Credit Cards and Magnetic Strips in the USA

Yes, in the USA we still use magnetic strip on credit cards.

I’ve had some interactions with some people online more than once when I found myself explaining this. One of the more recent incidents was about a phone that used magnets to keep something in place. I had commented that with such a phone I want to make sure that it didn’t get near my bank cards because of the magnets. I received responses of confusion from this. I’ll address some of the frequent responses.

  • Why does it matter if it gets near a magnet?
    – If a credit card is in contact with a magnet that is strong enough or for long enough then the data on the strip can be damaged making it unusable in magnetic strip readers.
  • Why not use contactless payment?
    Banks in the USA for the most part don’t issue contacless cards. I’ve checked for them and have found they do exists if you get a very “product” from that bank. For example if you have a card from Main Street Bank Visa (a bank name I’ve just made up) then it might not be contactless, but if you got the Main Street Bank Visa Barbie Edition (also a made up card) then it may have the contactless feature.
  • Why not use the Chip and Pin
    The chip isn’t accepted at some POS terminals. For credit cards in the USA we almost never use pins. For bank cards associated with a checking account though a PIN must be entered if the card is processed as a bank card instead of a credit card. High volume stores including fast food also prefer not to use the pin. The amount of money they can make is heavily dependent on how quickly they can complete the purchase process and they risk loosing money on missed sales than fraud at heavy times.

Typically, people in the USA that do have experience with contactless payment have it through Apple Pay or Samsung Pay. While Android Pay had been present years before it was hamstrung by three of the four nationwide phone carriers here. They decided to block Android pay and created their own payment system. Their system was called ISIS and based on the American Express SERVE cards. But things happened in the news and the ISIS name was no longer a name that was marketing friendly.  They changed the name to Softcard but the effort ultimately failed.

I myself was able to use Android Pay for some time since I had a Google phone that wasn’t distributed through the carriers. It worked fine until Apple Pay was released. When Apple Pay was released many major retailers decided to deactivate their contactless receivers. They wanted to have in on mobile app payments and they blocked such payments all together. Now, if I entered a store even if I could visually identify that a contactless payment terminal was present I didn’t know that it worked. At one point it failed more times than not and it was easier to just not bother with it.

Why not use the app that the retailer made instead of the phone payment app? There are two reasons. The first, is the retailers didn’t have such an app. They were starting development of their systems and blocked other contactless payments while they prepared their own. When such apps were available my personal motivation was that data breaches happen regularly and it is safer to minimize the number of accounts in which personal information appears. Even when an account is closed in the USA retailers may often retain records of the information; it is still vulnerable to a breach after an account with the retailer has been closed.

With that said, I’m hoping to see a shift in how credit cards are handled in the USA. There’s a high rate of credit card fraud in the USA and several times within a year my associates and I find that we must get a card replaced because of data breaches.

 

 

Advertisements

Enabling Development Mode on Samsung Tizen TVs

The modern Samsung TVs run the Tizen operating system. You can develop for these just as you might develop for the Tizen based watches. The Tizen TVs are locked down more than the watch is.  To deploy to a Tizen TV you’ll need to both enable developer mode and will have to let the TV know from what address it will be receiving code. If it receives request from other addresses it won’t respond to them.

On the consumer displays there is no obvious way to enable developer mode. The option is hidden. If you open the apps browser (for seeing what other apps there are to install) you can open the developer mode menu by entering “12345” on the remote. A popup window will show from which you can select to turn developer mode “On.” If you are using one of the commercial displays (SSSP, or Samsung Smart Signage Platform) the method to enable developer mode is more obvious. If you open the TV’s menu there is an option called URL Launcher Settings. The developer mode option is within these settings.

On the consumer devices you’ll also be asked to enter the IP address of the machine from which the development will occur. This prevents other rouge devices on your network from doing anything to the TV.  Here you should enter the IP address of your development machine.

After these options are set the TV needs to be rebooted before the changes are fully applied. you can do this by holding the power button on the consumer TVs for two seconds, holding the power off button on a SSSP display for 2 seconds, or removing the power source from the TV and reapplying it.

After the TV boots developer mode is now enabled. However the mode being enabled doesn’t mean that all of the conditions for deploying code have been met. You will need to generate a distributor certificate also. Samsung has this page with instructions for generating a certificate. In following these directions you will need the the Device Unique ID (DUID). To get this you first need to connect to the TV. I prefer to use the sdb utility that comes with the Tizen SDK. It is located in tizen-studio/tools (adjust this path according to the location at which you installed Tizen Studio). The syntax for connecting is:

sdb connect

Sometimes I have to type the command twice before it takes effect. After the connection is successful open the Tizen Device Manager. You should see the TV connection within the UI. If you right-click on the connection you will have the option of selecting the TV’s DUID. Select this option and copy the DUID to the system clipboard. Keep the DUID on the system clipboard and when it is needed during the certificate generation it will automatically be pasted where it is needed.

If you at some point find that you need the TV extensions, don’t have them installed, and don’t see them in the the package manager you can install them using these instructions. https://developer.samsung.com/tv/develop/tools/tv-extension/download/

Creating a certificate based on the Device Uniuque ID (DUID) is slightly different for the two classes of displays. For the consumer displays a Samsung certificate should be created. For the commercial displays a Tizen certificate should be created. It can be a little confusing with Tizen being a Samsung creation. But you may be able to make better sense of it from another perspective. The Samsung certificate is associated with the Samsung App store. The consumer displays access the app store and the certificate rules for that are different than for apps that have no access to the App Store.

samsungremote

samsungtv