Tweet
Well, I believe that I may have expressed my ire for Chase in the past on this board, and this latest bit of shenanigans is enough for me to totally cancel my account with them. My Chase card is a very rarely touched backup card since i use the USAA plastic for everything... i'm gonna likely ditch them for good over this unless I can get someone to listen and understand their horrid policies.
In the mail today i received and envelope from Chase. There was no notification to me that anything was coming (other than my regular statement, and this was clearly not a statement) and this envelope was marked with the merchant banker's name and return address.
It was a new credit card. There was nothing wrong with my old credit card. My old card wasn't damaged, expired, or in any way unsuitable.
The new card had the exact same numbers (including the CVV code) as the existing card. In spite of this, there were instructions to destroy my old card immediately and replace it with this card.
There was one bit of change, however... this new card is equipped with "blink" technology for contactless RFID communication with point of sale terminals. (i am not nearly as solid on this point as some articles are... is this prox or RFID? i do not know if these circuits are magnetically coupled, etc)
This "new" card did have the requisite sticker on there saying "call this number and your card will be activated" but i wanted to try (given that it was the exact same numbers as before) to see if it would work without calling.
It did.
I just bought lunch at my local WaWa using the blink checkout system. It was goddamn scary, really. The web site "howstuffworks.com" (the first Google hit that i looked at when trying to see what technology this actually is) reports that...
Yeah, unless someone takes the entire unopened envelope to a store before you've even gotten it and spends whatever they wish, leaving you with the mail a day later... totally in the dark about the charges that have accrued.
As Major Malfunction has shown time and time again (and demonstrated this year at Black Hat using this same technology) these sorts of security-related promises from the industry always fail to execute properly in practice.
When i called Chase to complain, a gentleman named Milton informed me of a variety of reasons why they may have sent a new card without my asking, all of which were not valid. (old card expiring, loss of card, new account opened, etc)
In the end, he admitted that Chase is simply sending these cards out to customers because they (the comapny) are just keen on the new "Blink" technology.
Indeed, Chase is pumped up about the whole affair, issuing statements publicly that would typically make the hairs raise on the back of the necks of people who truly understand security...
But then again, maybe there is more to the story. As with all things... when you're curious, just follow the money. There's the matter of a national press release issued by the mega-bank which stated the following...
Bloody pitiful. Will these companies ever learn to stop jamming the latest and greatest new idea down consumers' throats? I suppose they won't, not as long as consumers continue to swallow and smile each time. Well, this is one citizen who won't be taking his newfangled financial toy off to the local trendy shopping plaza to breeze through purchases of overpriced caffè lattes and slave labor Wal-Mart trash. 
In the mail today i received and envelope from Chase. There was no notification to me that anything was coming (other than my regular statement, and this was clearly not a statement) and this envelope was marked with the merchant banker's name and return address.
It was a new credit card. There was nothing wrong with my old credit card. My old card wasn't damaged, expired, or in any way unsuitable.
The new card had the exact same numbers (including the CVV code) as the existing card. In spite of this, there were instructions to destroy my old card immediately and replace it with this card.
There was one bit of change, however... this new card is equipped with "blink" technology for contactless RFID communication with point of sale terminals. (i am not nearly as solid on this point as some articles are... is this prox or RFID? i do not know if these circuits are magnetically coupled, etc)
This "new" card did have the requisite sticker on there saying "call this number and your card will be activated" but i wanted to try (given that it was the exact same numbers as before) to see if it would work without calling.
It did.
I just bought lunch at my local WaWa using the blink checkout system. It was goddamn scary, really. The web site "howstuffworks.com" (the first Google hit that i looked at when trying to see what technology this actually is) reports that...
Originally posted by howstuffworks.com
As Major Malfunction has shown time and time again (and demonstrated this year at Black Hat using this same technology) these sorts of security-related promises from the industry always fail to execute properly in practice.
When i called Chase to complain, a gentleman named Milton informed me of a variety of reasons why they may have sent a new card without my asking, all of which were not valid. (old card expiring, loss of card, new account opened, etc)
In the end, he admitted that Chase is simply sending these cards out to customers because they (the comapny) are just keen on the new "Blink" technology.
Indeed, Chase is pumped up about the whole affair, issuing statements publicly that would typically make the hairs raise on the back of the necks of people who truly understand security...
Originally posted by Tom O'Donnell, senior vice president of marketing at Chase
Originally posted by Chase press release
Comment