Bitcoin smartcard Point of Sale terminal

[grue]

and do you realize that my attack simply involves making a second transaction, which for all intents and purposes is identical to a normal transaction? until there's a way to prevent the attack, i don't see any point in discussing merchant adoption of an insecure system.

grue, I understand that your attack has relevance to standard smart cards.  How much relevance, I'm not sure, since those basically require you to trust the POS terminal regardless.

But I want you to look again at the hardware I'm proposing be used, and to think about the process flow:

• The terminal sends the transaction amount to the smart card.
• The transaction amount is displayed on the smart card.
• The user presses the button on the smart card to verify the amount.
• The smart card creates and signs the transaction.

http://www.nidsecurity.com/products/106-details.jpg

There is no way to create multiple transactions without consent.  There is no way to create transactions with the wrong amount without consent.  No sensitive information is transferred to the terminal.  All transactions are created on the card itself using Bitcoin keys that never leave the card.

I see your point now, thanks for clarifying it.

[1715081087]

1715081087

[1715081087]

1715081087

[1715081087]

1715081087

[kjj]

and do you realize that my attack simply involves making a second transaction, which for all intents and purposes is identical to a normal transaction? until there's a way to prevent the attack, i don't see any point in discussing merchant adoption of an insecure system.

grue, I understand that your attack has relevance to standard smart cards.  How much relevance, I'm not sure, since those basically require you to trust the POS terminal regardless.

But I want you to look again at the hardware I'm proposing be used, and to think about the process flow:

• The terminal sends the transaction amount to the smart card.
• The transaction amount is displayed on the smart card.
• The user presses the button on the smart card to verify the amount.
• The smart card creates and signs the transaction.

There is no way to create multiple transactions without consent.  There is no way to create transactions with the wrong amount without consent.  No sensitive information is transferred to the terminal.  All transactions are created on the card itself using Bitcoin keys that never leave the card.

This is a good model for a hardware wallet.  It is essentially the same model as the "box with serial port" model that has been discussed in many other threads.

My only objection is that I think that smartcards are a lousy choice for this model.  But, in parts of the world where smart card terminals are common, the network effect may very well be more important.

[Realpra]

Yes I think there's no debate that those cards would be safe, but what do they cost?

5$ range is fine, but I think above 15$ will hurt us a lot.

Anyway there is no reason our protocol cannot include both smart cards and super cards at the same time:
* Same form, shape and chip connectors.
* With normal cards the amount is sent and then you punch a PIN - tx sent.
* With super cards the amount is sent then button pressed - tx sent.

-> The terminal won't really need to know the difference, just send the amount and wait for tx (relaying the PIN with smart cards of course).

[benjamindees]

I imagine the "super" cards will be in the range of $20+.  That's probably fine for elite users and the security-conscious.  It will be competing as a more secure alternative to smart phones.  So it's in a niche market anyways.

For regular smart cards, maybe they could be paired with some type of online service that keeps an eye on merchants and perhaps validates transactions based on buying patterns.  At the very least, it would be nice to receive some type of statement at the end of the month to be able to detect fraud.  Otherwise, with nothing but the blockchain to go by, it would be basically impossible to know whether your grocer has a hacked POS terminal that is ripping you off.

So, just from what we've come up with so far, our universal POS terminal is looking at supporting:

• Smart phones via QR code / NFC
• Super cards via contact (/ contactless?)
• Smart cards via contact
• Online balance service
• Online transaction verification service
• Online "lite client" service?

Then on top of that add interfacing with the merchant's accounting system.  And besides magstripe and contact/contactless credit cards, you're competing with Paypal and Dwolla and that new Canadian Mint thing.  It's likely that none of those will cooperate to share hardware.

[finway]

This will be much more convenient!

[Haplo]

For regular smart cards, maybe they could be paired with some type of online service that keeps an eye on merchants and perhaps validates transactions based on buying patterns.  At the very least, it would be nice to receive some type of statement at the end of the month to be able to detect fraud.  Otherwise, with nothing but the blockchain to go by, it would be basically impossible to know whether your grocer has a hacked POS terminal that is ripping you off.

