Weekend in Paris – With NO cash?!

Hi Everyone,

Those who have read my previous blogs know that I have a more tech related focus on the things I post about. Every now and then though it’s something to do with a personal life experience (such as a gig or sporting event). This post is mixing the 2.

Last weekend was my girlfriends 25 birthday (Happy birthday Kate!). To celebrate, we decided to go for a long weekend in the most romantic city in the world, Paris. We looked forward to eating as many croissants as humanly possible along with some fantastic sights, food and the rest of it. What I personally wasn’t looking forward to was using the € currency. It’s pretty annoying fiddling around with notes and coins in another currency, and with modern technology so readily available I asked myself if it was even required?

So here was the challenge – From when my flight landed to when I departed, not withdraw or spend 1 cent in physical money. Instead, live by my credit card.

Firstly, the financial advantage was pretty obvious. I used a Nationwide Credit Card which has a 0% commission policy on foreign transactions and no charges. This meant I’d get a better exchange rate than any £ to € cash conversion (including “wastage” which is the extra cash you come back with in €). This was backed up my a Nationwide Flex Current Account card which is a debit card containing the same benefits (in case I needed a backup). I also had my NFC equipped phone which, unfortunately, is still pretty useless.

Lucky for me, this task was easier than I thought. All travel tickets for the metro system had machines which took card. All food establishments naturally accepted card. All shops also tended to allow for cards. Some smaller gift shops and coffee shops had a min 5€ transaction requirement which was fine seeing as a few croissants and a couple of coffees would easily reach 12€ in Paris these days (eurgh!)

In fact, even the silly gift shops by the Sacre Ceur took card for a mini Eifell Tower, as well as the Catacombs for the 4€ entry fee! (Which, though rather grotesque, was the most amazing thing I have ever seen in my life…! See the pic below!)

BUT, it wasn’t a complete success! We had a few meals in our short weekend, and one thing was very quickly realised. Restaurants would not take “tips” in the form of card payments. Their machines didn’t ask if you wanted to tip, and due to only being 2 of us, our bills didn’t reach the level where 15% was automatically added. In fact, when I asked one waiter to add on 10% to the bill as I handed me his card, he told me it’s not possible, and soon after waived cash as we left the place shouting “cash” at me…!

The odd thing about that situation is the waiter seemed to be trying to make out I was the ignorant one for not having any cash! I personally believe it would be rather ignorant to expect a customer to carry just the right amount of cash around specifically for tipping purposes!!!! Ok, tourists usually have cash, but what about entrepreneurs who are flying all over the place? Imagine trying to manage the currencies all the time? This is the entire point of having one card that you could take to multiple countries for all payment purposes. Even taxi’s took card!

The service in the restaurants we went too weren’t great anyway – The sound of our english accents seemed to turn even the friendliest of waiters into frustrated people who would rather be looking at their nails than making eye contact, so we didn’t feel too bad about not being able to tip, even if we did offer at every meal. The other issue was the street sellers would be unable to take any form of card payment for small items. I actually question the reason for this? You’ll think to yourself “well, it’s just one guy on a street, how can he take card payment?”. The 2 main options are:

1) Mobile phone credit card processing applications (many IOS and Android apps available to take instant card payments and email receipts)

2) Paypal using a phone or other device

This would allow people who don’t have cash on them to still purchase their items.

Finally, there’s NFC technology as I mentioned earlier. Currently there are several types of cards (Visa, Mastercard, Amex) and 3 types of global accounts (checking, savings & credit). That’s a lot of card types. NFC brings this all together into one device. Your mobile phone. NFC readers are getting cheaper and becoming standard for all modern phones. Put this together with a mobile phone application payment processor, and you could in theory take any card from any country simply by having your phone tap on a pad. People that worry about security should remember that with a mobile phone, someone can perform an incredibly detailed identity theft (due to email & other accounts being linked( which is why you should *ALWAYS* have a PIN code on your smartphone!  Having the PIN protects your identity on your phone, thus in the same way, it would protect your financial details.

In summary, I would count this test as a success. The only failure was the inability to tip the fairly rude waiters we had, so maybe there was some form of higher power dealing with that side of things for me. Cheers big man!

Josh

 

Tweet me @thejsug !

Dangerous Email Scam – Would you give money to a friend?

Hi All,

Due to a new scam  going around and worryingly working quite well, this article is designed to highlight what it is, how to avoid it and also how to recover from it.

Inspiring this post is an email I received from a friend based in the US at around 3am local San Francisco time (conveniently!) It’s a new type of scam/threat that was recently reported on in the London Evening Standard. The scam involves getting into an email account and emailing all contacts a sympathetic request for money due to being mugged while travelling (click images below to see larger version):

Email Scam - Real Example
Email Scam – Real Example

 

What’s dangerous about this scam is the following:

1) The email is personalised, signed from the first name of the person that owns the email account

2) The “reply” email address is an email account setup for this specific scam which uses the same email suffix as your account! For example, if your address is joebloggs729@googlemail.com, it will automatically create an account called joebloggs729@live.com and send all replies to that account. This means the scammer can co-ordinate receiving money from a different email account which looks like the real owners!!!

