.

Ideally, it'd be something like:

* Entering your key keeps exactly one card decrypted for up to 2 minutes * Changing cards requires a reentry of the key

You could even go crazy and do things like allow different cards to have
different passkeys. Not sure how useful that would be though

~~~
ohazi
Or, we could just start using chip+pin in the U.S.

------
fekberg
This is very neat and a super cool idea. However, there's no chip? I try to
avoid non-chip cards as much as I can for security reasons.

One more thing that crossed my mind is, what happens if you give this to the
waiter, the waiter goes away to handle your payment and it happens to be
outside of reach of your bluetooth ping; then you will most likely become
worried that the waiter ran away with your card, or you will start ignoring it
when it notifies you that it is outside of reach.

While talking about the waiter, what happens when the waiter accidentally
clicks the "change card" button and takes the personal lunch on your business
card? You might not notice until it's too late and people start asking
questions..

~~~
Cthulhu_
Well, don't give the card to the waiter? I was honestly spooked when my
colleagues handed over their credit card to a waiter when I was in the US a
while ago, leaving it out of their sight and hands for a while. We're warned
in TV adverts here to never hand over your card - it could get skimmed by the
attendant behind the counter. Less of a risk now that the magnetic strip is
hardly used anymore, but still. Give someone a few minutes with a chip card
and they can do plenty of things with it.

Paying by card here happens either by using a mobile card reader, or by just
getting up and walking to the cash register before leaving. Much safer.

~~~
itsravi
Handing over your card to the waiters is standard in the US. You are basically
trusting the waiter to not skim/copy the card. In the case that it is skimmed,
the fraud policies I've experienced are very favorable to the consumer.

I was surprised to see in Quebec City that all the stores/restaurants had
portable card machines they brought to you. That does make a lot more sense to
me.

------
joshfraser
Finally! It's about time credit card skimming technology was brought to the
masses.

~~~
RankingMember
"Please insert your stolen credit card now."

------
usaphp
I wish it allowed a card selection process to be made with iPhone instead of
clicking on the actual card itself, so that the person who charges it does not
toggle between your cards. With a fingerprint sensor that would be really
cool!

~~~
cloudwalking
I agree. Maybe you can only change the selected card when it's near your
phone?

------
josephagoss
This will never catch on in Australia unless they can clone paypass/paywave.
Now most of our transactions are contact free with chip and pin as an option
for large purchases.

Just having to enter a pin in Australia is going backwards.

------
davemel37
I'm more concerned about the price point. Seems cool, but not a problem I
spend a lot of time thinking about. I don't see myself spending $100 to solve
the problem of carrying multiple cards on me.

I would maybe pay $50 for the beta card because I think it's super cool and I
love trying new tech, but definitely not a price point I would pay to solve a
problem that is hardly a problem at all. (to be fair, this might be one of
those problems that you don't realize how bad it is until you solve it.)

I can't see myself paying more for this than I would spend on a wallet, which
is less than $20.

------
res0nat0r
So I have to turn this over to a bartender to keep behind the bar when I go
out and drink? If I forget to grab it before I take a cab, now I'm out $100
and ALL of my credit cards. No thanks.

~~~
yllus
Is that system still popular? I've started lots of tabs in the last few years,
and it's always been purely an oral conversation - they only get my card at
the end when I'm settling up.

~~~
res0nat0r
Sure. If you are a regular they probably and some small bar they won't need
anything, but if you head to a large nightclub with hundreds of people they'll
want a card to keep behind the bar while you have your tab open.

------
Amygaz
It's not bad, but I feel it will be short lived. Like other pointed IC cards
are standard in many countries and are coming to the US.

Moreoever, I'd rather have my smartphone do it all, and by all I mean all: cc,
id, insurances... Most places I care about now accept IC cards and RFID, which
means I should be able to pay directly by pointing my phone at something while
punching an sending a encripted 4-digit pin.

Using Google Wallet, Paypal, Square and others would be even better. It's
coming and the pace is just accelerating...

Have a good one!

------
6thSigma
This is very cool technology but I'm skeptical for its practical usage. Lots
of people have already brought up the obvious pitfalls (atm use, accidental
presses, banks potentially removing card liability) but I'd also probably
carry around my important cards in my wallet just in case. So they aren't
really solving the problem of carrying too many cards - at least for me.

It would be useful for things like gift cards and reward cards - but is it
worth it for that?

------
GotAnyMegadeth
I hate this kind of scroll website, using the mouse wheel to scroll just means
everything is really jerky and isn't ever quite lined up, or correctly faded.

------
nobodysfool
Merchants are not going to accept this, it's the same as a CNP transaction.

~~~
jorgem
It seems to me that the creators would have investigated this before building
hardware?

