Australian consumers can now use their Visa cards to pay for small value transactions of $35 or less without entering a PIN or signing a receipt, Visa announced today.

This requires the retailer to actively persue this strategy, but the payment network no longer demands identification for these “low value” transactions. They claim that security isn’t compromised by this. Their logic goes like this:

1. $35 isn’t much.
2. If someone steals your card, they can only obtain $35 worth of goods and services per transaction until the card is shut down.
3. Your card issuer will eventually notice all of these transactions and phone you to make sure everything is okay.
4. The retailer wears the risk of these unauthorised transactions

So what’s to stop your teenager borrowing your card to go buy snacks at McDonalds (one of the early adoptors of this security-flexibility) whenever they’re hungry? The card company’s logic goes like this:

1. $35 isn’t much.
2. If someone borrows your card without your knowledge, they can only obtain $35 worth of goods and services per transaction.
3. The retailer wears the risk of these unauthorised transactions

So why would a retailer run the risk of a month’s worth of Coles supermarket purchases (another early adopter) – which could easily exceed $1000 with one or two purchases a day – being fraudently run up? Because when you compain to your card issuer, they require a police report. The police, being a diligent lot, will follow up these $35 thefts, go to the stores, look at the video footage, realise they don’t know what you look like, come around to your house and compare the picture against you and decide it’s not you. Then they’ll think “How did this person who isn’t the cardholder get hold of the card and the cardholder didn’t notice until they got the bill?” and they’ll suspect an inside job, and ask you if you recognise the person in the video footage. If you want your teenager to have a crimal record with 30+ theft convictions you’ll scream “Sarah! Come here!” and that will be that; otherwise you might stay quiet.

Of course, it might not be your teenage daughter with the munchies; somebody at work might borrow the card from the wallet on your desk to buy lunch when they’ve run out of cash, or friends when you’re out “dining” at McDonalds.

Worse yet is the organised criminals who can easily prove their expenditure is not their own – it was in another state!  Because there’s no motivation to Express Post your card to an interstate confederate for them to have a quick run around with it before Express Posting it back. In short order it can become quite a bill too – at Apple Stores it’s up to $150 without a signature being needed.  These expenditures can be book-ended by legit local purchases, leading the card holder to say “well, I never authorized that, I’ve still got the card, so you figure it out”.  The costs of these thefts, which all the video footage in the world isn’t going to connect to the cardholder, and with some precautions the confederate either, goes onto the general costs of running the retail operation, pushing up prices.

Retailers always had the option of skipping the need to sign for a transaction – be it on their own heads.  So presumably they think that the video footage will reduce the level of experienced loss.

Now, presumably this fraud will cost less than the expenditure saved – assuming a check-out chick costs $25/hour to employ it implies at least 1.4 person-hours are saved per fraud, and assuming a saving of four seconds per transaction, they’re expecting no more than 1 fraud in 1280 transactions.  But I ask: isn’t it better to pay $35 to Aussie Battlers… working Aussie families… our most valuable assets rather than hand over, say $30, to criminals through lax security?

With contactless payments finally with us, there’s even more reason to fear unauthorized transactions, per this video of a guy stealing the identifying information off a smart card:

It appears that in addition to annual fees, international conversion fees, interest charges and so forth, the price of a credit card is the same as freedom: eternal vigilance.

All of this is lovely and academic, but the activity by retailers and card issuers has the effect of turning every card in my wallet into many unchallenged $35 purchases. This acts as a motivator to steal my cards from me.  If my wallet is stolen, I can immediately cancel the cards, so no risk there. So to get at the lovely $35 goodness, the thief needs to stop me doing that – clonking the victim on the head is a good way of preventing reporting. I like my head. I don’t mind spending 4 seconds a transaction to prevent a increase in people getting brained.

