Month: June 2007

Recently I saw a Smart car parked side on in a bay and thought, what a great idea.  Wouldn’t it be great if he gets to pay less for parking and large car owners get to pay more?  Why not charge for parking by the linear foot\meter or whatever? 

So the general idea is: you mark up the road with a series of stripes asay 50 cm apart. The user comes along and parks their car.  Out they hop and count the stripes that the car covers.  They then go to the meter and pay a sliding parking charge according to the covered stripes.  Some courtesy rules would exist for example to leave two uncovered stripes between vehicles, but other than that the only thing the user needs to check is how many stripes they are covering.

The great thing about this idea is that it’s really easy to charge more for larger cars: the scale could be non linear to act as a deterrent to bring large cars into town.  In general such a system would have a very cheap entry level for micro vehicles, curve to a plateau for average vehicles and rapidly rise for larger cars.

The relatively simple repeating nature of the pattern could be laid down by an automated machine rather then manually,  and the lines need not use more resource (time or material). In fact measuring would be easier as the nature of the pattern is the regular repeating nature. 

As should be obvious, the amount of vehicles which can be concurrently parked would vary with the mean size of the vehicles, but just an average should show that more cars could be parked.

Actually, I think this could work really well.  You just need a battery powered 360, a small TV and your copy of Guitar Hero II.  Look it’s a great idea.  Fortunes could be made here, trust me on this.

It’s not as if there isn’t a precedent set already set: one of the world’s leading Guitar Hero experts, Luke Albigés, performed the original game at a busking session in Leicester Square Underground station.

So go get your 360 mobile and hit some power chords on the street!

It’s becoming clear that credit cards are no longer worth jack in terms of security.  The great new idea of having a verification code which is actually printed on the card itself now seems embarrassingly stupid. Widespread theft of CC details now happens on such a regular basis that we no longer even flinch when we find out that company X leaked 45 million (yes, Million) credit card numbers over a period of 2 years.

Chip and PIN (Depending on who you believe) has made a significant reduction in the fraud rate that takes place in store, but online is still a very scary place to use your CC. Additionally, even bricks and mortar retailers are having trouble implementing PCI compliant payment solutions within the required timescales. So, what can be done?  Well it occurs to me that there are now a number of things we absolutely always have with us, these days.

In terms of what you must have items are wherever you go, the credit card is a given, but the mobile phone is pretty much the most ubiquitous piece of technology on the planet these dyas.  You’re almost as unlikely to go out without your phone as you are without your trousers.

So, when you make a purchase which is NOT chip and PIN protected, Why not send an SMS authorisation code and await confirmation?  Strikes me that this would be a pretty simple step to take? The merchant code on your favourite website would need a change to allow for the presentation of a unique code.  An SMS message pops up with the unique code and all you have to do is send an empty reply.  Bingo.  The fly in the oitment here, is that the Merchant cannot hold the Mobile phone number: The Moby number has to be the one on file with the credit card company.  REalistically, this means that the CC company or Clearing house has to send the text and await the response.  This has to be the case or the fraudster will just stick in another mobile number at purchase time (Meh).

 

All in all, this is a great scheme because it’s out of band: it does not rely on details held on the credit card itself or the merchant network.  In fact, eve the credit card company network is less critical: Even the availability of Credit Card to Mobile mappings would not assist an attacker unless they had the ability to Pwn the mobile phone too.  Effectivly, it’s adding another factor to the authentication process.

 

If we make the (presently flawed) assumption that mobile phones are left strongly secured (i.e. you PIN lock it), then even the theft of your card and phone continues to protect your credit card.

 

An extra benefit is that because any purchase attempt results in an SMS message to the cardholder, the cardholder gets pretty much instant notification of a possible problem.

 

As it happens, this leads onto a question: why don’t credit card companies offer SMS on purchase messages now?  It’s an obvious step for those that want a strong connection with what their credit card is doing.