Coin: One card to rule them all

By

coin_device_20_nov_2013Coin got a lot of press last week with headlines like “Is this the future of your wallet?” and “New device combines all credit cards into super card”.

So what is it, exactly? It’s a device can be used anywhere you can swipe a credit card (the form factor is only 0.1 mm thicker than the ISO/IEC 7810 standard) and can store account data for up to 8 different credit, debit, reward, or gift cards. I don’t know anyone that carries around that many cards. But I do have a stash of gift cards at home that never get used because I just don’t go to Starbucks that often, so it doesn’t make sense to keep them on me – I never have the damn things when I find myself at a Starbucks. Coin would presumably solve that problem.

But not this guy's problems.

Users can cycle through the available payment methods through a series of button presses, where the active card is displayed on a small LCD, and users can add new payment methods through the mobile app with the help of a magnetic stripe reader dongle thingy.

The obvious concern is data security. While they assert 128- or 256-bit encryption for all storage and communication, it’s impossible to evaluate the strength of their system without knowing the implementation. Frankly, though, there are already so many tried and true methods for stealing credit card data (e.g. a waitress skims your card when you close your tab) that don’t require 1337 hax0r skillz that Coin shouldn’t shoe-horn unnecessary features into a product for the illusion of security. Unfortunately, they do.

Coin uses a Bluetooth Low Energy (BLE) radio to communicate with the mobile app. This was an excellent design choice in my opinion – the phone needs some way to communicate new payment method data to the device, and a radio allows them keep the physical card self contained and sleek. Now if it were me, I would keep the radio asleep most of the time, creating a radio link only when the phone has data that needs to be transferred – that would be sufficient to solve the original problem of too many cards in a wallet and everyone’s happy.

Instead, the creators of Coin decided to implement the BLE proximity profile, which they use in two ways. First, the mobile app will alert you if the card has gone outside of radio range, e.g. you’ve mistakenly left your Coin at the restaurant or someone’s pick-pocketed your wallet. I’ll admit it’s a neat trick, though I can’t remember the last time I left a credit card somewhere and wasn’t also too inebriated to appropriately respond to an alert on my phone.

coin_alert_20_nov_2013

Second, Coin will deactivate itself if it’s been without a connection to your phone for a user-configurable period of time. They don’t specify whether this is seconds or minutes or hours, but I hope there’s an option to disable it entirely.

It sounds like a decent idea, an attempt to guard against unauthorized use, but think it through: imagine you’ve lost your phone, or you forgot it at home, or didn’t charge it and the battery died. Good luck buying a replacement charger when your Coin has deactivated itself! Or maybe you’ve forgotten the card at the bar. Either the period of time is so long as to be useless against malicious intent, or so short that you’ll have to take you phone with you when you go inside to buy a Slurpee. Meanwhile, it does nothing to protect you from credit card skimmers right under your nose.

This feature fails to solve one problem and creates several new issues in the process. Besides, it’s information security gospel that someone with unrestricted physical access to your device will get all of your secrets.

missed_the_mark

As we learned from the old HTML <blink> element, just because you can doesn’t mean you should.

Another side effect of this design is that now the radio needs to be active all the time, and while the BLE protocol is optimized for low power devices, it still eats away battery life. The creators of Coin estimate the card will have a whopping 2 years of battery life. Impressive, especially considering its size and the fact that it needs to support a radio, display, and other electronics. How is that possible?

Let’s speculate they’re using close to the lowest power BLE configuration recommended by Apple, or one connection event every two seconds. If that translates to 0.5 msec of radio activity every 2.0 sec, and the radio draws 10 mA while active, nothing while inactive, and the other elements of the power budget are negligible, the average current is about 2.5 µA. To achieve two years of battery life, then you need to find a 45 mAh battery that fits this form factor.

I was skeptical, but it turns out that UltraLife sells a 135 mAh primary cell (non-rechargeable) battery that’s only 0.5 mm thick. Damn! That leaves plenty of room in the power budget for swiping the card, operating the display, and more realistic radio behavior. (For reference, the iPhone 5S battery capacity is 1560 mAh, so this is still unquestionably a small, low-power device.)

Interestingly, since there’s no way to recharge the battery, your Coin will be good for nothing more than a bookmark after those two years are up. This brings us back to data security. Everyone knows to chop up their credit card before throwing it away, but is that something your average user would think to do with their Coin? If I found a Coin in the dumpster and hooked it up to a power supply, could I get your card data or is there a “my battery is dying” self-destruct sequence? I would hope they thought through these end-of-life considerations, but end-of-life stuff makes for bad marketing…

coin_death

Overall, I’d say Coin solves the problem of too many cards in a wallet, even if its not perfect. The social issues may end up being the biggest issue in the end – Coin will undoubtedly cause confusion for merchants trying to check your signature and “take all reasonable steps to assure that the card, cardholder, and transaction are legitimate” (from the Visa Card Acceptance Guidelines for Merchants). Retail transactions are typically charged a lower rate by the credit card company than “card-not-present” transactions because these extra steps decrease the likelihood of fraud, so Visa might not be too happy about Coin. Then again, when’s the last time a cashier checked your signature?

The fact is Coin is only a stopgap solution anyway. Eventually your smartphone alone will be sufficient and you won’t need some silly card with a magnetic stripe. If it’s worth $100 to you to not have to wait, more power to you.

{ 6 comments to read ... please submit one more! }

  1. Also, completely useless anywhere outside the US where they issue chip+pin (EMV) credit cards and rarely use the mag stripe. They claim it’s coming in a future version, but I highly doubt it. Credit card companies can’t physically stop someone from skimming and cloning a magstripe (love how the video overlay tells you to only skim your own cards). But you can’t do the same thing with encrypted smartcard data (otherwise stored value smartcards couldn’t exist) and the credit card companies aren’t going to decrypt the data to allow a third party to start cloning their cards.

    The only reason Coin is remotely viable in the US is because it has taken an unusually long time to implement chip+pin there. As soon as chips are widely available and accepted, magstripe is viewed as a riskier transaction form (not as risky as “card-not-present”, but close).

  2. Actually, Coin provides a work around if the card has deactivated itself due to your phone being too far/off. You can enter a “morse code” type pin to reactivate it before use, no phone required.

  3. Great writeup. I pre-ordered a Coin and I’ll totally agree that it’s a stop-gap measure until US adopts new tech. However, I don’t see that happening for another few years. I totally admit that I bought the Coin primarily for the coolness factor. It’ll be a conversation starter, and that’s worth $55 to me. It’s no more or less secure than what we currently have today, since its magnetic interface uses the same technology as every other card, so I am not under any illusions that it will be more secure. You bring up a good point about the social factor of shops potentially not accepting it, but I’ll give it a few months before shops start getting burned and begin implementing measures to stop it. If those few months pass without issue, it’ll be safe to say that Coin is a good solution for what it is.

  4. I gave Coin a lot of grief about their lack of communication with their backers, I’m glad it didn’t get funding as they weren’t the right company to bring this product to market.

  5. Good day! I could have sworn I’ve been to this website before but after browsing through some of the post I realized
    it’s new to me. Anyhow, I’m definitely glad I found it and I’ll be bookmarking and checking back frequently!

{ 0 Pingbacks/Trackbacks }

Leave a Reply to John McLear Cancel reply

Your email address will not be published. Required fields are marked *