Transport for London (TfL) and TranSys have said they have successfully completed the first technical trials of the combined Oyster and Barclaycard. It amounts to a significant step towards making the Oyster card, currently used to prepay for travel around London, a means of payment for other transactions. Since December, 60 …
Scope creep - never a good thing
A card for charging small-value transactions is a good idea (though with the price of second-rate coffee in some of the chains in London it can hardly be classed as 'small-value') but why Oyster? I wonder how many people top up Oyster cards for their teenagers to make sure they can always get home in the evenings and will find they are paying for coffee, burgers, possibly booze and other stuff?
Will there be an 'opt-out' for categories of purchase and how long before tech-savvy kids find ways of getting round it?
Think again, tfl.
No Oyster issues
Obviously Barclaycard have better systems than TFL, anybody who used an oystercard regularly knows the following conversation.
Deluded customer : Hello I have been charged too much for a journey
Sound of printer and staff mamber sighing
Staff member : You didn't touch out therefore you where charged the maxumum cash price.
Deluded Customer : But this printout you gave me shows I touched out and was charged £2.50 for the journey, and then charged another £4.50 for the same journey
Staff member : You didn't touch out
Deluded customer : But this says I did touch out, & I have been charged twice for the same journey
Staff member : You didn't touch out
Repead ad nausium
Lets wait to see whatever random charges non bank staff have to suffer.
What's so innovative?
What's so innovative about this? How are they on the "forefront of technology"? A system like this has been in place in Singapore for years now, and they even have Visa Credit Cards with an RFID chip built into the card so you can swipe or tap at many shopping outlets, post offices, coffee shops and mcdonald's. The card (which usually stays in your wallet) is tapped to the reader to use on all public transport.
They're even starting cardless payment now using biometrics (fingerprint reader).
Here we go again ...
According to the chief marketing officer of Barclaycard, this contactless hybrid credit card "has all the security and flexibility of a full service credit card."
Um, actually no it doesn't - and I don't think anyone has seriously thought about this. Although it has "chip and pin" validation just like a regular card, the card is contactless, which means that it can be read by a near-proximity radio transmitter/receiver. Regular cards require that they be physically inserted into a reader.
Oyster cards need to be 'touched' in/out at the train station - but this is merely because the gate readers have their sensitivity tuned for that application. A rogue reader can of course have its transmit power cranked up while will allow it to access cards within a metre of two in the same way as the RFID passport crack recently documented by El Reg.
Given the above, just imagine how easy it would be for a fraudster to carry a hidden card reader in their shoulder bag/briefcase on a train attached to a laptop programmed to detect nearby cards and brute-force crunch the pin number of any card it located. Remember that "offline" chip and pin readers are common in situations such as market stalls - this kind of scenario could trivially exploited so that you could find yourself having unknowingly made purchases on your Oyster/Visa while reading your paper on your morning commute.
None of this was any real issue when you could only use the card to buy a £2 tube journey. Now that the scope has been expanded to include other goods and services - it will immediately begin to attract the interest of those who would abuse the system for illicit gain. I sincerely hope the transaction amount will be strictly limited, but knowing Barclays record on combatting fraud I doubt it.
Since it will be a combination of the ***Oyster*** brand and the ***Barclay*** brand, why not just call it the "Oy vey" card !!
.......and then along comes 2.5+ million users making X times 2.5+ million transactions and.............
If the system works much the same as the oyster, unless a pin is required, with the linking of a debit card to a contactless card, wouldn't it be relatively easy to mug someone without actually taking anything physical?
A portable version of the reader is surely a logical advancement and all someone would have to do is walk around and "by mistake" run into a victim. One bip and he's £5 richer or some small fee, without actually stealing something. Hidden in the raft of coffee payments, the transaction likely wouldn't stand out on the statement.
Mirroring the Octopus Card in Hong Kong
"Introduced in 1997, the Octopus card was introduced for fare payment on the MTR, but the use of the card quickly expanded for multiple purposes. The card can now be used to pay fares for all public transport in Hong Kong and to make purchases for consumer products at many stores in the city; it is accepted by more than 160 merchants. Some notable businesses that accept Octopus cards include PARKnSHOP, Watsons, 7-Eleven, Starbucks, McDonald's, and Circle K."
I hope Oyster Card becomes as widespread, useful and popular. If they keep it as simple as Octopus then it might just work and provide some real benefits to consumers.
I can't help but wonder if all the goods you pay for via Oyster will cost nearly half what they would normally, like TFL's services do...
Ken has made a statement.
I heard on the grapevine that Mr Livingston has made a statement:-
"All your transactions are belong to us".
- Infosec geniuses hack a Canon PRINTER and install DOOM
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer