Like everyone else has said, all the info seems to be very light on technical details.

Based on the iGadget Life review, it looks like the software updates its local database on a regular basis. It seems possible that it could have some sort of special setup with certain merchants to bypass the normal HTML form submission, and actually send some sort of encrypted blob containing your CC info directly to the merchant. This would protect against local keyloggers and some browser security bugs, but the downside is that it would only work on specifically supported sites. Based on their diagram of how it works, it looks like they use some sort of third part Cryptographic Service Provider. That should theoretically be secure, but it is adding one more possible point of failure.

If it simply reads the mag stripe and types your CC info into any form for you, then it's most likely only adding very slight protection against some simple keyloggers. There would be no additional encryption involved, and the only increase in security comes from not manually typing on the keyboard. In fact, depending on exactly how they wrote the software to do that, malware may be able to hook into the software and have easy access to all CC info passing through the reader. Heck, even if it uses the CSP as above, poorly designed software could unintentionally allow malware easy access to your CC info before it gets encrypted.

Unfortunately, I think that for this to be generally compatible, it has to limit just how secure it can possibly be. It seems to be mostly security theater - to the general population it looks like it's safer, but in reality doesn't do much.

I plan to take a look at their software tonight when I have more time. I assume most of the real work is done in the Windows driver, and the Firefox plugin (which should be pretty simple and easy to examine) basically just coordinates some of the web transfer stuff.

K5ING wrote:No thanks. I already have a CueCat.

http://en.wikipedia.org/wiki/CueCat

That's actually exactly why I might buy this. I already have a handful of barcode readers to play with, so now I might add a card reader to my pile of gadget toys.

cbashaar wrote:In for 1

Make a good christmas gift for an Old person.

That's what I was thinking...

Can someone please talk me into getting this for an elderly person or talk me out of it. Does anyone know anyone who uses this and likes it?

So these things allegedly help folks interested in protecting themselves against credit card fraud. Any chance that they might help folks interested in committing credit card fraud?

Not that I'm into that sort of thing, of course. Right?

It is me, or does woot kinda suck since Amazon bought them? I mean, credit card reader? Really? This is just plain bad.

I know I'll get banned for this comment or my comment will get removed, but whatever.

sdc100 wrote:American Express offered a free scanner many years ago for home online purchases. It was so long ago that they had a serial port version. The device was a massive failure. Many people ordered it because it was free but few actually used it. Basically, it did nothing to increase the use of Amex cards, and they wasted a lot of money buying and mailing the thing. Mine is still in the box.

Wanna get rid of it for free ? id be interested in poking around with said device :>

dovy6 wrote:You people know that Federal law limits any fraudulent charges to you to $50? Meaning if you report your card lost or stolen, you are liable for only up to $50, and the card company has to figure out where to get the rest.

It is worthwhile to point out that, while dovy6 is partially correct, this does NOT apply to DEBIT (check) cards or cards on BUSINESS accounts. YOU are fully responsible for the loss in these cases.

db

Skyline350GT wrote:Is it me, or does woot kinda suck...

It's you. ;)

db

I won one of these from ohgizmo back in may (on my birthday, actually). I was planning on just selling it as soon as it arrived, not worth the hassle when you already have secure services like PayPal.

Unfortunately, it never arrived at my door, and the website has not returned any of my messages. Oh well.

this has to be the most pointless device ever... Unless you're setting this up as a POS system so you don't get those "manual card entry" fees, it is pointless. All it does is read the number (and maybe name) off your card and type it for you. That's it. So, unless someone is trying to steal your card info by watching you type or with a keylogger (not likely) this offers no other protection.

curtise wrote:I prefer the Dora the Explorer version of this version...

—Swiper, no swiping! Swiper, no swiping! Swiper, no swiping!
—Oh, maaaan!

Vamonos!
-=C=-

This should be a quality post..

Skyline350GT wrote:
I know I'll get banned for this comment or my comment will get removed, but whatever.

why wait to get banned, why not just leave now? And your comment is still there and you're not banned.. get over it

I must be missing something. What does this do for me? Right now I have keyboard scrambler on my computer, so I feel pretty good entering CC info, assuming I trust the web site.