------
cfinke
See how this idea has progressed in six years:

 _Here 's how it works. Users register their cards on the company Web site and
upload the information into the iCache. When they want to use it, they
activate the device with a fingerprint on its biometric strip, scroll through
a list of cards on its screen and choose one. Out pops a plastic card with a
magnetic stripe, temporarily loaded with the chosen card's data. Just swipe
the card and pop it back into the iCache. After one use, the information on
the card disappears. The device even works with loyalty cards, such as those
handed out by supermarkets._

[http://money.cnn.com/2007/08/23/technology/one_credit_card.b...](http://money.cnn.com/2007/08/23/technology/one_credit_card.biz2/index.htm?section=money_pf)

The hardware technology is certainly more advanced, but I'm of the opinion
that the true endgame is going to be a scannable or NFC "card" stored entirely
on the user's device (ala Passbook), not using a physical middleman.

~~~
imroot
The problem with the iCache was that it was very short lived, and once apple
moved away from the 30pin connector, the icache folks never updated their case
for the smaller form factor or new connector configuration.

My iCache is now sitting in a drawer with a bunch of other "good tech gone
old," but, I've had issues with servers understanding what my iCache card was,
had Enterprise Rent-A-Car flat-out refuse to rent a car unless they could see
the raised digits on a card, and a shit-ton of other things.

I was lucky -- I didn't have any issues with the actual encoding on the card
(apparently, there were some folks from kickstarter who couldn't use it at
all), but, I'll deal with the five cards in my wallet and generally be happy
about it.

------
alternize
at least in the non-us market, this awesome idea comes a bit late: not only
are chip + pin pretty much standard nowadays, and new means like contactless
payment creditcards / nfc-payments are being rolled out now.

i really would love to see a one-card-for-all tho that supports chip + nfc,
but my understanding is that card issuers are eager to ensure that this will
not happen.

------
tomasien
Coin looks great, I want to make that clear. No ifs ands or buts, I think it's
a great product.

However - if you're looking for the future, I think I've got something
interesting - feeless payments bank to bank by oAuthing consumers directly
into their online banking. Completely secure - merchants never get the
personal information, they just get paid. Better: I've built it, and we have
beta customers. I'm posting a couple comments on HN to start the conversation,
because anyone who cares about payments or accepts them online - I'm trying to
talk. You'll be hearing more from me in the coming weeks and months - and it's
going to be exciting. We're going to kill credit card fees, because we don't
need them anymore.

If you want to talk, email me @ tommy@thecityswig.com and let's just chat. I'm
not selling anything - we just need to know what hackers are thinking about
payments. It's the most valuable info we can have.

------
dakrisht
It's a neat concept, but I just don't think this gets anywhere.

Dead in the water - as much as I would personally like to see them succeed.

The biggest problems here are security.

() Merchants will hate it since there is no physical imprint / swipe of the
bank-issued card. This will lead to chargebacks in favor of the customer. So
this alone kills this company/product.

() Banks might change their terms forbidding customers to create digital
copies / clones of their card. As per card holder agreements, if you (or Coin)
has ever read one, you don't own your card. You're fully bound by the terms of
the agreement.

() There is the issue of PCI-DSS compliance. They mention they're "in the
process of earning" it but this is a lengthy, difficult and _costly_ process
($100 k). They're using a loophole to ensure consumer peace of mind but this
won't last at all.

() Adding a card seems flawed. You're asked to take a picture of the physical
card after swiping to "prevent fraud" ok but unless Coin uses some advanced
image processing/OCR to validate the card with the swiped data, you can take a
picture of any card. So big fail here.

() Coin seems to access a cloud service. Another major reason that this simply
isn't going to work. If you've paid any attention to the NSA situation within
the past 6-months, ordinary/average consumers (not the HN crowd) are becoming
weary of cloud/hosted service. Not to mention, Coin will never ever work
outside of the US (or San Francisco for that matter).

Practical usability problems:

() Most users are totally fine with credit cards and big wallets. It's
actually empowering to them. I spoke to a guy who loves the fact that he has
every color Amex card! So in essence, this is geared towards a micro-niche of
tech savvy SF/NY/LA crowd.

() Selecting a card by tapping the button - great. What if the waiter taps the
same button? Or someone you're paying does? So many issues with this button
here.

"We’ve designed the button to toggle cards in a way that makes it difficult to
trigger a "press" unintentionally" \-- yeah, well most of the time, credit
card fraud is an intentional act. What a stupid response. And quite frankly,
offensive to anyone with half a brain.

() The obvious issue of losing Coin and losing everything. People like
backups. It's a mindset.

() Battery issues with digitizing a non-battery product (credit card). Be in
no doubt that more than half of users will forget to charge their credit card
(as if we don't have enough things to charge). So you'll see people having
lunches and presenting a dead Coin. And since you don't have any plastic,
well, now you're screwed.

Products are supposed to make life better, easier, more intuitive.

Conceptually, it sort of makes sense. But the execution is flawed in so many
ways.

You're being sold a product that now requires more steps than you did before.
And that is the killer fellow HN'ers.

I don't want to have to sync, take photos, select a card by pushing a button,
make sure it's within range to my device, update the app when needed for it to
work, deal with merchants who won't take it, CHARGE my credit card (!), deal
with issues because I tapped/selected the wrong card - vs - take out and
swipe. Done.

Fuck that.

The product is inherently flawed

~~~
untog
_If you 've paid any attention to the NSA situation within the past 6-months,
ordinary/average consumers (not the HN crowd) are becoming weary of
cloud/hosted service._