If you have access to a desktop running bitcoind or other client, it should be trivial to get said client to track tx to/from your card address. Remembering which tx went where is another story, but at least you could have some idea.

Then on top of that add interfacing with the merchant's accounting system.  And besides magstripe and contact/contactless credit cards, you're competing with Paypal and Dwolla and that new Canadian Mint thing.  It's likely that none of those will cooperate to share hardware.

Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

[BitcoinAndie]

Then on top of that add interfacing with the merchant's accounting system.  And besides magstripe and contact/contactless credit cards, you're competing with Paypal and Dwolla and that new Canadian Mint thing.  It's likely that none of those will cooperate to share hardware.

Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

Dwolla is a takeover target once they reach scale, it may even be after they go public if the I-Bankers can circle a deal.  Paypal senior management is being poached by the big banks and Google as they look to take back share in non US markets via their SWIFT relationships under the guise (gun) of FAFT's KYC rules.  So neither are good analogies nor reliable partners.  The banks don't like VISA/MC since they went public as the objective of the associations are no longer aligned with those of the banks. Meaning as public cos they now have to show increasing profits on a quarterly basis, prior to going public they were a utility function operating on behalf of "all" participating banks.  

The banks will look to alternate clearing and settlement systems as these opportunities present themselves. This effort will be lead by the Cash Management/Treasury guys (think checking and payment services for businesses). So for example, KRAFT's snack food distributors in Indonesia, will use a handheld internet device to collect e-payments from the retail stores on their route. The store owners may have a cell phone, or even just a simple pin number linked to a bar code that identifies them and their account at the bank.  The point is that where there hasn't been any installed infrastructure the one being developed is based on mobile technology. These direct connects to the bank use ACH (like Dwolla) or the local market equivalent and not VISA/MC.  Thus in may ways, the US market is an anomaly, we have little economic reason to move beyond card-based systems.... at least for the moment. Thus the craze over flimsy dongle technology like Square and ISIS.

I still think that mobile payments is the way to go, and that all of you gents with mad skills ought to working on making a mobile app that uses tokenization and secure data transmission to effect payments via an automated BTC clearing house.

[grue]

I imagine the "super" cards will be in the range of $20+.  That's probably fine for elite users and the security-conscious.  It will be competing as a more secure alternative to smart phones.  So it's in a niche market anyways.

For regular smart cards, maybe they could be paired with some type of online service that keeps an eye on merchants and perhaps validates transactions based on buying patterns.  At the very least, it would be nice to receive some type of statement at the end of the month to be able to detect fraud.  Otherwise, with nothing but the blockchain to go by, it would be basically impossible to know whether your grocer has a hacked POS terminal that is ripping you off.

So, just from what we've come up with so far, our universal POS terminal is looking at supporting:

• Smart phones via QR code / NFC
• Super cards via contact (/ contactless?)
• Smart cards via contact
• Online balance service
• Online transaction verification service
• Online "lite client" service?

Then on top of that add interfacing with the merchant's accounting system.  And besides magstripe and contact/contactless credit cards, you're competing with Paypal and Dwolla and that new Canadian Mint thing.  It's likely that none of those will cooperate to share hardware.

the cheapest & easiest to implement would be an android/ios client. nearly everyone has a cell phone, and if you're just signing transactions, you don't even need a data plan. however, this will require some way to transfer the signed transaction back to the POS terminal (maybe camera to scan QR code?), so you're looking at additional costs for the merchant.

[BitcoinAndie]

the cheapest & easiest to implement would be an android/ios client. nearly everyone has a cell phone, and if you're just signing transactions, you don't even need a data plan. however, this will require some way to transfer the signed transaction back to the POS terminal (maybe camera to scan QR code?), so you're looking at additional costs for the merchant.

So, what do you think of the P2P upstart BUMP?

[benjamindees]

Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

Dwolla basically has mobile web payments, so I guess there isn't any hardware involved.  And Paypal apparently uses standard mag stripe cards.  So perhaps not.

[BitcoinAndie]

Do paypal and dwolla have physical POS methods that don't rely on VISA or mastercard? Maybe I'm missing something. That canadian mint thing sounds like a citizen tracking collar to me. It'll be a disaster of human rights and a disaster of identity theft. I don't think Canada is really the ideal market for bitcoin anyway.

Dwolla basically has mobile web payments, so I guess there isn't any hardware involved.  And Paypal apparently uses standard mag stripe cards.  So perhaps not.

At present, all physical POS methods rely on the Visa/MC networks.

Dwolla uses the ACH to move money among bank accounts. Eventually they could move into prepaid/debit cards. If they do they would run their payments on the existing VISA/MC payments networks.

Paypal also uses ACH as its base. Their payment cards run on the VISA/MC networks.  For vendors wishing to accept card payments, Paypal offers a private label version of ISIS or Square (not sure which) hardware.  You know--those portable plastic mag strip readers that attach to cell phones enabling mobile VISA/MC payments.

One might be able to repurpose those ISIS or Square devices. They read the mag strip and send that data along with the merchant # and courtesy amount to a previously established phone number... ultimately Paypal's third party card processor's data center.

[Stephen Gornick]

They will be using magstrips and paper. If Bitcoin cannot adapt to magstrips, paper, and sms, then it will require bucking the system. It's too expensive to try to educate the masses about new gadgets.

If you notice, that's how Square is proceeding.  Step 1 is to get merchants onboard using new software, but the payment methods are the same yet (magstripe swipe or cash).  Added to that is the optional mobile data (where the customer's presence is shared with the merchant ... "pay using your name").

Once there are enough users doing that, Square can switch to having accounts the app also function as a wallet so that transactions for mobile users don't go through their credit card anymore.    Square can do this because the fraud rates are lower when GPS data + security at the merchant's point of purchase (e.g. video cameras, face-to-face transaction with a cashier) makes fraud harder to get away with.

Here's how Bitcoin can piggyback onto Square's progress though:
 - https://bitcointalk.org/index.php?topic=2732.msg843575#msg843575

[BitcoinAndie]

Square can switch to having accounts so that transactions for mobile users don't go through their credit card anymore.

How would Square switch to having accounts? Whose accounts? The customer's or the merchants? How would funds get into those accounts? 

[Stephen Gornick]

How would Square switch to having accounts?

Or a "wallet", if that is a better term for it.  These are simply accounts that carry a balance, just like what PayPal, Venmo, Dwolla, American Express' Serve, etc. all have.

Whose accounts? The customer's or the merchants?

I think you are confusing what I am saying with the old "merchant"-centric models.  Square is P2P, except one side doesn't necessarily need to have a square account -- just a magstripe card.

Every person running the Square app can be a merchant though.  So there really isn't the concept of "customer" and "merchant" anymore -- at least not to Square (and Dwolla, and Venmo, and PayPal, and Serve, and ... ).

And just to clarify, that person who just swipes a magstripe card doesn't have an "account" with Square.

How would funds get into those accounts?

Same ways as with PayPal, Dwolla, Serve, Venmo, etc.  One way is to receive a payment from someone else and just hold onto it rather than having it simply pass through and funds withdrawn to a bank account.  Or the funds can be add using an ACH pull, just like how PayPal, Dwolla, VenMo, Serve, etc. do it.

It's the natural next step for Square to add a wallet once they have enough people using their app.   I'm not sure why they haven't done it already.  Probably because it adds complexity and is expensive to administer.  But eventually they will, I would bet.

Starting out Square Register by having it be the simplest it could be (a free app for iPad + a $10 dongle) and making the design super simple yet be a fully functional point-of-sale system is a very smart and unprecedented approach.