Question.... Is this 64 bit?

A couple of points:

1. This gizmo is only useful if your computer is not secure. If you have an up-to-date firewall, antivirus, and Windows Updates, then you're fine*.

2. If you use a credit card, your bank can, under federal law, only hold you responsible for the first $50 of fraudulent charges. Most banks, however, have $0 fraud liability, a win for you.

3. If you use a debit card, the banks can hold you responsible for the entire fraudulent amount, however, most offer the same protection as the credit cards ($0 fraud liability). However, if your bank account gets wiped out due to an identity thief, then you may have important bills bounce (water, electric, mortgage, etc) and your bank will probably still hold you responsible for any overdraft charges associated with any bounce due to those charges.

Moral of the story: always use a credit card, never use a debit card (ever!). And even better than this gizmo is getting some decent antivirus on your computer. Let me help you get started:

Microsoft Update
Free online antivirus

* Not to start a flame war, but since 99% of the viruses out there are Windows-only, you're pretty safe if you're using Linux or Mac too.

scifiak wrote:From what I'm reading about this on the product's website, it appears that it's going to accomplish the same this as Roboform.

So if you have a keylogger present, it won't get your CC info because you didn't 'type' it, SmartSwipe will have just filled the forms for you.

I think they just grey out the fields and put a little padlock there to make it look more secure. No software is included, because none is needed, it's just a HID (human interface device) in Windows. As soon as you hit send, it's now encryted by the remote site's encryption. The only issue is possibly having some malware like a keylogger present that is going to catch you physically typing, and sending the info back to the master's remote server/email.

So if you have Roboform on a USB drive, you've got the same thing, only with a hell of a lot more features.

Agree. Roboform is one of the best pieces of software I ever bought. Seems to do what this does - only easier and with more features. This product looks like a joke.

curtise wrote:I prefer the Dora the Explorer version of this version...

—Swiper, no swiping! Swiper, no swiping! Swiper, no swiping!
—Oh, maaaan!

Vamonos!
-=C=-

My 5 year-old just gave you a quality post.

Anyone know if this will work with the the credit card processor interfaces like PayPal and GoPayment?

DoublEE wrote:So is your mother...

Guess that's a complement. Better than his mother being easy.

Bummer, no compatibility with Linux. Anyone ever tried it on Linux?

quantamm wrote:A couple of points:
......

* Not to start a flame war, but since 99% of the viruses out there are Windows-only, you're pretty safe if you're using Linux or Mac too.

+1 :-D

I have worked in Credit Card Acquiring for about 18 years and I am just giving my personal opinion as a person who knows a little about Credit Cards. I am not an expert, just have a lot of experience. Take this advice as you would any other on the internet and do a little research.

This product would protect you if you had a keylogger installed. All this device is doing is reading the card data off the credit card and encrypting it from the point of entry (card reader) and inserting it electronically in the fields on the website. All Credit cards have a shared Magnetic Stripe format (Track 1 or 2 for Bank Cards, Amex, Discover, etc.). This enables the reader to know what fields are present and correctly take Card Number, Expiration Date, and Your Name (name is on Track 1 only, not Track 2) as it appears on the Card. You would still potentially have to enter the Secure 3 digit (4digit for Amex and some Discover cards) number on the back panel (or front on Amex and some Discover) because that number is not stored on the Magnetic Stripe. To get really technical, there are up to 3 Security Codes on a Credit card. One is on the Magnetic Stripe, Second on back Panel (except Amex Discover), and the third is on the Chip if the card has a Chip. All of these Card Security Values are not allowed to match and are derived by 3 different algorithmic methods as mandated by the Card Association (MC, Visa, Amex, Discover, etc.). This product would insure that from the time the card number was entered (swiped on device) until the time it was inserted on the website, it would never be "in the clear", or readable by someone with software inserted on your PC. For our friends that are nervous to buy on the internet, who have a PC that may have a virus or keyloggers, or are not super PC savvy, this product would be great. It would give you a way to securely keep your Credit Card Number hidden. However, if you have something that can read your card on your PC, there is a very high level of chance that it can read your User ID and Password for the sites you use (including the ones you make purchases at). So while this may encrypt your Credit Card on your PC, your User ID and Password for all sites would still be exposed and vulnerable if you have a keylogger. This would make it harder to immediately use your card or get your card number, but someone could still switch mailing addresses and have purchases sent to their address or a "drop".