Quite the opposite. The HN crowd is becoming wary of cloud services,
ordinary/average consumers aren't even aware of the NSA relevations.

~~~
dakrisht
Anyone with half a brain knows the NSA and other agencies have been capturing
data from telcos for decades. That's the nature of their business. And
frankly, given the world we live in and the amount of sick fucks roaming the
land, I don't blame them for doing some intelligence work. PRISM, MUSCULAR and
whatever else we don't know of (yet) are without a doubt abuses of power and
they have simply gone way too far. So this is wrong and needs to be changed.
But the Internet will never be the Internet of the 90s.

Companies like AT&T have dedicated rooms for the NSA with spliced fiber to
dumb daily terabits of data to. For decades. This is nothing new.

with regards to payments and consumer awareness of breaches and security
issues, well, consumers today are becoming more AWARE of these facts brought
on primarily by the Snowden leaks. Sure, a lot are still clueless and that
won't change but there is still an inherent reluctance to trust new
products/services/technologies especially when it comes to banking and
finance.

The status quo are not early adopters. Never have been, never will be. The
mainstream products are the success. When you sign up for an Amex or a Chase
card or whatever bullshit they're selling on TV, they sell a sense of
security, confidence, TRUST.

The problem with a startup like Coin (aside from the dozen or so issues
mentioned above by me and a few others reading the thread now) is a narrow
focus. They aren't really solving a problem, rather they're creating many
more.

They've created a product that a handful of people in the SF Mission district
will use to buy a $7 coffee and a croissant while they Tweet about it (from
the Coin app hopefully). But this focus forgets the rest of the world (which
is a big and lucrative place).

I think this is the problem with a lot of Bay Area startups. They're so caught
up in the YC dinners, the SF startup scene, the networking, and the
conferences that they limit their focus to a very narrow audience.

------
sejje
This is a very cool gadget, but I think it's a strange name.

------
drakeandrews
iPhone only, no chip and pin, won't work with any cash machine in the UK, no
apparent protection against people skimming random cards (I'm suddenly very
suspicious of anyone putting my card anywhere near an iPhone) AND it stores
all your card details on their servers for no apparent reason?

Where can I sign up?

------
techaddict009
"Q. Will my Coin work outside the U.S.? A. Not in all cases.

U.S.-based customers: Coin will work overseas, but we recommend that you bring
a backup card when you travel.

Customers located outside of the U.S.: Coin does not support EMV yet. If the
country you live it requires it we recommend holding off your purchase for
now."

Found this in FAQ

------
ynniv
Swipe, click-to-switch, swipe, click-to-switch, swipe... Why steal one card's
data when you can copy the whole wallet? :-) Or, run one card but take down
the information for another.

It also appears that the Coin is programmed over Bluetooth. Why bother swiping
to steal when you can run a smartphone app and take all of the cards on all of
the coins in range?

If this takes off and fraud goes up, credit card companies will drop the
discount vendors currently get by swiping. Maybe vendors that currently swipe
will start entering CVVs? Will Coin then start storing CVVs per card?

Vendors might refuse to accept Coin in the first place (there's already a
comment here from one who won't). Or credit card companies will have Coin
outlawed as a counterfeiting tool. I can see how this seems like a good idea,
but I don't think it will work out.

~~~
ye
> _Why bother swiping to steal when you can run a smartphone app and take all
> of the cards on all of the coins in range?_

Because it doesn't broadcast credit card data over Bluetooth.

~~~
ynniv
Hah, maybe not on purpose.

~~~
ye
Do you have any evidence that it does?

------
gagege
For some reason, all the cards I keep in my wallet get destroyed. I have a
decent leather wallet but they still crack and chip and the paint rubs off. I
don't know if I want that to happen to a $100 device.

Does this happen to anyone else? It has happened with the last two wallets
I've owned.

~~~
nfoz
This happens for me only with one bank card and not my others. I think it's
partly the fault of cheap material used for the card.

------
ChuckMcM
I ordered the dev kit early on, got charged for it, now waiting anxiously to
have it show up. Nice to hear they are moving along. I really think that
something like this is a solid answer to some of the vulnerabilities in the
current card system and for a subset of identity problems. My interest is in
solving one such subset which is this:

At the time of account creation, create means by which both the web site and
the user can prove unequivocally at a transaction later, that they are the
same person who was there when the account was created.

Nothing about "who" they are, or "what" or "where", but just that the person
or entity doing this transaction right now, is exactly the same as the person
who created the account.

------
somberi
I am asking to learn.

If I have to use this card, do I also have to have my cell phone with me all
the time? If I go downstairs to get a Bagel in the morning, I need to take my
phone, or else no Bagel for me? And it seems from the "Iphone will alert you
using Bluetooth" facility, that I need to have Bluetooth on all the time,
which I normally do not, to save battery life (adds an hour or so on my
Iphone4). To me this is a functional gridlock.

Does it also need to be connected to some data network or the other to work?

If I lose this Coin card, then is it same as losing all my cards? If my
assumption is true that this needs to be paired with a phone always, then will
it not be possible to nullify the card, using the app on the phone, in case I
lose the Coin card?

Thanks

------
benbrown
How is this different from Wallaby Card? Is this a live product? My
understanding is that the networks were not allowing such products. For
example, Google and PayPal both planned to issue dynamic "wallet cards" but
were blocked by V/MC.

------
zavulon
I'm slapping my head and thinking "this is such a great idea, why didn't I
think of that?". I'm sure lots of other people are doing the same, and it's a
sign of a truly great idea. Congrats on launching!

