In this article, we'll find out what sets blink cards apart, whether or not they are safe to use and why credit-card companies are so interested in this new technology.
What is Blink?
Not Exactly New Tech
Mobile introduced the Speedpass in 1997. Speedpass is a small device on a keychain (called a fob) that users wave in front of the Speedpass logo on gas pumps. The cost of the gas is automatically deducted from the user's Speedpass account.
The new blink credit card is just like a regular credit card in many ways. It has the account holder's name and the account number embossed on the front of the card. On the back is a magnetic strip containing the account information, so the card can be used anywhere regular credit cards can be used. The key difference is inside the card.
Embedded within the blink card is a small RFID (radio frequency identification) microchip. When the chip is close enough to the right kind of terminal, the terminal can get information from the chip -- in this case, the account number and name. So instead of swiping the magnetic strip on the card through a standard credit-card reader, card holders simply hold their card a few inches from the blink terminal. The card never leaves the card holder's hand.
As with standard credit-card transactions, the terminal then sends the information via phone line to the bank that issued the card and checks the account balance to see if there is room on the card for the purchase. If there is, the bank issues a confirmation number to the terminal, the sale is approved and the card holder is on his or her way.
Now, let's get into the technical details of blink.
RFID and Blink
Credit cards using blink technology employ RFID. There are many forms of RFID. For example, Wal-Mart has experimented with putting RFID chips on their merchandise so they can track inventory automatically (see How RFID Works).
Blink uses a specific kind of RFID developed under International Standard 14443. ISO 14443 has certain features that make it particularly well-suited to applications involving sensitive information, such as credit-card account numbers:
* Data transmitted by ISO 14443 chips is encrypted.
* The transmission range is designed to be very short, about 4 inches (10 cm) or less.
As a result, ISO 14443 is used in more than 80 percent of contactless credit-card transactions worldwide [ref]. Recent additions to the standard allow ISO 14443 technology to store biometric data such as fingerprints and face photos for use in passports and other security documents.
To understand how the contactless card and terminal work together, first we have to talk about induction. In 1831, it was already known that an electric current produced a magnetic field. That year, Michael Faraday discovered that it worked the other way around as well -- a magnetic field could produce an electric current in wires that passed through the field. He called this induction, and the law that governs it is known as Faraday's Law.
In some cases, induction is something electrical engineers try to avoid. For instance, if the electric lines in your neighborhood run too close to the phone lines, the magnetic field produced by the electric lines can generate voltage in the phone lines. This voltage shows up as "noise" in the signal passing through the phone lines. Shielding and proper orientation of the lines can prevent this interference.
For RFID devices such as blink cards, engineers have harnessed induction. Each blink card contains a small microchip as well as a wire loop. The blink terminal gives off a magnetic field in the area around it. When a blink card gets close enough, the wire loop enters the terminal's field, causing induction. The voltage generated by the induction powers the microchip. Without this process, called inductive coupling, each blink card would have to carry its own power supply in the form of a battery, which would add bulk and weight and could eventually run out of power. Because the power is supplied by the terminal, the blink system is known as a passive system.
Once the blink card has power flowing to it from the terminal, the processor then transmits information to the terminal at a frequency of 13.56 MHz. This frequency was chosen for its suitability for inductive coupling, it's resistance to environmental interference and its low absorption rate by human tissue [ref]. Instruction sets built into the processor encrypt the data during transmission.
In the next section, we'll see if blink users need to be worried about security.
Security
Whenever credit cards are involved, people are worried about security. Sending the credit-card data to a terminal via a radio signal might not seem very secure. But when the process operates properly, it's actually more secure than using a magnetic-strip credit card. The information on a magnetic strip can be read, altered or duplicated using a variety of devices that have been available for years. The encryption built into a blink card make this particular form of theft impossible. Also, using the blink card allows the user to keep the card in his or her hand the entire time. This could prevent someone from seeing the account number and name on the card.
A signature is not required when using a blink card, which leads to security concerns. Chase feels that the encryption and other security features built into blink make the card secure without the need for a signature, which would slow down the transaction and defeat the purpose of blink altogether. They even suggest that it makes the transaction safer, since the clerk never sees the card or account number. The problem, of course, is that if someone gets his or her hands on your blink card, there's no need to verify anything at all in order to use it in a store. But Blink users are no more accountable for fraudulent charges than any other credit-card user.
There have been reports of problems in the testing of contactless RFID credit cards, however, that lead to additional security concerns. In some cases, if two or more terminals were close together, not only did both terminals read the card, but the read range of each terminal increased to as much as 30 feet (9 m) [ref]. Even if the terminal is operating within the proper range of 4 inches, some people are worried that they could accidentally walk too close to a terminal and end up paying for someone else's purchase. The simplest safeguard against this is probably merchants positioning the terminals in such a way as to make this unlikely.
The worst case scenario involves someone getting their hands on a blink terminal and modifying it to increase the range. Potentially, someone could set up the terminal at a crowded location and collect the credit-card data of anyone who came within the terminal's read range. This probably won't be a concern at first, since few terminals will be available, but if the technology matures, blink terminals could fall into the hands of criminals.
There is a way to protect blink cards from giving out their information to unauthorized terminals, either accidentally or due to criminal activity. If the card is placed in a sleeve lined with metal, it will not function. If contactless credit cards become popular, expect to see "RFID blocking" wallets and purses on the market.
Why Blink?
If you're asking yourself, "Why is this such a big deal? How is holding your card in front of a terminal any different from swiping it through a card reader?" you're not alone. According to Chase, blink speeds up transactions, particularly at drive-throughs, by as much as 20 percent. This may have more to do with the fact that blink cards don't require a signature than with the swiping issue.
So why institute blink technology at all? Why not just stop requiring signatures on regular credit cards? The answer may be Chase's national press release, which states, "Research has shown that customers who use blink cards often spend more per transaction." In addition, the novelty of blink could lead consumers to apply for Chase credit cards so they can use the new technology. The end result is more money for the company supplying the cards. Critics point out that credit-card companies encouraging people to spend more money and to do it more quickly is not a good thing for consumers [ref].
While Chase is the first credit-card issuer to adopt RFID cards on a large scale, other companies are getting in on the action. MasterCard's PayPass and American Express' Express Pay have been implemented in select markets. What else does the future hold for contactless credit cards? The biggest impact could be seen in the form factor of credit cards. Much of the credit-card market is driven by personalized cards with images of the user's favorite sports team, national parks and other graphics that create additional appeal. Without the restriction of the magnetic strip, credit "cards" could come in any shape, from keychain fobs to miniature toys or sculptures to coins that fit easily into a pocket. An RFID chip could even be sewn into a jacket sleeve or implanted into your hand. Ultimately, consumer acceptance will determine how the technology is adopted.
