A: No. Echo users can only mimic payment cards (debit and credit) registered under their name. Sorry skimmers!"
I'd like to hear more about how this card is designed not to allow skimmers to use it. My suspicion is that the app will, in fact, be easy enough for skimmers to hack so that they can put anyone's card they want on it, turning it into a pocket skimmer for waiters or anyone who can get their hands on a customer's card for a few seconds.
"Q: What happens if I lose Echo? Is it secure?
A: Yes, Echo is secure. You can set Echo Card to lock down when out of range of your mobile app. "
Again, more information would be nice. Is card data stored in encrypted form and decrypted only at the moment of use via a key provided by the app? If so, are keys securely broadcast to the card? Is card info uploaded to the echo card securely for that matter? This is important to ask, since you might wind up transmitting card data on a public channel repeatedly.
There are some pretty big cryptographic concerns here that are completely glossed over. I absolutely would not use this card without knowing more.
Well, if you lose your credit card, it's all right there and unencrypted, readable with any card reader. Any level of additional security is strictly an improvement, though granted this would be losing three credit cards at once.
Do virtual cards like these know when they've been swiped through a card reader? What if they allowed only one swipe when you're ready to make a payment? That way, if someone tries to skim the card, you'd get an alert like "hey, you just gave your card to somebody and it was read twice before they gave it back to you."
Of course, there are a situations where a multi-swipe would be legit, like the register doesn't read the card correctly the first time, or you make a last minute purchase ("you know, I think we will have dessert after all").
Maybe the card could detect the level of perspiration on the swiper's hand and buzz your phone if they seem nervous.
Unless the software that enforces this is compromised. If the iPhone can be jailbroken by hobbyists, you can bet there will be resources greater than the Protean dev team devoted to hacking this device to bypass their checks.
Credit card skimming is big money. A cheap, innocuous device like this could be very interesting.
A: No. Echo users can only mimic payment cards (debit and credit) registered under their name. Sorry skimmers!"
I'd like to hear more about how this card is designed not to allow skimmers to use it. My suspicion is that the app will, in fact, be easy enough for skimmers to hack so that they can put anyone's card they want on it, turning it into a pocket skimmer for waiters or anyone who can get their hands on a customer's card for a few seconds.
"Q: What happens if I lose Echo? Is it secure?
A: Yes, Echo is secure. You can set Echo Card to lock down when out of range of your mobile app. "
Again, more information would be nice. Is card data stored in encrypted form and decrypted only at the moment of use via a key provided by the app? If so, are keys securely broadcast to the card? Is card info uploaded to the echo card securely for that matter? This is important to ask, since you might wind up transmitting card data on a public channel repeatedly.
There are some pretty big cryptographic concerns here that are completely glossed over. I absolutely would not use this card without knowing more.