Hacker News new | past | comments | ask | show | jobs | submit login

Their FAQ says that future versions will support chip cards.


I have no confidence they will be able to support EMV cards. I'm sure they'd like to, but consider that Square hasn't managed to yet and their business / funding / engineering talent is considerably larger than Coin's. There are many, many regulatory issues involved with EMV.

The whole point of chips is they can't be cloned. This whole product works by cloning.

It's probably too strong to say that they can't be cloned, but I don't think the banks would be very happy at all with someone selling chip skimmers to end users. I'm not sure if users should be happy with that either.

There are a variety of theoretical attacks on EMV cards. Some involve compromised reader devices. Some involve ingenious card-like devices that talk wirelessly to a device containging the real card and change some of the data exchange going back and forth. This may allow some transactions to circumvent PIN or other validation but all requires the original, stolen card.

One I just read about (yescard) could allow you to clone a card and could be used (most likely) for a half dozen low-value offline transactions. But it has no keys so can't fool the bank.

You can get a card reader/writer on the open market for about $10. Writeable cards will cost you a little more. Problem is that the card you want to clone isn't going to give up the goods in terms of private keys, PIN validation data etc, so like the yescard, it's going to be of very limited use.

It's not too strong to say that - they've been used for many years, there are decent financial incentives for organized crime to clone the cards, but the industry hasn't seen any "chip skimmer" yet.

I think you're going to have a very hard time cloning them. Security researchers have worked on this for years, while the card manufacturers have learnt from their mistakes and adapted.

I can't wait until version 2.0 comes out and they send you a padded envelope in which you're supposed to ship to them all your chip and pin cards so they can clone them into your device.

Wow, this is a huge red flag to me that I missed the first time I looked at the site. There is absolutely no way they're going to be able to support cloning EMV cards. Maybe they mean something else, that the'll support EMV in coin so long as the data comes from somewhere else (eg the card issues partner with them). But without stating more details it's very misleading.

Consider this: The incentive for the banks in using chip and pin cards is that they are supposed to be near impossible to clone, and thus there is a "liability inversion": Unlike with mag-stripe + signature cards, with EMV cards, the assumption is that if the pin was used, the customer is liable. With some exceptions.

Couple that with massively reduced fraud.

Now, if they allow a method for cloning these cards, both of those go out the window: Criminals will just attack the weakest point, which is going to be whatever mechanism Coin would use to allow cards to get added to their device.

As for the US market: Consider that pretty much all large US banks have committed to start rolling out EMV cards (though many will roll out chip + signature rather than chip + pin, which seems the height of stupidity)

I don't work for Coin and I don't have any idea if they can pull off chip card support or not. I simply said that they claim it's under development.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact