Thread: CharlieCards v.v. Oyster (and Octopus?)
View Single Post
  #856   Report Post  
Old March 19th 12, 09:00 AM posted to uk.railway,uk.transport.london,misc.transport.rail.americas
Roland Perry Roland Perry is offline
external usenet poster
  
First recorded activity at LondonBanter: Aug 2003
Posts: 10,125
Default card numbers, was cards, was E-ZPass, was CharlieCards v.v. Oyster (and Octopus?)
In message , at 23:18:10 on Sun, 18 Mar
2012, Stephen Sprunk remarked:
the airline I usually fly stopped accepting cash for in-flight snacks
several years ago; they only accept cards now--and they _do_ have
online authorization.

Presumably using the same infrastructure as permits in-flight phone
calls? I wonder if it works offshore.

(On another note, I flew Transatlantic with such an airline last year,
and did wonder how they cope with unaccompanied minors, who almost
certainly won't have any cards).

The problem you identified exists, but is not serious enough that it
needs a solution.

That is a much more reasonable response. I even grant that may be the
case, but we don't have sufficient data to presume it is correct.

There is plenty of data (for example an understanding of the way that
industries such as that conduct themselves) to support my point of view.
As it's a UK company, I'm in the UK, and you aren't, I'm not
particularly surprised that this data is less evident to you than it is
to me.

There is also opportunity cost in not accepting money
from potential paying customers who only have a debit card.

You can use cash as well. Although the chances of (eg) needing paid car
parking and not having plastic is pretty small.

And if someone has only a debit card and no cash, you're going to throw
them off the train? What is the cost of doing that--particularly the
cost in PR?

There's never been a question of not-accepting debit cards. Some now
deprecated *versions* of debit cards are not accepted,

That isn't how the problem was initially presented in this thread: that
_all_ debit cards were refused, based on the assumption that they were
more likely to be declined and therefore a higher risk for offline
transactions.

If that is not actually correct, that changes the entire conversation.

I don't know if you had a different posting in mind, but looking up the
subthread I found this one:

In message , at 15:19:12 on Fri, 2
Mar 2012, Adam H. Kerman remarked:
This Web page discusses payment methods that also apply to paying
on train:
http://www.nationalrail.co.uk/times_...t_methods.html

Credit/Debit/Charge Cards

All National Rail train companies accept the major cards
such as Visa, Visa Delta, MasterCard, Maestro and Amex.
Some train companies also accept Diners Club International,
Solo and Electron.

Where the only debit cards not accepted are Solo and Electron (and where
I think the "some also accept..." should really read: "a very few might
also accept...").

All that it takes to beat an offline payment system is to obtain a valid
card with no funds available--hardly equivalent to breaking into Ft Knox.

Obtain (along with the PIN for the Chip) by theft?

Getting one in your own name, then "doing a runner" is not something you
are likely to be able to repeat, as previously discussed.

Someone (you, I think) said that the current terminals accept _any_
credit card presented. That means I can just print up my own cards with
random numbers and ride for free

No, because you'd have to make a Chip (for the C&P) that validated
correctly.

Are you sure they require EMV, eg. they don't accept US non-EMV cards?

Absolutely sure.

So far, there's been no reported incidence of someone being
able to counterfeit the chips (and I'm quite sure a lot of people have
been trying for years).

It may have been an earlier "Chip and PIN" system, but I recall a case
of a man in France being jailed in the 1990s for demonstrating to a bank
his ability to counterfeit their chips.

Even if that wasn't EMV, it's just a matter of time until someone
figures out how to do it.

In the mean time, it's so unlikely, especially if the objective is
stealing a few train tickets, that we can discount it.

--and the carrier doesn't know until the
terminal uploads the card information later, long after I'm off the
train.

Using _my_ credit/debit card for such a fraud would be silly.

So it has to be a stolen one, where you know the PIN.

In the above case, the man created a chip that accepted _any_ PIN and
could be programmed with _any_ card number.

Again, I don't know if that was EMV, but if not it's just a matter of
time until someone figures out how to do it.

The entire "smart card" industry, like the DRM industry, relies on
hackers not being able to access data that they physically possess.

See above.

I remember the stories, like people being charged vast roaming fees to
call from (eg) Minneapolis to St Paul.

The other end of the call had no effect on roaming charges; what
mattered was the "service area" you subscribed to and from which
carrier. So, if you lived in NYC, traveled to Chicago and made a call
to a "local" number, you would be charged roaming fees for being out of
your service area plus the LD fees from NYC to Chicago.

Indeed, and I should have made it clear that in my example it was
implied that someone's "service area" would only have been one of the
twin cities, and not both. With predictable consequences when they
picked up a tower in the wrong one.

I don't know that case in particular, but the much larger Dallas/Ft
Worth area was a single "service area". OTOH, as stated (and snipped),
it would have been entirely possible to end up on the "other" carrier's
towers--and pay roaming charges--even in your home service area if you
wandered into a dead spot in your own carrier's coverage.

It sounds like similar nonsense still afflicts the UK, which could
explain why your coverage is so spotty: there is no incentive for
carriers to improve it.

All calls are at the same national rate, so geographic service areas
simply don't exist. It's true, however, that "domestic roaming" between
the different networks would improve the coverage experienced by
customers.
--
Roland Perry
Reply With QuoteReply With Quote