"In 2011 after buying a pair of sneakers, then a fruit smoothie and noticing a Google Wallet icon on the cash register, Marquis asked the cashier how many people actually paid with their phones. The cashier responded that so far 2-3 people per month were using it...
Immediately the lightbulb went on in Ryan’s mind that there was a significant shift happening in the market from a physical credit card to digital payments. His mind went wild as he dreamed about what the future of digital payments could look like and within a short time after he launched Plastc." [1]
So, after shopping at a store that sells fruit smoothies and sneakers (?), and being told that nobody cares enough about a universal credit card to use the free Google Wallet one, he concluded that the future is a universal credit card that people will pay hundreds of dollars for?
It wasn't going to be so much that, as a card that you could put multiple credit cards on, but that still functioned entirely like a credit card - meaning it could be swiped in vending machines, by waitresses, and everywhere that accepts cards, without the need for an apple pay or google pay or whatever NFC payment hardware.
It's for people that keep multiple cards in their wallet.
Given the shift to chip-and-PIN, which can't be emulated like this -- Plastc claimed they could but never demonstrated it (because it's impossible) -- they were way too late to market with this idea even 3 years ago.
And if merchants are going to roll out new POS hardware they might as well jump to NFC as it leapfrogs cards on convenience. And security, if your device implements tokenization and fingerprints-instead-of-PINs (like Apple Pay and others). Also it's built in to lots of phones and watches now.
I don't know what was promised by Plastc exactly but I assume you need to register your card numbers somewhere (like with Apple Pay) and then when you use your Plastc card to pay (with chip and PIN or not), their back-end issues a payment transaction using the selected card. Am I wrong?
Over here in Europe we have Curve that does exactly that, without the fancy hardware: https://www.imaginecurve.com
Yes, that is not what Plastc was. Plastc was like copying the data from the front of your card and displaying it on a different one (mag-strip included).
Curve has its own card number. The closest thing to Curve here was a card called Wallaby. It somehow redirected charges from one card to another... I think they were getting creative with the processing rules and got shot down. Not sure how Curve does it exactly but I'm skeptical of their long term viability. Either they're similarly creative or they are acting like a merchant and recharging every transaction and eating some interchange. Maybe they get away with that more in Europe where interchange is low but it's still a net loss.
Anyway Plastc was about trying to actually emulate a card. All this has been leapfrogged by Apple and Samsung Pay.
As far as I understand, Curve is viable due to the fact they issue corporate cards (you can see "for commercial use only" on their cards).
Europe has capped interchange fees to 0.2% and 0.3% for debit and credit cards respectively. However, three-party schemes (like Amex) and corporate cards are exempt and charge more. But you're right, I'm not sure how MasterCard is happy with that (since the product is clearly targeted at consumers).
I see, so they're charging merchants high corporate card interchange and then recharging the consumer card. Yeah, that's sketchy. I wonder if they're pocketing the difference.
> Given the shift to chip-and-PIN, which can't be emulated like this -- Plastc claimed they could but never demonstrated it (because it's impossible)
If they'd had a whole lot of market share already, maybe they could have persuaded issuers to provide private keys in some way that could be imported into the Plastc device (which might itself then have a tamper-resistant smartcard processor like the one in the individual chip cards).
Horrible security and wouldn't work for the most secure chip and PIN cards which never share their private key. Apple Pay's approach is better: issuer assigns a unique number to the device along with its own authentication scheme, rather than trying to emulate another.
Yeh, this always seemed doomed outside the US, which in general appears to be ahead of the US for card security. Especially in AU, I don't even really go to bars with cash any more, I just use contactless payment with my card literally everywhere. Coffee, lunch, bars, etc. - pretty much everywhere has paypass/paywave now and has for years.
Even three years ago, the writing was surely on the wall that they were exploiting weaknesses in old tech to pull off their product, so there was an obvious sunset on their ability to operate their core product. Why would they invest in something that already has an end date on it?
Even though I have a contactless card, I still prefer cash because it reminds me how much I'm spending. It's all too easy to tap away $40 several times a month and wonder where it all went.
I found the opposite was true.. Having cash in my wallet meant I didn't know where it got spent (not specifically in bars though, just in general so maybe we're talking about different things).