The worst part is there’s no way to opt out of this reduced security; I can’t say to Visa: “No, for my card, only pay money when a PIN is supplied.”  It’s forced on everyone. I remember when these PIN things came out, and I was repeatedly assured that they were more secure than a signature, and I could assure them that it wasn’t – the damn PIN is encoded on the mag strip of the card (precisely copied in seconds!), and any fool can see you keying your PIN in. Now another layer of security has been whittled away, leaving… video investigation.

I feel so safe!

Facebook has new simplified privacy options.

Including one for About Me, which it claims “refers to the About Me description in your profile”.

“About Me”? I don’t remember that.

So I went looking in my profile. It was nowhere to be found. I thought maybe somewhere on the Info tab. Nup, couldn’t see it.

Eventually with some clues from someone on Twitter pointing me to it, I discovered it’s invisible unless you’ve set it to say something. Very helpful.

So to find it, it’s under: Profile / Info tab / Personal Information, then if you can’t see About Me, click the Edit button for Personal Information. Only then will it appear.

And just to confuse things, the “Write something about yourself” box underneath your photo in your Profile is different.

Oh lordy. I wonder if this is some kind of joke, or if it’s true?

The Telegraph reports that Google has blurred the image of Colonel Sanders on KFC signs in the UK, on the basis that he’s a real person.

The company says it took the decision because he is ‘a real person’ – despite him passing away in December 1980 aged 90.

View Larger Map

If it’s true, then can I just say: IDIOTS!

1. It’s a cartoon image, not a photographic likeness.

2. He’s been dead for 29 years.

3. What, you think we won’t know who it is? “Hey, who’s that on the KFC sign?” “Dunno, could be any southern American military guy who knows about chicken.”

4. Are they doing the same for cartoons and photos of real people on billboards and the like?

5. How is the late Colonel’s privacy being spoilt if people could see the cartoon image of his face? Hasn’t the horse already bolted on that, given the image of him is up on thousands of KFC outlets all over the planet?

Of course, it could be that the whole story is a crock.

Or maybe they just haven’t implemented their policy (whatever it is) very well.

The reason I offer these two possibilities is that I found this unobscured KFC sign, and this one too, both in London.

Certainly it appears the Colonel in Australia is freely visible:

View Larger Map

If they did institute such a policy in Australia, I wonder what they’d do about other cartoon face logos, especially of people who are still alive. Dick Smith is one who springs to mind, though now I think about it, I think they’re phasing out use of his face on their signs and literature.

Facebook don’t really explain how to restrict some of your information to particular friends, but it’s not hard to do with the new privacy settings.

1. First go to Friends, and if it doesn’t already exist, make a Friends List called Limited Profile. This will be used to limit what some people can see. (You can use multiple lists to have different permissions.)

2. Put the appropriate people into it. (When confirming friends it gives you that option, too).

3. Then go into your Settings / Privacy Settings / Profile. You can customise who you want to see what, and exclude the Limited Profile people from seeing particular information — or have particular people see/not see whatever you want.

Easy.

Those of us in AU who used to frequent Tandy Electronics might recall that they always asked for a name and address — ostensibly for customer service, but in practice to send you catalogues. I had a CompSci teacher in year 12 who refused to provide it; he found it ridiculous to do be asked, especially when buying something like a single resistor.

Raymond Chen writes about this happening at the affiliated Radio Shack stores in the USA, and tells a funny story refusing to give his name.

Finally, a Wireless Skate Speedometer, so now you can know how fast you’re skating. As an added bonus, it’s water resistant at up to 30ft/10m, for when you accidentally skate into a swimming pool.

You have to turn it on and off, because the batteries will only last 300hrs. I can’t imagine that would be hard to do, given where the wheel is – on the bottom of your shoe. And heaven help you if you forget, two weeks later your speedo will be knackered.

Of course, the wheels and bearings wear out, but they thought of that. Just buy your wheels and bearings from them! An electronics company! They’ll also sell you a battery kit, I guess because it uses special batteries or something. Or perhaps because they know you’re going to forget to turn the darn thing off.

They’ve got a big write-up on their site about how pushbikes have the wheel in contact with the ground all the time, but skates don’t, so their computer has to do all sorts of tricks to figure out the right answer. Perhaps hooking up a GPS might have been a better idea?

And of course, you have to consider the privacy implications or wireless transmission of personal data like your velocity…

Yesterday I answered the ‘phone. Because I was home, having a holiday, which is soon to be rudely interrupted by a short working stint, but that’s by-the-by. I could tell that whomever had called didn’t know anyone in the house; the phone’s listed in my girlfriends name. “Hello, Mr [Girlfriend's-name]?” is a dead giveaway that they’ve pulled the number from the phonebook, and immediately puts me on the defensive. Which is why I have no interest in having the phone in my name. I can spot low-life scum a mile away with the arrangement as it is.

Now, the first thing I do when I have a telemarketer on the phone is to get them to tell me who they are. The lass weasled about, talking about a survey. Surveys don’t care about the identity of the respondent; this was marketting. Eventually she said she was representing the Jehovah’s Witnesses, at which point I terminated the call; religous fundamentalists get up my nostril.

Neither Cathy nor I get any telemarketing calls – oh, well maybe we get a couple a year from local gyms. It’s because we’re signed up to the ADMA’s do-no-call list. If you’re not signed up, stop reading, and go sign up now. The local gyms get the line “we only purchase goods from members of the Australian Direct Marketting Association” and they’re taken care of.

So, here we have technology being used for evil. Evil, not only because it’s evangelical fundamentalists at work, but because they claim they’re doing a survey about how people in the local neighbourhood feel about stuff. Because it’s a survey, that would be covered by the Australian Market & Social Research Society, which (they would claim to keep the statistics clean) doesn’t operate a do-not-call list (in spite of the fact that people that don’t want to be surveyed are going to do all sorts of bad things to their stats).

Worst of all, I don’t think there’s much I can do about it, except I remember hearing about a guy who had installed a PABX with and IVR – “if you want to talk to Cathy, press 1 now. To talk to Josh, press 2 now. Pressing 3 now will let you talk at Owen, but don’t expect a cogniscient conversation out of him.” Apparently, in the US, he was getting zero telemarketing calls – which is quite a feat.

Questions:

1. Has the obesity epidemic reached the point where the Jehovah’s Witnesses can’t be bothered leaving the house to recruit souls so that they can, pyramid-sales-scheme-like, go to heaven?
2. Why don’t the Jehovah’s Witnesses tell people up front you’re not going to heaven, even if you convert (there’s only 144,000 spots – what are the chances you’ll be goody-two-shoes-super-converter enough to get in)?
3. Why doesn’t the AMSRS operate a do-not-call list?
4. Why doesn’t the government ban harrassment like this?
5. What can I do to stop this from happening again?

As everyone knows, the web is the best place for finding and viewing high quality pornography in the comfort of your own home. Or internet cafe.

Pornzilla is a collection of tools for surfing porn with Firefox. These bookmarklets and extensions make it easier to find and view porn, letting you spend more time looking at smut you like.

I love the tools including the one that allows you to “… find galleries similar to one you have open without using the keyboard”

They need funding:

“Since nobody has contributed to our testing budget, these tools have only been tested with free porn sites.”

Is it good that they’re being kept off the streets? Perhaps you’d like to give the authors jobs?

When I look at this site, in the Google Ad I consistently get public service announcements, or more commonly, an advert for a Word to HTML conversion tool.

When I looked at this site at Tony’s place, it came up with ads for AFL memorabilia on eBay.

Interesting, very interesting. Tony’s a big AFL fan, and I can only speculate that Google is doing some tracking of sites visited.

Other ad operators such as DoubleClick got flack when they originally started doing that, serving tracker cookies with their ads, building up usage patterns. I don’t recall hearing about Google doing the same thing, but I wouldn’t be surprised. After all there’s thousands upon thousands of sites using Google AdSense now, plus they could track your Google searches (it’s known that they do use a user cookie to keep your preferences). Might be time to trawl through Google’s T&Cs again.

PS. Okay, I just got an AFL ad. Maybe they’re not tracking?