~~~
shuzchen
In my case, I actually did think of this idea! Just never had the hardware
knowledge to even know where to get started (and I was worried about the
trouble it'd cause as card skimmers used it to easily clone cards - hopefully
we'll learn more about how coin solves that problem). I'm mostly glad they're
trying to make this a reality, because I'd really like to get rid of all these
membership/point cards that stuff up my wallet.

------
Kiro
Swipe only? What is this, 1980?

~~~
gnaffle
I think copying an NFC or smartcard is slightly more complicated :)

~~~
gambiting
I think he meant that swipe-only cards are a dying breed(at least here in EU)
and most places don't even take them anymore. If your card does not have a
chip+pin system it won't be accepted anymore, even if it's a Visa or
Mastercard card.

------
jebus989
Well-implemented idea, as others have said. It's ridiculous that in 2013 I'm
still carrying around a wallet full of junk (and keys but that's another
story).

However this feels like an awkward stop-gap between the current card-payment
system and online payments. I don't want to give a waiter a piece of plastic
and get a little paper receipt back, give me some kind of abstracted account
ID and I'll transfer you the money from my phone/laptop/smartwatch/glass
(/whatever we'll all have by the time a new payment method is sufficiently
penetrant to be useful).

------
atpaino
It seems like this would be much more useful if the front and back of the card
were OLED screens, or something similar, so that you could toggle the
_appearance_ of the card. I feel like that would solve most of the problems
people are suggesting here - i.e., it could replace driver's license, photo
id's, wouldn't be a problem at bars that hold on to your CC, etc. Personally,
I'm going to hold off on getting this until there's some functionality similar
to what I outlined above, because currently this could only replace 2 out of
the 5 cards in my wallet.

------
dzhiurgis
Why people in US are so crazy about credit cards?

I have 2 cards, only one is actually credit, but that's because I am expat, so
I still keep one card from my home country.

Someone mentioned owning 16 or 9 cards, which sounds so unbelievable to me.

------
firstplanthendo
There are some theft and risk concentration concerns, along with potential
feature problems (accidental card selection change), but this would be great
for credit cards rewards hacking- a lot of cards have different bonus areas..
3x-5x points/cash back on different categories, like dining, gas, groceries,
travel expenses, specific department stores, etc. This would easily allow you
to maximize your rewards without having to carry around all the different
cards. 2x-4x extra back means this will pay for itself pretty easily.

------
typicalrunt
It's a neat idea, but what I'd really like to see is a way to use randomly-
generated numbers as my credit card for one-time payments instead of handing
over my full credit card details to an online store. I hear this is done by a
few credit card companies now but I have yet to see it in Canada.

Coin could even take this idea one step further and allow you to store your
credit card, but when you swipe their card it provides the merchant with a
randomized credit card number useful only for a one-time purchase. Now that'd
be cool.

~~~
dakrisht
I like this randomized credit card numbers idea but I don't understand how it
would work?

How would the terminal know it's debiting your account?

Where would the authentication take place?

Where would the randomization take place? And what would this be based on?

Credit cards are actually very simple in nature (and why there are billions of
dollars of fraud occurring every year). It's simply an account number printed
on a piece of plastic. But this account numbers is solely responsible for the
transaction behind the scenes.

Who does this random number now? I've been studying payments for years and
have never heard of this.

~~~
untog
Presumably the idea is that the account number (i.e. credit card number) is
randomised for each transaction - but still valid. So authentication etc.
would happen exactly as it does right now. But that number would become
invalid immediately after it is debited. That way even if someone intercepted
the number they would not be able to use it in the future.

Obviously this only really works for online transactions that don't require a
physical card - and even then introduces a ton of complexity to things like
refunds. But the idea is interesting.

~~~
dakrisht
I understand what randomizing a number means.

But this doesn't answer the question of how the terminal/processing system
knows it's your account being debited?

The whole concept of randomization with payments (or anything for that matter
with respect to authentication) is impossible. There will ALWAYS have to be
some sort of static identifier in order for this to work. Common sense I
think.

The idea is interesting but I'm not sure exactly what the idea is!! :)

If you have an AMEX and you randomize the account number on each transaction,
AMEX still has to IDENTIFY your account with something? A name? A PIN? A
unique ID? AKA an account number.

~~~
untog
_But this doesn 't answer the question of how the terminal/processing system
knows it's your account being debited?_

It doesn't. It debits _an_ account that is signified by the randomly generated
account number. The connection between that number and your actual account
would be done by AMEX/in the backend somewhere. In fact, the whole point of
such a system would be that the terminal would be blind to it.

There would always be a static identifier, but the key is taking that
identifier away from the end user. That's where the card details get
duplicated.

------
kenrick
This is very cool. However, in Jamaica where I live. An id is required to use
a credit card, so they can check your name and your signature. Is there are
way to displaying that info on the card.

------
NKCSS
I just don't think an ATM is willing to take the coin in, which makes it
unusable for me. Also, here in Europe, the magnetic strip is hardly used
anymore, as the (EMV) chip has taken over.