You should take a look at a free product called KeyScrambler. "KeyScrambler encrypts your keystrokes at the keyboard driver level and decrypts them at the destination application, giving keyloggers "scrambled," useless keys to record." When it sees a sensitive field like User ID, Password, and Credit card data, it makes the value impossible to read. Best of all, it is FREE. There are 3 different versions, but the Personal version is free. It is available for Firefox and Internet Explorer and I use it on all my PCs. It is useful all the time, not just when you are entering your card number and lights up Green when it is securing a field or data for you. Go here for more info on KeyScrambler http://www.qfxsoftware.com/index.html

I would also recommend Microsoft’s free “Security Essentials” for people that do not have Virus protection and use a Microsoft based PC. I use this on my Home PC and it is not very intrusive and my wife and kids do not blindly click “ignore” when a problem is found like some programs. It is free and can be found at http://www.microsoft.com/security_essentials/

I would also recommend using a Real Credit Card, and not a Debit Card or Checking Card that is tied to your Checking account. While they both offer the same level of protection against fraud, it is much easier to live your life if you are not waiting for your Bank to put “Real” money back into your Checking account. A Credit Card is exactly that, a line of Credit granted you. A Debit card is your money in a Checking account that you may need immediately to pay pays and buy food. My $0.02.

This is my own personal opinion and I do not work for KeyScrambler or Microsoft. While this product may work for you and does add a good level of security for your Credit card data, you should still take these small steps to insure your PC is healthly and secure all the time, not just when making purchases with your credit card.

Good Luck!

cleverett wrote:There's a good explanation of the encryption technology behind this device in this document:

http://www.smartswipe.ca/images/stories/site/dynamic-ssl-white-paper.pdf

Pages 4 through 9 explain what types of attacks the device can protect you from, and how this technology does so. It's fairly technical, however, despite being dumbed-down somewhat for public consumption.

Most informative post, ever.

All you doubters just need to see page 8 of the white paper. If the device was implemented correctly and works as the chart shows, it will indeed protect your card information from all forms of malware at the client end-point. Roboform, keepass, passwordsafe are form-fillers and only protect you from keyloggers. This device acts as the encryption layer for the entire order page, but before encrypting it and sending it back through the computer it fills in the credit card information fields. So the card info NEVER enters your computer unencrypted.

It's an implementation of a very clever idea. Even though it's useless for anyone who knows how to properly secure a machine.

grimor wrote:All it does is read the number (and maybe name) off your card and type it for you. That's it.

Do you have any proof of this, or are you just assuming? Their diagram shows that it uses a separate Cryptographic Services Provider and actually sends the CC data a different way.

I'm not saying it's any better or easier, it's just that their info is loaded with lots of buzzwords and little tech info, so there seems to be lots of confusion about how this actually works.

SlackBlade wrote:I have worked in Credit Card Acquiring for about 18 years...

That may be, but you have no idea what you're talking about. You need to read the white paper before writing such a long and pointless essay.

sdc100 wrote:American Express offered a free scanner many years ago for home online purchases. It was so long ago that they had a serial port version. The device was a massive failure. Many people ordered it because it was free but few actually used it. Basically, it did nothing to increase the use of Amex cards, and they wasted a lot of money buying and mailing the thing. Mine is still in the box.

I have one of those too. I connected it once when I first received it and it completely fried the Mother Board. Amex actually sent me a small check--apparently I wasn't the only one... LOL

As a PCI Auditor, I would suggest making sure this is an "approved" device, otherwise you might have to replace it....

gemsgirl wrote:Question.... Is this 64 bit?

