The amount of technical detail there is approximately 0. What does it do, handle the whole SSL connection directly somehow?
Maybe if they could build it into my laptop
I use Roboform. It saves all my personal, credit card info, passwords, and generates random passwords for all of my online accounts. And saves it all encrypted behind a password.
It saves me tons of typing. I can type my name, address, phone number, birthdate, credit card info in one click of my mouse.
And I don’t have to dig out my credit card each time.
I think password vaults like LastPass can fill out forms with your credit card info.
anything sold via BB&B video is total carapace.
What’s the point?
It fills in a web form for you and hides your own number from you.
This can defend against a keyboard sniffer, but that’s all. I suspect most CC number theft comes from the vendor’s computers.
In addition, you’re only liable for $50 and most CC companies waive that anyway.
So if I buy one of these. I’m guaranteed to lose $30, or not and have a small risk of losing $50.
Bad Woot. What a waste of a day. You couldn’t find a better product to sell?
It has a browser plug in that moves the ssl encryption of the transaction data to the device. The server decrypts the transaction exactly as if it was encrypted by the browser.
The only weak point is if someone were to create spyware that hacked the firmware of the device or made a shim at the USB interface doing a man in the middle type process.
From the product description:
This reminds me of statements made during the installation of Windows XP (and it’s predecessors) where it would broadly claim things like “The Internet just got faster” or “Music and entertainment just got better” – Really? It did? Just like that, huh? LOL
Their software installs a browser plugin that decrypts the card number and injects it into the purchase request.
If someone were to reverse engineer that browser plugin, they’d likely find out how to decrypt the number. A malicious program could just as easily attach to the browser and monitor for all HTTP POST requests, rendering this device completely useless.
It’s false security at best.
I think if I had one of these people would think I was lazy. I would explain to them what it was for and they’d ask, “How hard is it to type in your credit card info every once and a while?”
This thing just smells trouble allover…
I want this as bad as I want to be gropped at the airport…
so, if your home gets broken into this holiday season…
thieves wont only take your wallet, purse, cash, and jewelery…
but they’ll steal your credit cards as well
along with this thing
then goto a public domain, charge it up, send to a PO box and leave you with the headache
card readers have been around forever
but now its “for commercial use”??
Can you actually see your data going down the USB cable, as a slow bright light? (See what I mean around the 1 minute mark in the commercial.) Because I would, like, so totally buy it if it did.
And what does “dynamic SSF” stand for? Dynamic South San Francisco? Dynamic Singapore Sailing Federation? Dynamic Svenska Scoutförbundet? Wikipedia must be broken.
Not likely. Processors that exceed a certain dollar volume must abide by PCI regulations and there are hefty fines for non compliance.
The description states:
“You will never have to manually enter in your credit card information again”
Having to drag your credit card out each time you want to make an online purchase is convenient? Here are some alternatives that are even easier:
Use PayPal. Many merchants now allow the use of this service, which also allows you to never enter your credit card numbers again. Nor will you have to enter the 3 digit security code. Furthermore, the vendor isn’t given your credit card number so you’re safe from having your info stolen by some disgruntled staff at the online store. As far as I know, only PayPal (which is owned by eBay) will have all the info.
Many vendors allow you to save your credit card info into your account. Woot does this, so that you only need to enter the 3 digit security code each time.
I keep an open text file on my computer with my credit card number and other data. Rather than manually entering info each time I shop, I merely copy and paste from the file. Quick and easy! And it’s probably immune from keylogging since the keyboard isn’t used to enter the numbers.
All of these are more convenient than having to drag your credit card out each time you make an online purchase. American Express offered a free home scanner a dew years ago to use with their cards. It was a massive failure. Lots of people ordered it (since it was free) but few people actually installed it. I don’t think this football thingie will get much use except by hackers out to steal credit card info…
Not sure what SSF is, but SSL is secure socket layer, a protocol for data encryption.
My question exactly!
I am yet to see HOW it is done to be able to appreciate it. In fact the above web site has a description that is plainly wrong:
“… the information travels through your computer to your encryption provider, where it is scrambled and then sent to the merchant.”
I beg your pardon, but this is an absurd. Information doesn’t travel through my computer to some third party provider, it is SSL encrypted within my browser.
It may be intercepted by a keylogger, but hey - if there is a keylogger “installed”, it will probably send out enough of your passwords to screw you as it is. Your credit card number will be the least of your problems - one quick call to CC company will usually cancel any fraudulent transactions, and this thing wont protect your online credentials to log in to your CC web site, or bank web site, which is far more dangerous.