------
linux_devil
This is innovative, really like this concept. Wish them Good Luck !

------
stormpat
Thats a sweet idea, i would really like to have something like coin.

The problem is that in Finland there is very few places that uses the "swipe"
your card and sign method anymore. Back some 2-3 years ago it was a custom,
but for security reasons (anyone can swipe a stolen card and sign it, the law
does not require an ID unless the amount being paid is over 100 euros) it was
abandoned and now you simply enter your PIN and that that.

Im not sure about other countries, but atm this is the norm in Finland.

------
aaronsnoswell
America is so behind with payment systems. The rest of the world has chip
cards and now touch-less payments. I am astounded to see that the US is still
using magnetic strip cards.

------
mangoman
I like the FAQ:

Q. My soufflés keep collapsing! What can I do?

A. In order for the meringue to peak properly we suggest adding a little lemon
juice to the béchamel. This strengthens the mixture and prevents tragedy.

------
dzink
Nice execution. I saw several pitches for unifying cards while working for a
VC.

As a consumer I have a few suggestions:

1\. Make the card switch/activation button detect the fingerprint of the
owner. (The merchant or waiter sliding the card could press the button
accidentally and switch to a different card)

2\. Show me that a tap-scanning tool can't take the data for all of my cards.
(from hackers to accidental taps)

3\. Can a magnet disable this card?

4\. What happens if someone steals my coin? Can I disable it remotely with the
app? Can it happen automatically?

Good luck!

~~~
sb23
3 and 4 were answered in their FAQ - a stronger than average electro magnet
will break Coin, and Coin is automatically disabled when it's out of range of
your phone.

------
djhworld
This wouldn't work in the UK, we use chip and pin here. It's extremely rare
these days to find a place that will swipe your card and loosely verify your
signature.

------
ck2
Swipe something user-programmable through a merchant machine.

That might not end well. But I guess that has been an open security hole for a
long time now, hopefully has been addressed.

------
colinbartlett
Seems crazy that it only holds 8 cards. I'm not about to go through all this
effort only to replace _some_ of the cards in my wallet but not all of them.

~~~
jonlucc
Out of curiosity, how many do you have? I think 8 would cover all of the cards
I use at least once every 4 months.

~~~
colinbartlett
About 15. And sure, most I barely use. But sometimes I want to use them and
they're in my bag and not in my wallet. This would be a great solution to that
problem for me if it could hold all of them.

~~~
dismiss21x
I have a money clip, and only carry my most pertinent cards - ID, ATM, and
CCs. The remaining cards, like reward cards or library cards, are in a tin can
in my car - which I drive to wherever I'm shopping, and just remove the card I
need. I can't imagine carrying 15+ cards in my pocket, especially if it is in
your back pocket.

~~~
st0p
I carry around the following: 1 Debit card 1 Credit card 1 Drivers license
(usually I travel with public transport, but I'm required to carry an ID by
Dutch law) 1 Ov chipknip (card for public transport in the Netherlands) 1
Health insurance card 2 Loyalty cards for competing grocery stores (I attend
both of them on a regular basis)

Even though Coin doesn't solve this problem, especially since it doesn't have
EMV which is required in Europe, I'd love to have all off them one card. I
have another boatload of cards at home that are rarely / never used because I
never have them on me when I could use them.

So basically: very cool idea, needs some more thought for the european market
though.

------
pbhjpbhj
Isn't this back to front ... surely you need a trusted player and then you
need Amex/Visa/Mastercard to be able to use that token (the credit card) to
aid identification of a person.

So the card would be like Coin's but would have fixed credentials. Then when
you open an account you'd provide your ID for the bank to register (or sign
the registration with your public key); that account would be added to your
card as an option.

------
dcc1
Wow, i wonder if bitcoin can be integrated into this somehow

~~~
felipelalli
me too.

------
theuri
Curious to hear what the team at Wallaby thinks about this, and whether
they're planning on competing directly or focusing squarely on rewards cards.

------
bonjourmr
Do they know that their logo very closely resembles Australia's largest
investment banks? [http://macquarie.com.au/](http://macquarie.com.au/)

I know this oversight can happen and it sucks, but the two are in the same
industry (Macquraie has a global presence and quite a substantial US one), so
it might come under some sort of copyright infringement. Just a heads up!

------
erock
I'm really unsure how this is any different than the multiaccount product here
[https://www.dynamicsinc.com/Corporate/Products](https://www.dynamicsinc.com/Corporate/Products)

of course with the exception of it altering you if you left it at home,
however that is a bit creepy, and, well let's just say I won't be getting a
coin for my wife anytime soon

------
krutal
[http://getprotean.com](http://getprotean.com) was similarly hyped up last
year, hopefully this one delivers.

~~~
pbhjpbhj
It looks identical in scope and execution ... someone mentioned they did
something at Amex like this 20 years ago, wonder if the patents have expired
now.

------
tjgq
I've always thought that the real solution for the "too many cards" problem is
to get all credit card companies to agree on a card-less payment protocol that
anyone could implement on any device. (And in the process, make all the
transactions a lot more secure by using modern cryptography.)

Alas, I'm afraid that kind of disruption cannot be brought forth in a market
context...

------
drewblaisdell
80% of this product already exists in Simple
([https://www.simple.com/](https://www.simple.com/)).

~~~
abat
Simple looks like a completely different thing to me. It looks like a debit
card connected to a fancy budget tool. It looks like a tool for people who
have basic finances and need help to avoid overspending.

Coin looks like a device that replaces my existing cards, which is a problem I
want help with. I don't want to close my business bank account or get rid of
my credit cards, I just want a lighter wallet.

------
WayneS
Here is a part that I don't get. Do they actually change the magnetic strip on
the 'coin'? Or does it have a fixed VISA number that is tied to your ID and
owned by the 'coin' company. Then they just use the coin app and the timestamp
of the transaction to know which card to charge in the backend.

That would mean the company gets a log of all transactions.

------
frmlobbyist
At Whole Foods they often want to see the back of the card to see the
signature if the purchase amount is over $100. They most had gotten burned
sometime in the past because I go to this Whole Foods in my home town at least
2/3 times a week and the checkout clerks know me and my wife but they still
insist because sometimes we use different credit cards.

------
christiangenco
I just invented something similar.

Though it only supports a maximum of 4 cards, at scale it would cost ~500x
less.

I call it "penny." Here's my prototype:
[http://imgur.com/49auKC4](http://imgur.com/49auKC4)

(reposted from
[https://news.ycombinator.com/item?id=6733584](https://news.ycombinator.com/item?id=6733584))

------
justncase80
I wish your phone had some kind of a unique ID it could broadcast. Then you
could take it to the bank and they would associate it with your account, then
you could just use the phone as your card. You just hold it over the receipt
thing and push a button on an app and boom done.

Now if you could get my phone to be as slim as that Coin that would be pretty
sweet too.

------
habosa
Seems cool to me, obviously a few flaws but not so much that I'm not thinking
about getting one.

Question: what kind of BLE technology goes in a card that thin? Looking into
some applications of BLE myself and I haven't seen anything like that. I'd
love to know what's in the card and how I could build a similarly small
bluetooth device.

------
joshaidan
While there are perhaps many issues regarding whether or not merchants will
accept this product for payments, one thought occurred to me.

What happens when merchants/banks start offering the ability to make purchases
using your smartphone? Doesn't that render this product obsolete? (if I'm not
mistaken, you need a smartphone to set it up)

------
cbsmith
Just people are aware:

[https://www.dynamicsinc.com/Developer/](https://www.dynamicsinc.com/Developer/)

[http://www.cardlab.com/Mobile-Payment.html](http://www.cardlab.com/Mobile-
Payment.html)

[http://www.getprotean.com/](http://www.getprotean.com/)

------
x0054
Wonderful! This is a great tool for restaurant service people to clone your
card. I had my card cloned in a restaurant 2 times. Both times they were able
to trace it to an employee who was cloning mag strips and selling them online.
With this tool it's even easier! Awesome idea, if we lived in a more honest
world.

------
mephi5t0
A lot of cards also moving towards a smart chip implementations on cards. Also
I carry 3 cards with me, 2 CC and a debit. Perhaps I am not the intended
customer for this thing, I do like gadgets but my wallet is fine for now.
Still a very nice idea. I would def follow up to see what happens after Summer
2014

------
X4
wow, I think this seems to be HOT Topic, took a while for me load this.

I know of an alternative that I bookmarked a long time ago. Have just
submitted a link to their landing page, they're practically doing the same,
but allow more card types to be fused and it's a mini-computer. They were on
the market much earlier than Coin and it looks very prestigious & elegant.

The alternative card can be found here:
[https://news.ycombinator.com/item?id=6736606](https://news.ycombinator.com/item?id=6736606)

(A post, because I'm curious how the Echo is worse or better, without
interrupting the Marketing of the Coin, on this board)

I am not sure how to think about this in general, but @nlh has really good
points. I agree with him that he needs the imprints, but to be honest, those
imprints don't guarantee security.

------
fww
Isn't that the guy from the Square video?

EDIT:

[http://www.chrisenns.com/2010/02/square-introduction-
video/](http://www.chrisenns.com/2010/02/square-introduction-video/)
[http://lonelysandwich.com/](http://lonelysandwich.com/)

------
Diamons
I'm surprised nobody's mentioned this.

Q. Which is better; Tiger or Monkey style Kung Fu? A. Depends on the terrain.

If you're a photo sharing / blogging app, sure that kind of tongue in cheek
humor is okay and acceptable.

However if I'm supposed to give you access to my credit cards, that is
entirely unacceptable.

~~~
ponytech
I thought the exact same thing.

------
mandeepj
Sometimes swipe using one of my cards never works. It just does not work. Even
if you swipe 10 times, it just does not work. Weird thing is this happens
randomly. It may work just perfectly at the next shop.

If this happens with Coin then I guess I'm screwed and embarrassed.

I agree wholeheartedly - the idea is good

------
vitalus
Love the idea!

I'm pretty obsessed with keeping the wallet light & thin - this seems to help
out with that.

I wonder if this could potentially store other cards in some way as well? Gift
cards etc - would be super convenient.

Incredible to squeeze that much tech in such a thin form factor - would love
to see the internal hardware

------
berrypicker
What problem does this solve? After watching the video, their value
proposition is: "my wallet is filled with cards, too many" \- i.e. using one
card instead of a few. Is it gaining popularity because of the technology, or
because we're addicted to gadgets like this one?

------
blazingfrog2
Anybody else feeling uneasy about committing to spending serious cash
immediately for a _scheduled_ delivery 7-10 months away for something that
could have many legal ramifications (with the associated delays)?

At $50/card, with anywhere from 5 to 15 cards, it quickly adds up...