According to the manufacturer's website, it will install on either 32-bit or 64-bit systems.

SlackBlade wrote:I have worked in Credit Card Acquiring for about 18 years and I am just giving my personal opinion as a person who knows a little about Credit Cards. I am not an expert, just have a lot of experience. Take this advice as you would any other on the internet and do a little research.

This product would protect you if you had a keylogger installed. All this device is doing is reading the card data off the credit card and encrypting it from the point of entry (card reader) and inserting it electronically in the fields on the website. All Credit cards have a shared Magnetic Stripe format (Track 1 or 2 for Bank Cards, Amex, Discover, etc.). This enables the reader to know what fields are present and correctly take Card Number, Expiration Date, and Your Name (name is on Track 1 only, not Track 2) as it appears on the Card. You would still potentially have to enter the Secure 3 digit (4digit for Amex and some Discover cards) number on the back panel (or front on Amex and some Discover) because that number is not stored on the Magnetic Stripe. To get really technical, there are up to 3 Security Codes on a Credit card. One is on the Magnetic Stripe, Second on back Panel (except Amex Discover), and the third is on the Chip if the card has a Chip. All of these Card Security Values are not allowed to match and are derived by 3 different algorithmic methods as mandated by the Card Association (MC, Visa, Amex, Discover, etc.). This product would insure that from the time the card number was entered (swiped on device) until the time it was inserted on the website, it would never be "in the clear", or readable by someone with software inserted on your PC. For our friends that are nervous to buy on the internet, who have a PC that may have a virus or keyloggers, or are not super PC savvy, this product would be great. It would give you a way to securely keep your Credit Card Number hidden. However, if you have something that can read your card on your PC, there is a very high level of chance that it can read your User ID and Password for the sites you use (including the ones you make purchases at). So while this may encrypt your Credit Card on your PC, your User ID and Password for all sites would still be exposed and vulnerable if you have a keylogger. This would make it harder to immediately use your card or get your card number, but someone could still switch mailing addresses and have purchases sent to their address or a "drop".

You should take a look at a free product called KeyScrambler. "KeyScrambler encrypts your keystrokes at the keyboard driver level and decrypts them at the destination application, giving keyloggers "scrambled," useless keys to record." When it sees a sensitive field like User ID, Password, and Credit card data, it makes the value impossible to read. Best of all, it is FREE. There are 3 different versions, but the Personal version is free. It is available for Firefox and Internet Explorer and I use it on all my PCs. It is useful all the time, not just when you are entering your card number and lights up Green when it is securing a field or data for you. Go here for more info on KeyScrambler http://www.qfxsoftware.com/index.html

I would also recommend Microsoft’s free “Security Essentials” for people that do not have Virus protection and use a Microsoft based PC. I use this on my Home PC and it is not very intrusive and my wife and kids do not blindly click “ignore” when a problem is found like some programs. It is free and can be found at http://www.microsoft.com/security_essentials/

I would also recommend using a Real Credit Card, and not a Debit Card or Checking Card that is tied to your Checking account. While they both offer the same level of protection against fraud, it is much easier to live your life if you are not waiting for your Bank to put “Real” money back into your Checking account. A Credit Card is exactly that, a line of Credit granted you. A Debit card is your money in a Checking account that you may need immediately to pay pays and buy food. My $0.02.

This is my own personal opinion and I do not work for KeyScrambler or Microsoft. While this product may work for you and does add a good level of security for your Credit card data, you should still take these small steps to insure your PC is healthly and secure all the time, not just when making purchases with your credit card.

Good Luck!

You had me at 'I am not an expert'

jomion wrote:Wow! Just today, my daughter was asking me if Santa was gonna bring her a SmartSwipe Credit Card Reader! SCORE!!!

She will need your credit card to use it!

Folks, while this may appear useful, you are not gaining anything in the long run (except the chance to get your credit card swiped by ordering the Woot).

You are not liable for any invalid charges; while they are a pain to dispute, ultimately the larger portion of the problem is for the credit card company. This article is way more verbose about the topic, which really looks at the loss rates of the card issuer. If the card companies really aren't concerned, why should you be?

Are you really concerned about the profitability of Visa/MC/Amex?

OK, something fishy going on here;

• The video is very old, showing a graph with dates only going up to 2008

• The same video has an expiration date of 2010 for the credit card, again dating this thing several years

• If this thing works as stated, the video would be updated

• I have heard of this type of thing, but only very rarely, if it works, then it would be much more popular. sdc100 showed us a similar device 10 years old that never caught on yet was free.

I think all of the self proclaimed experts are looking at this the wrong way.

Whoever wrote the Trojan or malware that is stealing credit card numbers is infecting as many computers they can. They don’t know you or me or are targeting a specific person. If the Trojan works, they get the information and use it. If it doesn’t, then the hacker doesn’t know you or what protection you have.

I see this product as a simple and effective way to shop online. It’s not Roboform typing my numbers in, as that can easily be compromised. I also got one of those dumb AMEX serial port readers and that probably made it easier to get my number stolen.

This CBS News story tells me everything I need to know: http://www.youtube.com/watch?v=ffEyuEMsKn8

It is not likely that someone is specifically targeting one individual. It’s the law of large numbers and lowest hanging fruit.

I plan to use this to move much higher up in the tree.

In for 3.

Who cares if it protects you or not, I just want to swipe my card like the professionals in stores do.

merchant222 wrote:If I understand the product, it adds a layer of protection from key loggers, etc, that can capture your card # before you are able to send it. When you type the number on your computer, it is not encrypted at that point and a keylogger can capture it. With NetSecure, you have some protection against that.

So it seems that the real value of this gizmotron, if it has any, is in entering CC numbers not from your home machine, but while traveling using unknown machines.

Still. As others have pointed out there is a $50 liability limit for the consumer for fraudulent CC use. Most CC numbers are stolen en masse from store servers, not from a keylogger on a computer. This is a solution looking for a problem, not finding one, and thus ending up on Woot, the remains of the day.

InvisiBill wrote:Do you have any proof of this, or are you just assuming? Their diagram shows that it uses a separate Cryptographic Services Provider and actually sends the CC data a different way.

I'm not saying it's any better or easier, it's just that their info is loaded with lots of buzzwords and little tech info, so there seems to be lots of confusion about how this actually works.

No web site I've ever used supports anything other than this device reading the card and filling in a field on the form. While it's super awesome cool that it theory if the website decides to waste time adding support for this one device, it's just not going to happen. So all the "it does this" doesn't matter if no one supports it.

Like it, but wish they had a Mac compatible version.

grimor wrote:No web site I've ever used supports anything other than this device reading the card and filling in a field on the form. While it's super awesome cool that it theory if the website decides to waste time adding support for this one device, it's just not going to happen. So all the "it does this" doesn't matter if no one supports it.

The secutiry occurs on the browser side at the SSL layer not the merchant. No one has to make any changes to their website to use this product. Watch this video:

http://www.youtube.com/watch?v=ffEyuEMsKn8

Anyone know if all the required components run in wine (h/w driver + firefox plugin)? Searches for "NetSecure" and "SmartSwipe" on the Wine AppDB turned up 0 results. Also, would the plugin work with other USB card swipers?

gene69 wrote:The secutiry occurs on the browser side at the SSL layer not the merchant. No one has to make any changes to their website to use this product. Watch this video:

http://www.youtube.com/watch?v=ffEyuEMsKn8

ok, I watched the video, I will admit I was wrong about how it works, BUT I would still have to say it is pointless. It defeated the trojan in the video because it the trojan used a screen shot to capture the page. This could be defeated by simply making the form field a "password" type, granted that would be annoying to the person entering it.

So the device stores your field (cc) information in the popup window until you hit submit... still a pointless device. Your CC info is more likely to be stolen enmass from the merchant than in the transaction.