Coin Card Maker Adds Security Features to Digital Wallet
Addressing security concerns, the Coin card's makers will add some extra features, but they may not be enough to make the device truly safe.
Coin, Inc., the San Francisco startup company planning to sell the Coin digital-wallet device, has announced a series of new features for the device, many of which address security concerns raised by Tom's Guide and other media outlets.
For example, the Coin smartphone app, which interfaces with the Coin device, will now include an alarm that "will alert you" if the Coin device "is being swiped fraudulently when out of your hands." Users can also "lock" the Coin device to one specific virtual credit card.
Security experts had pointed out that a crooked waiter, for example, could quickly "skim" not one, but all, of the credit cards digitally stored on the Coin device.
MORE: 10 Reasons Coin Card Could Be a Security Nightmare
The Coin device can store and play back the magnetic-stripe data of up to eight different credit, debit, ATM or loyalty cards, which the user swipes into a smartphone using a supplied card reader.
In an email seen by Tom's Guide, the Coin company's representatives added a major design change: "Your full name will be printed on the Coin, and your signature will be on the back."
Previously, the Coin had been portrayed as a plain black rectangle with nothing but an LCD screen displaying a name and the last four digits of each stored card, and a single button to toggle among the cards.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
The email also clarified what would prevent a Coin user from swiping in someone else's cards with the Coin-supplied magnetic-stripe reader: "You can only add ... cards that match your personal information stored in the app."
However, the Coin developers haven't resolved the dilemma between security and convenience. The Coin's security is much stronger when the phone is paired with a smartphone, yet pairing it with a smartphone greatly reduces the usability of the device.
For example, smartphone pairing enables a feature that alerts the user and deactivates the Coin device if the phone is out of Bluetooth Low Energy range, generally about 150 feet.
But that feature, if switched on, also would deactivate the device if the smartphone's battery died, leaving the user without access to credit cards or ATM withdrawals.
To that end, Coin's representatives said, "Coin can work without being tied to a phone" and that "you can unlock the Coin from your phone in the event that your phone dies or you are in airplane mode."
But they didn't explain how one could unlock the Coin using a phone that had already run out of juice.
Nor did the email address the looming obsolescence of magnetic-stripe cards. By the end of 2015, most U.S. retailers will have installed point-of-sale card readers designed for EMV or "chip-and-PIN" cards, which contain an electronic chip that's impossible to duplicate.
Such cards are already widely used in Europe, which has abandoned the magnetic-stripe technology the Coin device is based on. Magnetic-stripe cards will be phased out in the United States by the end of this decade.
The Coin company plans to bring the Coin device, which will retail for $100 and have a fixed life of two years, to market in the summer of 2014. Since the initial Coin press announcement last Thursday, thousands of people have placed $50 preorders on the Coin website for their own Coin devices.
Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.