[BitcoinAndie]

Stephen Gornick interesting in theory, but I think it's a bit trickier to move from mag strip (which triggers the debit or credit card networks) to ACH like Dwolla. When a card is swiped the "merchant acquirer's" bank/card processor is contacted to effect clearing settlement.  It is possible that Square could put in a middle office that takes all mag strip "calls" and routes them according to "on us" vs "off-us" transactions where "on us" are transactions where both parties have Square "wallets" and thus like Dwolla would be a cheap ACH transfer.  So, while I can see the utility developing a large user base, I cannot yet imagine how Square is not just another interface into the Visa/MC networks.

[2_Thumbs_Up]

Why should we divert resources into creating smart cards when the rest of the world are moving away from them?

[Stephen Gornick]

When a card is swiped the "merchant acquirer's" bank/card processor is contacted to effect clearing settlement.

Square is the "merchant" in the traditional sense of how a card swipe transaction transaction occurs.  Square can do whatever they want with the proceeds.   They just happen to, today, sweep those proceeds (less 2.75%) to the Square dongle account-holder's bank account.  If they instead wanted to let their account-holder's accumulate a balance for all card-swipe payments received, they could do that.

I cannot yet imagine how Square is not just another interface into the Visa/MC networks.

Today, that's all they are.  But they aren't making much money because they charge just a 2.75% swipe fee and are in-turn paying most of that out in fees as well.

But once Square adds the concept of a wallet, then if a Square user (Alice) does a $100 sale she gets $97.25 but she lets it sit in her Square wallet.  Then when she uses it to send money to another Square user (Bob) , Square gives Bob just $94.57 ($97.25 less 2.75%) and keeps the $2.68 difference.   That' how PayPal has been functioning since 2001.  There's nothing tricky about it.

[BitcoinAndie]

Hasn't Paypal launched a private label version of Square or perhaps Square's competitor Isis? It'll be interesting to see if Square can carve out a portion of the market place beyond their utility function.  My bet is that they'll be acquired before they can.

[Realpra]

The idea behind the square devices are exactly what I envision; a small card adapter plugged into your phone and installing an app.

I think however that a simple cable/smart card reader would be cheaper than a licensed square device.

Further if they are based entirely on magstripes I don't its safe enough for BTC use.

Why should we divert resources into creating smart cards when the rest of the world are moving away from them?

What are your sources?

My government just sank the equivalent of 120 million US dollars into another smartcard system (public transport).
Its waaay to expensive and unnecessary, but the system itself actually seems to work well enough.

Everyone here uses smartcard credit cards too.

I am currently in the neighboring country and they also use smart cards - THEIR similar system has been in place for a while and works perfectly.


I remember using mag cards once but those days are gone now and I honestly find the difference is nil and both are faster to use than cash.

[DeathAndTaxes]

My question is, even if you load BTC to your smartcard's address without connecting it to your computer somehow, how does the card know how much is on it? Seems to me it'd be up to memory and luck to make sure you didn't overdraft, which would end up sending an invalid tx anyway.

Loading is simple just send funds to an address the card has.

Making the card aware of its current balance is a different thing obviously that requires (indirect) access to the blockchain.  One option would be to keep the number of private keys relatively small and have that performed as part of every transaction.  Each tx the card says "here is a list of my keys", and the POS machine says "here is your list back w/ your balances".  Users could do the same thing at home with smartcard reader.

More importantly, how do you set your pin without a central authority doing it for you? I think it's also worth noting that if a card continuously re-uses a single address, then it kinda kills your privacy too.

PIN would be internal to the card.  I would imagine a system as simple as connect card to computer, enter old pin, hit change pin, enter new pin.  There would be no registry of PINs because each card would be smart enough to validate its own PIN.

The simplest solution which provides minimal privacy would be to have deterministic key generation.
All funds are held in one address (value address), all tx send balance to change address which becomes the value address, and the card "forgets" the old value address.

Address A (100 BTC).
Tx1: A (100 BTC) -> M1 (10 BTC)  & B (90BTC)
Tx2: B (90 BTC) -> M2 (15 BTC) & C (75BTC)
Tx3: C (75 BTC) -> M3 (5 BTC) & D (70BTC)