3) In extreme cases, the reply email address will be the persons original email address but they would have been locked out of their account. This is even more dangerous as the person sending money verifies whether it’s real by emailing to ask!

4) Friends vulnerable asking for help is a great way of getting some quick bucks

The world we live in is actually more friendly and trusting than you may think. According to the Standard post, someone within security in the Armed Forces coughed up over €500 for his friend in need without spotting it was all a bit hoax.

In the case where the hacker gets in and simply emails your contact list, you can see this has happened by looking in your sent mail which will show all the outbound emails. The easy remedy is to email all your contact list explaining whats happened (and of course change your password to something complex! See post on security of passwords..!)

If you’re locked out your account, it’s a little worse. You will need to get in contact with your email provider with legal identification in order to get your account reset as the hackers change the security and recovery options on the account as well.

For more advice please feel free to email me (joshuasugarman@[removethis]gmail.com)

 

 

 

Tweet me @thejsug !

The End of Passwords?

Hi Everyone!

Paypal and Lenovo have just joined Google and others in developing the “post-password” era which will look at modern alternatives to the age old text based password. I wanted to give my thoughts into passwords, the problems and what potential resolutions there are in the future.

Current Situation:

For any website with a login, you require at least 2 pieces of information:
1) Username
2) Password

The username can be hard enough to remember as many websites have their own unique take on what is or isn’t allowed. An email address? An 8 digit username? 15 digit?

The Problems:

If usernames weren’t hard enough to remember, the password field adds another layer of complexity due to the following reasons:
1) Websites have different requirements on what is an acceptable password
2) You should never use the same password for more than one website (if one gets hacked, your entire digital world could be at risk)
3) A password isn’t enough because:

Sums up the password problem nicely. Thanks Splashdata.com!

Nope, even with a username and a unique complex password, this isn’t enough. Google, Microsoft, Facebook and all the major banks now add the ability for two-factor authentication. This is compulsory for banks, though an optional extra for your social media and email sites. This usually takes advantage of a secondary password, and having to remember certain digits within it. I.E “What is the 1st, 3rd and 5th digit of your secret word?”. Alternatively, you may use your mobile phone for verification, an RSA ID tag or a little card reader that generates something called a “one-time password” in order to login.

Tokenguard’s SecureID Password Solutions

That got a little technical, but going back to basics we can see that it’s a difficult process to login to a website, never mind logging into 10 different sites. This means we have some shocking statistics including:

64% of end users report that they have written down their password at least once
Study: Rainbow Technologies Password Survey: 64 Percent Write Passwords Down Compromising Corporate Data – April 28 2003

70% of people do not use a unique password for each Web site
Study: Attitudes and Behavior Towards Password Use on the World Wide Web – October 11 2000

A quarter of Brits forget their online passwords on a regular basis
Study: Microsoft UK Password Survey – November 2 2004

The Microsoft one is the most interesting for me personally. 25% of people on a “regular” basis have to reset their online password. I must have logins for over 100 various online websites, so that means I’d regularly have to reset my password for around 25 of those. What’s more concerning, is I can fully relate to that!

What Paypal & Google Plan to Do:

-Biometrics
-Password Protected USB Sticks
-Embedded Hardware Modules
-Other Tokens

These are the main contenders for the post-password era. Biometrics is an idealists view on digital identification. The best way to login to a site is to prove it’s us based on biological identifiers. In a basic form, this could be a fingerprint scan, though these can be quite easy to replicate for people who do want to gain access. Alternatively, facial scanners are available with the obvious flaws (putting a picture up of the person you’re immitating?), and eye scanners which are intrusive, expensive and uncomfortable.

Alternatively, password protected USB sticks are limited as my phone, nor tablet, have USB ports. Hardware embedding has the obvious problem of losing the device, which leaves us with the final option “Other”.

Google has been toying around with the idea of a ring containing a small NFC (Near-Field Communication) chip which, if present, will allow the user to instantly prove it’s the correct owner of the account. Losing the ring is the obvious concern, and adding other authentication methods on top of this means the process is more complex than systems today.

Google Replace Passwords

Summary & Thoughts:

There’s a lot of talk about the “post-password” era, and authentication is certainly a technical and complex problem to solve. In reality, there is no developed solution to this [INSERT BUSINESS IDEA HERE]. The best possible solution to this would be a master login to your entire digital world, which uses some form of two-factor authentication with your phone or something similar. Most websites are starting to integrate single sign on with Facebook which is certainly reducing the need for so many, but it’s still not an ultimate solution.

Will we see the end of the 8 digit password (With an upper case letter and number)? N0chanc3

As a final tip, don’t write passwords down on paper (or anywhere), use a different password for every site, and use some sort of application such as LastPass to store/remember them all which is a secure password database.

http://www.backgroundcheck.org/your-password-is-obsolete/

Tweet me @thejsug !

Thoughts, Opinions, Life

Get Adobe Flash player