~~~
mseidl
It's 50$ for a coin card, not each credit card you have.

------
zshprompt
What stops the person taking the payment from pushing the switch button
accidentally or intentionally. Also I can totally see how people can steal
your card, use the app to put it into their coin then place the card back so
you don't know you've been robbed.

------
samweinberg
>Q. Is Coin password protected?

>A. Your Coin account is password protected and the mobile app requires that
you type in your password before you can access sensitive card details.

There is no way in hell I would trust a single password to protect all of my
debit, credit, loyalty, or gift cards.

------
pit
No kidding about the soufflés. Even walking by the oven at the wrong time can
spell disaster.

------
stevenj
According to the article linked below, Coin is a YC company.

[http://allthingsd.com/20131114/finally-a-new-way-to-pay-
in-s...](http://allthingsd.com/20131114/finally-a-new-way-to-pay-in-stores-
that-people-might-actually-use/)

------
shr0d1nger
I quite like the idea though I don't know whether people would accept it,
guess I can at least use it in ATM!

And referral:
[https://onlycoin.com/?referral=lvCn3taa](https://onlycoin.com/?referral=lvCn3taa)
please use it :)

------
lucb1e
Ooooh such a bummer. We just phased out swiping cards altogether about a year
ago because of the huge security issues.

Sounds cool, then you think about it, then it turns out pretty useless if they
don't partner with everyone.

The demo is very, very good though. Nicely done.

------
a_emme
There's a reason HUGE banks with customers who have significant existing
relationships (Citi Bank - Mastercard, Visa Debit, Heloc, etc) has not done
this, don't you think? Not cause the love printing and mailing plastic....

------
jalfresi
Erm... what problem is this solving? Is having multiple cards in your wallet
really a problem that requires such a convoluted solution?

Sorry, but I really don't see what this is saving me/doing for me? Whats the
problem this solves?

------
nfoz
Obnoxious website

------
3327
So are Coins waterproof? Because my credit card is weather proof. Just
curious.

------
slig
How will this work when CC companies finally migrate to cards with SIM chips?

------
thejerz
Unless I'm missing something: if I lose my Coin card, ALL of my credit and
debit cards are compromised. That's a showstopper. A thief could drain not
just one account, but every account I have.

~~~
pat2man
BTLE tether, card gets deactivated if its not near your phone.

~~~
marcamillion
Does deactivated mean erased?

From what I understand...there is some sort of memory chip on the card that
stores the credit card numbers and info for every card, right?

So what is to stop some chip from bypassing the OS that manages the multiple
cards and just reads the raw data?

Sure, it may be 128-bit encrypted, but if they have the raw dump - then it's
just a matter of brute forcing it to eventually crack it...no?

What am I missing here?

~~~
WesleyJohnson
Well if the coin can be deactivated when it's out of range, that would mean
the coin has to be "smart" because it wouldn't be the phone app doing the
deactivation but the coin itself. In that case, why couldn't the coin take
extreme measures and just wipe its memory? Inconvenient for legitimate
situations where the card is out of range and not accidental ones, but I
imagine it's quick process to reload the coin with your card(s) data.

~~~
Dylan16807
Deleting the data to later copy back from the phone doesn't sound extreme _or_
inconvenient to me.

------
synaesthesisx
Neat concept, but doesn't Google Wallet already integrate this kind of
functionality (via NFC)?

I'd much rather have my financial data stored on my phone as I keep the device
encrypted and can erase it remotely.

------
jackmaney
0_0 This is one of the worst ideas I've ever seen. Yes, let's put all of my
cards in one card so that if it's stolen, then all of my cards are gone.
@#$%^ing brilliant!

~~~
talon88
Try reading the FAQ before your vomit more words onto the screen.

~~~
jackmaney
Yes, because your charming wit is _sure_ to draw out a second thought about
this abomination of a product...

------
rebel
Seems really cool technologically, but I just don't get it as a consumer. $100
so I can carry less credit cards that take up virtually no space in my wallet?
What am I missing?

------
davemel37
Im curious if Coin will capture my purchase data when I swipe. It's bad enough
credit card companies sell my data...I am super paranoid about Coin doing the
same thing.

------
rajacombinator
this is pretty cool. I'm into having a thin wallet but there are a number of
cards I need to carry around currently.

however, $100 is way too much for what is basically a very minor convenience.
$50 is too much. For $20, I'd consider it.

from a business perspective, I wonder if they have deals with the banks. I
wouldn't be surprised if they get slapped with some cease n desists just
because the megabanks want their shiny pieces of plastic on display at all
times.

------
porter
This looks like one of those game changers that everyone says will never work.
But then somehow they figure it out and change the world. VCs should be all
over this.