With tap + debit, I can track all my individual transactions via services like Mint, plus my bank sends me an email on every transaction that happens to my accounts, so I have redundant logging of where all my money goes.
From the looks of it, Bunq is a bank. I didn't see the product you are talking about but I suppose it may be like a payment processor forwarding orders to third parties.
Plastc is a purely technical solution, it has a rewritable magnetic strip so you can copy any card to it, not just payment cards.
You can't do it with chips because chips are designed to be impossible to copy. They have secret keys inside and I don't think card providers are willing to reveal them and weaken their security.
IIRC Chip and Pin uses a challenge-response type set up with public key crypto to authenticate your card with your bank. You cannot clone that, as processing is done on the card - not the reader, and the card never reveals it's secrets.
"To rip it off, someone would have to get into the physical chip circuit and manipulate things to get your bank information. Not only is this level of data surgery really difficult, but it also requires a set of high-tech equipment that can cost north of $1 million."
That's presumably " … cost north of $1million in 2016, rumoured to have been done in 2017 by Bunny with $10 worth of decapping acid and a borrowed STEM revealing implementation details and flaws, then with a demonstrated contactless remote exploit working on a RaspberryPi with a $12 USB TV tuner and a hand-wound antenna at CCC or DefCon in 2018"...
So, not $10 if you needed a borrowed, expensive piece of equipment. It is not possible for most of us to jaunt out and borrow a fancy microscope. That only underscores the "expensive equipment required argument". The contactless payment hack is much more practical, though. (Oh you also need far beyond average hardware hacking knowledge and skill, which itself is generally more difficult to acquire and learn ).
And as for "far beyond average hardware hacking skill", I suspect if you got Bunny Huang, Michael Ossmann, and Travis Goodspeed together and curious - this might well be broken in a single weekend! ;-)
Your link just describes decapping and reading the state of mask programmable PROM. Reverse engineering a secure IC and coming up with an exploit is several orders (like 10) of magnitude more involved.
Great point. So for Plastc to work, all you'd have to do is mail in your card so they can treat it with acid and run it through a scanning transmission electron microscope, destroying it in the process.
I was always bemused about this idea that putting multiple credit cards on a single physical card is some great feature that a lot of people want and would pay money for.
In my experience, having many credit cards is a complete pain to manage, because for each card you need to monitor the statement, set up the automatic payment (or do it manually), change the address when you move, etc, etc, and no sane person is going to want to do that for lots of cards. The fact that it also fills you your wallet is really the least of the problems you'll have.
It's nice to have one card as a backup, and some hardcore churners / points collectors are going to want 5 or 6 cards and use different cards for different categories... but they're real niches, it's not something that a mainstream, mass market consumer is going to want to manage.
I have a Curve card, which is essentially this. I paid for the beta and got a free wallet out of it (a nice Tumi one) and £50 in reward points so overall I've actually profited from it. There isn't a monthly charge (yet). Curve is a prepaid Mastercard that acts as a middle man. You spend, it charges whichever card is currently selected. You get extra benefits like zero fees abroad, cash withdrawals, etc.
There is also a reward program which is OK if you shop at the places where you get points, but it's no different to signing your card up to a cashback program like Quidco. There are a few big names like Boots, Waterstones and B&Q where I go reasonably often. https://www.imaginecurve.com/curve-rewards-web/
The main advantage to me is security. If your card gets stolen, you can revoke it within minutes without worrying about someone having access to your debit card. Because it's linked to the app, you can see immediately when transactions happen. You can do the same with a debit card of course, but it's an added layer of obfuscation.
Originally it was supposed to be an amazing loophole for American Express users. You could spend Amex everywhere including on cash withdrawals and rack up points like nobody's business. Then Amex pulled out, so that was a bummer. A lot of people on HeadForPoints got very annoyed and felt like they'd been suckered in. To be fair to Curve, they compensated everyone.
I believe you can still use it to withdraw cash on credit cards though, so there's still a way to manufacture points spend.
I use mine daily and while it's fine 95% of the time, there have been sporadic occasions where it's been declined. You can't use it at pay-at-pump petrol stations, for instance. It's not reliable enough yet that I can go around with only a single card in my wallet (which sort of ruins the idea of it). It's really useful for traveling abroad though.
So, for reference, I'm a guy who has multiple cards. I have two debit cards and a credit card.
The credit card is a credit card (and I mostly use it for company purchases that get reimbursed).
The two debit cards correspond to two different checking accounts. I have a "main" checking account that my check gets deposited into, and another account that I use for, mainly, online purchases or recurring subscriptions like netflix or anything where I am worried about card security. I transfer money into the account, then make the purchase, never leaving more than a hundred bucks or so floating in the account. That way, I limit my own pain in the event that someone gets hacked or my card gets leaked online - I'd much rather not be able to pay netflix than not be able to pay rent.
At one point, I also had a home depot card when my wife and I were fixing up our house in preparation to sell it.
I have a wallet that functions effectively as my phone case and wallet in one, and reducing the number of cards I have to carry around to - potentially - drivers' license, one payment card, and clipper card would be fantastic.
About a decade ago, I took a sudden flight to a small airport in Colorado due to an emergency at work. When I arrived, I had nothing but a Visa, and a few dollars Canadian.
I was frustrated to find that I couldn't get food or call my work, because Visa wasn't accepted anywhere. The highlight was trying to make a call on a payphone and talking to the operator. When I asked if I could use my credit card to make a call, she listed off MasterCard and a half-dozen credit cards I'd never heard of. "How about Visa?" "No, sorry."
I will forever remember the janitor for lending me his cell phone and getting me out of that mess. After that, I made sure I carried multiple cards.
This. I ride not-particularly-reliable motorcycles. My personal philosophy is to always have access via at least two different financial institutions and their computer networks to sufficient debit/credit funds to get myself and a possibly broken bike home from the most remote place I could possibly end up on a trip.
(I did once end up having a tremendously fun weekend in Melbourne thanks to a broken down bike and a weekend long outage of my then only bank's ATM network - but it would have been even more fun with more than the cash in my pocket and relying on friends for somewhere to sleep until a branch opened on Monday morning...)
On the London transport network you've been able to pay at the barriers with a contactless credit card in the same way as you would use an Oyster card for a couple of years now. It's weird that other transport networks haven't adopted it yet
Such a system has been in use in Singapore for more than 15 years.
Vienna does away with all of this fuss by simply doing random checks, issuing on the spot fines for fare evaders, and not having to manage the expense of turnstiles etc.
I kind of like the barriers, if you are on the station platform, then you have definitely paid. For me, the stations that don't have barriers are more stressful, as you run the risk of forgetting to tap your card (or the tap not registering) and incurring a maximum fare.
In Nürnberg, you can either buy paper tickets from ubiquitous automats or in the local transit app (with a pre-configured credit card or current account). I love it.
Local bus drivers will sell tickets, but there are also ticket validation machines in the middle of most busses. Local trains and subways are trust basis, but I've seen more random ticket checks recently. Ticket checks are more frequent on long-distance trains, but still, no barriers. I have yet to travel on local or long-distance trains in Germany or Austria that aren't trust-based.
Berlin has a similar proof-of-payment system, where there are no physical barriers between the street and train platforms. Most people have multi use tickets; you can buy week, month, or year long tickets.
I definitely prefer the proof-of-payment setup more. London (which has turnstiles) can get crazy backups with people trying to tap into / out of the system, and the Berlin system lets you engineer more convenient and therefore customer-friendly stations -- no need for mezzanines, paid vs free elevators, and the like.
That's what caused me to get stopped by the police my first day in Berlin a few years ago. I wanted to go to a board game store, so I looked one up on Google in the hotel lobby, walked to a u-bahn station, paid a couple euros for a ticket, walked downstairs and got on a train.
And promptly got pulled off the train at the next stop for not paying.
They were very understanding when I explained I had only been in the country about two hours (and showed my passport stamp as proof). They explained that there are machines to punch holes in the tickets... I did think it was strange that there weren't any turnstiles, but I figured, maybe you run into them on the way out or something (and I had only been in a foreign country two hours, everything was strange).
FWIW the police does not perform ticket checks in Berlin. Traditionally it was done by employees of the public transport company and now increasingly by third party contractors.
Some stations in London can be so busy, that they'd need some way to prevent people from overcrowding the platform even if there were no barriers.
It's pretty common for smaller stations near major football stadia to have the barriers controlled manually after big games -- totally open for some minutes, then completely shut until the platform has cleared.
(London used to have a proof-of-payment system on the articulated buses, since you were allowed to board at any door, and it still exists on the trams.)
In London, the barriers automatically charge the maximum fare if you forget to touch in or out of the system. It helps because you can jump the barrier to get into the system but you never know if ticket inspectors/security will be present at the station where you plan on alighting. The penalty for being caught jumping the barrier is significantly higher.
Caltrain (the heavily dysfunctional system serving a minor portion of the San Francisco Bay Area) is similar, but a little less convenient --
Tag in and forget to tag out, you pay the maximum fare.
Forget to tag in, hope you don't get checked. There is no option to tag out without having tagged in. (Although I've seen this happen to someone, and he was just given a warning.)
Get checked without having tagged in, pay $400, which is about 30 times the maximum fare.
Or, looking at it from a different perspective, the fine is maximum fare by definition. Then you can pay the posted fare or decide whether the expected fare based on fine x probability of capture
My dream for something like this is having everything on one card would let you manage the complexity a lot better.
Having one single interface to pay all bills and see spending breakdowns aggregated across all your cards, recommending the optimal order to pay down cards (if you are going to carry a balance).
Then on top of this, automatic fallback in case one card is declined, new numbers for every online transaction (not tied to a single provider).
You could even layer on top a simple scripting language to choose the card to be used for a given transaction. E.g. Use my rewards card when buying gas, but if I've maxed out the points then use the lowest interest card. Or round robin the cards to spread out the balance.
Or imagine a group outing where everyone can all combine into a single virtual card, with the ability to distribute charges however you want on the back end.
There are a ton of cool possibilities available (albeit very challenging to get right). And in theory, many people have at least 2 cards for redundancy purposes. Add in no fee rewards cards (Target, etc) and it will add up even for non hardcore points collectors.
One of the Plastc alternatives, I can't seem to find it now, was a device like Plastc, but also a yearly subscription fee, because they promoted the benefits being that the card would automatically switch between your available cards to optimize rewards.
At a gas station you would use the card that had the best gas points. At the grocery store it would switch to the card with the best grocery points...
I was never interested in it, because I don't really want to manage many cards, but I can see the appeal in it.
This sounds like a genuinely useful technology that will sadly never make it past the Big Credit gods. Card providers seem to make their profits when you're not managing your card usage so intelligently.
> It's nice to have one card as a backup, and some hardcore churners / points collectors are going to want 5 or 6 cards and use different cards for different categories... but they're real niches, it's not something that a mainstream, mass market consumer is going to want to manage.
I don't think this is the case. I think the average person has several credit cards (and is probably in the red on all of them).
On the other end of the spectrum is the financial-savvy user that also has multiple credit cards: One that gives them a gas discount, one for their Costco membership, one for restaurant cash-back, one for general purpose cash-back, one that waives the foreign currency conversion fee, etc.
> one that waives the foreign currency conversion fee
I have a credit card for precisely this purpose (it's also general-purpose cash back). It's not as useful as you might expect -- most places in China that accept foreign credit cards do so only through an agreement with a chinese bank that imposes a ridiculously disadvantageous exchange rate. (But there's no "conversion fee" -- the bank generously bills you in USD. How nice of them.) They don't seem to be able to bill your card in yuan directly even though the card supports it.
On the other hand, my debit card from the same bank that also has no foreign currency conversion fee works perfectly to get cash from ATMs.
Quite possible, but when I checked it was something like 0.5%, more than an order of magnitude better than the "convenience" of having a chinese bank bill your card in USD.
I asked them (my bank) about it, got a response I don't remember, and decided I could live with 0.5%
> having many credit cards is a complete pain to manage, because for each card you need to [...] change the address when you move
Why? I did that once, and it was a huge pain. But the cards work just as well no matter what they think your address of record is. Now I just don't change it.
So you use your old address as your billing address? Aren't you worried about the new resident of your old address receiving official communications intended for you?
In USA, you can file change of address forms with USPS. Any and all financial firms will get that change within a few months, and over that period USPS will forward automatically.
What I don't understand is the need for multiple credit cards. I have a bank card (an EC-card) and I haven't used my credit-card since a month (other than automatic transactions).
Yes you are sensible. But most people are not, they live in debt and shuffle it between the various cards. There are also people that just like collecting these things so they have a wallet full. Five cards should cover the personal, marital and work requirements in debit/credit flavours.
Why would you ever use a EC card instead of a credit card? Credit card companies literally pay you to use their cards. Why turn down that money?
I carry two credit cards because one is American Express and pays me more but fewer places accept it, so I have a backup Visa that pays me a bit less but everywhere accepts it.
A lot of merchants, like small hotels and restaurants, in Germany and Austria flat out won't take credit cards, because of the expense. They often will take EC cards and have the chip-and-PIN readers for it.
Americans never believe this until they've made a frantic run to an ATM after hosting a big dinner out or when they want to check out of that charming Gasthaus in a ski town.
When I first got over here in 2004, Media Markt (large electronics chain) didn't take credit cards, but did take EC-cards.
The EU imposes a maximum 0.3% fee to the merchant for accepting a credit card. This is to avoid any unfair competition between cash and cards, and between poorer people not eligible for cards that get cashback.
The UK used to have cards giving 2-3% cashback, sometimes more, but they've all been withdrawn.
I don't bother with a credit card, since it's one less automatic bill payment and one less statement to check.
I have a card that gets me miles instead of cash. I did the maths and worked out those were better value for what I wanted. Again, they're just free miles and I'm always flying with the airline anyway so I'm never making extra trips in order to spend them.
The genius of the system I use is that I have multiple credit cards (American Express, Visa) but actually they all just feed into the same account with the same bill to make managing them simple.
Pretty much. And 3-4 other, very similar startups- most have ended the same way in failing to get anything to market. Dynamics has been around for a while with a similar product, but B2B sales strategy, though they don't seem to be getting much traction. Cool idea on the surface, but clearly has some fatal flaws. Just funny to me how VCs are willing to fund essentially the same company that has failed multiple times before... though in this case, maybe their VCs actually did the diligence and that's what led them to back out (total speculation).
In Canada most payment terminals have the NFC hardware built in, it's just a question of whether it's actually enabled or not. It's very rare these days for me to see it disabled. I've used Apple Pay a lot and have never used it at a merchant that advertises it - if the machine allows tap, Apple Pay just works. I assume that Google Pay is similar.
Fruit smoothies and sneakers? In Palo Alto, everyone told me the best coffee was at Zombie Runner, which is a running store...? So I guess that could happen.
I was just passing through for a couple of days so never had the chance to try it for myself, ymmv
All I want is an automatic popup on my phone when I approach the register to scan my card details with samsung pay rather than have to slide up apps, use my thumbprint to unlock and wave the damn thing around madly
Currently I use it because of the novelty but it's actually more difficult for me than a physical card
I mean, it could just be a clever allusion to a mall. And spotting a trend and jumping on to monitize is pretty straightforward. He just never found a way to ease the friction, and google pay remains a reletive novelty here. Compare that to china, and you may realize there is, still, an great untapped market for such a service. The failure was not the stupid SV thinking, but inability to execute successfully. Given that Apple, Google, and others have tried similar, it is no huge failure imho.
I don't think I'm wrong in the observation that Silicon Valley hasn't really produced anything notable for about a decade now, unless you count grifting lawbreakers like Uber and Airbnb.
Immediately the lightbulb went on in Ryan’s mind that there was a significant shift happening in the market from a physical credit card to digital payments. His mind went wild as he dreamed about what the future of digital payments could look like and within a short time after he launched Plastc." [1]
So, after shopping at a store that sells fruit smoothies and sneakers (?), and being told that nobody cares enough about a universal credit card to use the free Google Wallet one, he concluded that the future is a universal credit card that people will pay hundreds of dollars for?
Only in Silicon Valley...
[1] http://www.huffingtonpost.com/bryan-elliott/plastc-one-card-...