Basically, you install the app on your device, you swipe your debit card, then take pictures of the card. It stores your info. You also swipe your store credit card. Do the same stuff, and it stores the info. Now, when you want to pay, you click until you see the proper card displayed and have them swipe this card shaped device. Personally, I assume I would definitely screw up this transaction somehow if I added multiple cards.
My question is about skimming. See, this device obviously has a way to scan and remember a card. It does have to take a picture of the card to use it according to the website, but given a person attempting to skim your card, wouldn’t they still be able to do it? If a waiter walked away with your real credit card, swiped it through his Coin, took the pictures, then swiped it for your meal and returned it, he would have the card details, right?
I tried reading about this on the site, but all I found was that it wouldn’t be used for skimming because it doesn’t display a card number on the outside, it just generates a magnetic strip. This would prevent skimming for a person taking a picture, but is assuming that the person using it is the victim of skimming, not the one stealing a card number. It then says that it is double safe because it only allows you to add cards you own through the app. Does it only allow cards that show your name on the front? That doesn’t seem so secure.
I’m just curious if anyone has seen any information on how this works.
Technologically, it looks pretty neat. I wonder how they replicate the magnetic strip. Anyone know?
The part that skims the original card, I’ve seen available in other places. I’d imagine those aren’t hard to come by for nefarious types. So Coin doesn’t make anything worse than things already are.
This was also something I wondered about. It says it is a real product, but if you commit to purchase they charge you now but don’t take shipping details, etc.
Years ago, there was a device along these lines for reading digital camera memory chips into your computer – this was before USB was popular (possibly before USB existed). Your camera had little removable memory card. You also had a device that was exactly the size and shape of a little floppy disk (the kind that had the hard plastic shell on them).
But there was no actual floppy disk inside it. The “window” where a normal floppy disk had the disk surface exposed to your drive’s read head had a flat unmoving surface there, and electronics inside that could send electromagnetic currents to spots on that surface to magnetize it momentarily in spots. It was, in effect, like a magnetic tape write head.
So, you took your memory chip out of the camera, and stuck it into a slot in this pseudo-floppy-disk thingy. Then you stuck that whole thing into your computer’s floppy disk drive. The device manipulated the magnetic spots on that flat surface to make it look like there was an actual floppy disk spinning in there, complete with a full DOS file system and all your picture files. The computer thought it was reading a real floppy disk.
I thought it was amazing. So this multiple-personality “magnetic stripe” sounds like the same sort of thing.
To answer the OP’s question, your name is embedded in the magnetic strip. The coin FAQ’s says you can only add your own cards.
Between using OCR to read the name on the front of the card, the name being on the magnetic strip, and telling coin your name when you register the account, only allowing cards that have your name should be fairly straightforward and secure.
aaelghat - that makes enough sense. I really wondered if it only allowed your name or if it allowed variations, etc.
I know I have multiple cards in my wallet that have different names embedded on them, and one with no name, but they are all variations. For example, John F. Kempton on one, Johnathon Kempton on another. Also, my wife has cards that she has had since before we were married, so they might say Julie Markson, Julie Kempton, or Julie Markson-Kempton. I don’t think we ever intentionally changed names on cards, but it just seems to have happened this way.
I think the big reason I was confused was because I misread a different FAQ - I thought they answered about not needing a phone altogether, but instead it is that you don’t need a phone with you for it to work, but you do have to use the app at some point to set it up.
There is a fraud danger from Coin, but it’s not the one the OP is thinking of. A standard Coin will not allow you to easily defraud someone with a skimmed card.
The fraud danger is that there’s no way for the merchant to tell if the electronic credit card thing that’s presented to them is actually a Coin, or is hacked in some way, or is a totally different thing altogether. The concept of a card that holds multiple credit card accounts is inherently prone to fraud, even if Coin’s implementation of it is not.