Coin - multicard

Lilu Dallas, multipass . (x / f "The Fifth Element")

Recently, a start-up Coin multicard was introduced on the Internet. According to the creators, its main purpose is to replace all other magnetic stripe cards in your wallets and wallets. Whether it is bank cards, loyalty cards or membership in a secret society.

Coin is an electronic device with a wireless interface for connecting to your smartphone. Also included is a reader for a magnetic strip that connects to a smartphone. With the reader and camera of the smartphone, you translate your real card into a virtual form.
Watch the commercial creators, Coin, Inc. :


You can take a copy with you and leave the original at home. But is it always? Let's figure it out.
')

Advantages:

• the dimensions exactly match the standard credit card (80.5 x 54 x 0.84 mm or 3.125 x 2.125 x 0.033 inch); (figures from the manufacturer’s website - author’s comment)
• can be used at ATMs (!);
• Coin does not display the full card number, owner's name;
• An unlimited number of cards can be stored in the Coin application, up to eight on the device;
• Coin application monitors and warns about the removal of the multicard;
• Multicard Coin blocks the switching of cards when removed from the smartphone;
• the smartphone application will be released for iOS and Android platforms (and the creators promise to think about WP);
• The application protects data with a password and encryption;
• wireless communication with multicard is encrypted;
• cloud storage of map data.

Disadvantages:

• Coin does not support the cloning of EMV (“chip”) cards due to the specific structure (support is possible in the future);
• compulsory instantaneous blocking of the multicard is not provided.

Features:

• Coin set costs $ 100 (on pre-order until December 13 - $ 50);
• when removed for a long time from the smartphone, Coin turns off;
• registration in Coin service is obligatory;
• built-in battery should last for 2 years;
• Multicard should be handled carefully, as with a miniature electronic device and should not be bathed;
• Bluetooth Low Energy ( BLE ) protocol is used.

In the questions and answers on the manufacturer's website there are interesting questions that I would like to consider separately:

Q: What can the Coin application do to protect against unauthorized addition of cards ??
A: The Coin application requires you to take photos of the front and back sides of the card, enter the card data and pass the card through the reader from the kit in order to confirm the compliance of the entered data and data from the magnetic strip. This can not be done without holding a map. As an additional measure, the Coin application will allow you to add only those cards that you own.

That is, the application will compare the registration name (the names are written differently, so it’s better not to check them) in the service and in the data of the entered card? This is interesting. So, at least the last name must be stored in recoverable form.
Oh, it's not for nothing that the developers talk about data encryption during transmission both via the bluetooth protocol and http. Why would you need http if you do not send data to a remote server? And that means your data will be stored on the company's servers. This could potentially cause a leak.

Q: Can Coin be used to steal cards?
A: No. You can add to the Coin only those cards that you own.

see above.

Q: Is it possible to steal information from the Coin multicard?
A: Coin is less prone to data theft using photocopying because it does not contain inscriptions on the surface; as for data theft by copying a magnetic strip, there is no difference from ordinary cards.

Honestly, when it comes to rewriting the card data to some third-party media, I immediately recall the concept of “white plastic” from the world of carders. On which the dumps are written and through which the cashing of the cards whose magnetic stripe is copied goes.

I am afraid that this multicard, in appearance very different from the standard banking product, will cause great distrust.

After watching the video, I was inspired by an interesting idea, but after carefully studying the product, I began to treat it more skeptical. For the technologically stuck United States, where chip cards are not very common, this could be a good option. In more modern Europe, problems may arise (creators also warn about this).
On a number of loyalty cards that I found, there is a barcode and a number, and sometimes only a number. There is no magnetic strip on them, so you cannot hide them in the far box, you will not translate them into electronic form.
Dependence on the charge of the smartphone also does not add confidence. Say you stole a smartphone from you and you bought yourself a cheap phone call ... and that's it.

For information

The history of magnetic stripe cards in the IBM blog.
Greetings from 2010: " Multiple accounts on one card ."
Coin, Inc. OnlyCoin.com