Sunday, December 4, 2011

BLINK℠ and NFC, the swipeless credit card - what's the point?

Hearing all this buzz about cell phone manufacturers starting to offer credit card services using the near field communication (NFC) interface in their devices, I noticed that my Chase credit card has the BLINK℠ thing in it. It's not that I didn't know about it before, I remember (vaguely) how I received some years ago a renewed card with a colorful booklet describing a bunch of benefits the new BLINK℠ technology carry. Although the booklet was designed in a mood how it is impossible to stay alive anymore swiping credit cards old school, I was not very convinced that time. OK, I tried the new card once at a fast food register's BLINK℠ marked reader to make sure it works. Well, it worked. And that's about it. The question is, is it really "Fast, Easy and Secure" as it is advertised?

Fast? Maybe. It takes a split of a second to transfer the credit card number to the register. Let's say I save a whole second per transaction using BLINK℠ against the classic swipe, which is very generous estimate I'd say. Now let's say I use my card every day (which is hardly true, but come on, for the sake of estimate...). That's going to be 365 seconds a year. Wow! The whole 6 minutes! It's like cutting a line of a few people at a coffee shop once in a year. What a super time saver! Sorry for sarcasm, couldn't help it.

Easy? Well, for example, you may even tap your wallet at the card reader without bothering to pull your card out. However it's going to work only if the credit card you want to put the charge on is the only RFID/NFC equipped card in it. If you have however an office access ID card or parking ramp entrance card or any other RFID device in your wallet they might interfere with each other. OK, let's say you're fine. But you still have to use your hand(s) to do it. OK, maybe if merchants mount the card readers a special way at the registers for customers' convenience so you can scan your BLINK℠ card by merely turning around and touching the reader with the part of your body where your wallet is usually tucked in a pocket, then it might be noticeably easier.

Secure? This is a very big question. Even though Chase claims that the card can be scanned only at 2 inches or less away from the reader, I doubt that there is no way to craft a more sensitive device that could read RFIDs or NFC interface from a longer distances. Anyways, it requires a split of a second to be at 2 inches proximity to read the card ID. And the transparency of leather and denim for it, what makes the technology so convenient, also makes it so vulnerable.

So what's the point? Even replacing the plastic credit card with a smartphone, how is it different from replacing an expired credit card with the renewed one with that BLINK℠ thing in it? It's not going to make the transactions "faster, easier and more secure". It's not going to lower the transaction costs which eventually are passed to the consumers anyway. It's not going to shorten the lines at the cash registers. Or, wait, is it? What if this time it may allow you bypass the line at all?

Look. I have (you have, many other people have) a quite powerful computing device in a pocket. The device is equipped with a hi-res camera, hi-speed internet connection and, well, NFC interface. Technically, with a carefully designed software, it is possible to scan the merchandise ID (the bar code with the camera or the anti-theft RFID tag with the NFC), send a transaction request to the merchant's server, communicate with the bank or the credit provider to authorize the transaction, connect the merchant with the bank, and upon approval close the transaction. It's basically putting the whole cash register into the hand-piece. That would be really fast (no waiting in the line) and easy (beep-beep, done) and secure. Yes, secure. With proper digital keys exchanging among the buyer, the merchant and the banks over strong-encrypted connections there will be more room to achieve much higher levels of security than with a cheap microchip in the plastic credit card. Plus, the RFID tag of the bought merchandise can be immediately removed (marked) from the merchant's database so the EAS alarm at the store entrance will not go off when you walk out with the just purchased good. Self-check-out lane? - No, thanks. I've already checked out myself.

Not a very job-creating idea. And it requires changing many habits, both shopping and selling. But technically it's already feasible. Isn't it?

Update 3/1/2012: Ignacio Mas just mentioned similar idea today in his article "Me, My Money, and My Devices" at Technology Review: "Now that we have a virtual card and card reader right in our pocket in the form of a smart phone, who will be content to carry a credit card we cannot ourselves read?" I'm glad we're on the same page, Ignacio, we're getting there.