------
ececconi
Some merchants make you have to give over the card so the person at the
register can type in the last 4 numbers. This won't work with that use case
will it?

------
jaxn
A company wants to have access to information about who I am as well as all of
my purchasing behavior regardless of which merchant it is? Where do I sign
up?!?!

------
PeterWhittaker
Cool idea.

Needs chip support for Canada and perhaps the rest of the world.

~~~
saadshamim
Actually we have nfc in a lot of stores now, majority of the time I use that,
using coin would actually take more time.

------
abalone
So what happens if you hand your card to a waiter/cashier and they
accidentally tap the button while gripping it? "Card roulette"?

------
ryanckulp
Wrote a quickie on how this is a stopgap, but purchased one nonetheless..

[http://kulp.me/1gOpV7I](http://kulp.me/1gOpV7I)

------
tonydiv
IF ONLY he had said, "One coin... to rule them all" at the very end!

What a product, I love it, and I love this guy's quirkiness. Love. Love. Love.

------
floetic
Shameless referral:
[https://onlycoin.com/?referral=HcQJJEjl](https://onlycoin.com/?referral=HcQJJEjl)

------
joshdance
Can Mastercard or Visa prevent or try to prevent this? Also what about cards
that are shown example Costco?

I just wish my phone did all stuff related to money.

~~~
pbhjpbhj
Mastercard and Visa might be able to embrace the technology - adopt it as a
part of their cards and allow people to add on store cards and such. They
might then be able to capture processing info from all the other cards present
too.

The big card issuers then are warranting the card as a token and allowing
others access to verify the token holder. Seems like the way forward to me.

------
yeukhon
The idea is cool, but we already have the idea using mobile phone to check
out. All we need is the ability to bring that alive.

------
panzi
It's this easy to clone a credit card? Why is anyone using credit cards? I
feel confirmed in not having one.

------
karka91
oh wow. Just a month ago I and a couple of colleagues were talking about this
very idea and that this would be a great startup, though we dismissed it
because none of us had any experience in this field and we were afraid of
possible legal issues.

It's great to see that someone actually brought this to life!

------
_random_
Windows Phone not supported -> fail.

~~~
ecspike
Win for all the other platforms with millions more users.

------
nico
I pre-ordered 2 about an hour ago (already got charged), haven't gotten a
confirmation email yet...

------
viame
This is great. I love it. I want to know what did the girl do at 0:11 that he
had to look away. :D

------
obedeugene
Very cool product. Im curious to see how the big guys (VISA, Mastercard) would
respond to this.

------
joshdance
Love the idea. But one of those "I'll believe it when I see it working well".

------
Wintamute
Will this work with chip and pin and/or paywave style contactless payments in
Europe?

~~~
bigdubs
If it did that would be a huge selling point for those of us in the US that
travel overseas.

------
gambiting
Swipe card? Completely useless in most places in the UK, few shops take them
nowadays.

------
raybeorn
Seems like a cool idea. But also seems like a credit card thief's dream.

~~~
beat
Throw enough money and brains at the problems, and it becomes a thief's
nightmare. They've already got a good start, it seems. The credit card
industry already eats significant small-scale fraud, so if you can create a
system that makes it harder, rather than easier, to defraud cards, the big
companies will be all over it. And THEN there will be big, big money.

------
hugofirth
As a European: Chip and Pin?

------
felipelalli
Can I use Bitcoin with this?

------
veganarchocap
What about chip and pin? Or contactless? Is it the same deal?

------
reustle
It's fantastic to see Android support right off the bat!

------
FaceKicker
"Works like a debit card when you swipe it" \- I'd probably get this if I
wouldn't effectively be paying several hundreds of dollars per year for it in
losses of credit card rewards.

~~~
colinbartlett
You won't lose any rewards. It's cloning your credit card number and info and
using it like it was your real card. Their FAQ's address this.

~~~
FaceKicker
Ah, cool, my mistake. Thanks for the clarification!

------
miralabs
here I am thinking magstripes are obsolete. where I stay (Singapore), most
transactions are done via EMV. Its rare to find the use of magstripes.

------
kumarski
Hackernews is sometimes a contrarian's paradise.

------
Houshalter
This is amazing. Mildly annoyed at the name though.

------
dc_ploy
They need to fix their closed captioning.

------
ivanbrussik
for me this would be worth it just to have as a bluetooth security device when
i lose/forget my wallet.

------
dohertyjf
SHUT UP AND TAKE MY MONEY

------
acsta
have you seen www.getsolo.com they have some patents on this.

------
homakov
how many cards we have? I have 3 and see no use in coin

------
fierycatnet
Coin aka Wallet...

------
rejected2013
i cant wait for this to come out

------
taigeair
no chip...

------
joshstevens
This needs to be brought to Europe.

------
Eleutheria
How about an altcoin card with all my cryptos in it? Pick a coin, swipe and
deduct from my account?

There is a huge window of opportunity in the altcoins market right now.

------
Void_
So no holography technology like that in the video? I'm disappointed.

~~~
kkamalov
agh. i have preordered coin because of that feature...

------
insomnie
Feel free to use my referral code.

[https://onlycoin.com/?referral=eHXIYcMX](https://onlycoin.com/?referral=eHXIYcMX)

~~~
untog
You're too kind.

