The UK's first pay-by-phone retail service launched last week, but based on our experience we won't be dumping our coins and notes any day soon. Orange kindly sent us a Samsung Tocco Quick Tap – a spin-off of the feature-phone Tocco with added NFC to handle the payments. But before we could use Quick Tap to pay for something we …
the odd thing
Is that people are so paranoid about it, it's a shame we can't have a modern payment network like Japan or Turkey, but anyway
"A thief can use your charged-up credit without being challenged – each transaction can be up to £15 and there isn't a limit on the number of transactions. Once that balance is exhausted the thief will get three guesses at the PIN, and will be able to transfer money from the credit card if the PIN is guessed."
where as at the moment a thief could try and guess your credit card pin and have as much money as they like with the same chance of failure, or order stuff online/mail order.
Agree about the paranoia - people seem to just consider the security of a system in isolation, not compared to the alternatives. Sure, a system may carry forward existing security vulnerabilities and perhaps introduce some new ones, but overall is it any worse than what it's trying to replace? I'm not saying we shouldn't continue to strive for security Nirvana, just that we shouldn't spurn progress at the same time.
The really odd thing is that any phone can do contactless payment
SMS messages have been used for payment for 10 years or more. I can buy transit or parking tickets, and even buy cigarettes with a short SMS. The cost is added to my monthly phone bill. I'll give you a clue; the bill is in Euros.
"With the staff repeatedly pressing buttons and us waving the phone in the vicinity of the terminal we were able to complete the transaction within a minute or two."
As opposed to the 10 seconds it would have taken if you handed over a pound coin? If transactions are limited to £15 then payment has to be at least as fast as cash or the system is a failure.
The number of pin codes and passwords that must conform to very strict formulas just to put money on the thing (why would I care if someone else put money on my phone?) also make it unweildly.
But in the adverts...
...for contact-less payment technology the smiling gimp on the roller coaster waving his credit card around without even having to say what he is buying manages it in seconds.
You can't mean that the marketing people have been lying to us can you? That never happens! shame on you for suggesting such a thing.
Do you know the difference between Contact-less cards and RFC Phones.. Clue one has been around ages (is in my wallet) and is advertised on the telly with a guy on a roller coaster, the other has only just launched.
they have to make sure you're not a druggie or crime boss doing money laundering.
And since its on line; they can not demand to see 15 different statements (who the hell has paper statements now days ?) your passport; your birth certificate and a letter giving you permission to put your money in your account from A Blair and G Brown.
Seriously go try put a couple of hundred quid in your bank account - or get a mortgage - it is mind blowingly stupid
why would I care if someone else put money on my phone?
Well, if you're Sepp Blatter, you might have a problem with it.
OK, It's not a problem anymore.
They could have but then the article would have been a little bit dull and I suspect very short....
"We got this new phone tech and decided it was all bollocks and just bought the choccy and fags with some change we had in our pockets!"
Great big buckets of Fail
A tiny big of convenience in return for making my mobile much more attractive to muggers. I won't use it.
Now will anyone help me smash this loom?
Needs to be fast and secure. Or becomes a pointless gimic.
I too can't see the point personally, until we can do person to person payments. i.e. when I owe my mates a tenner in the pub. This can be done with the mobile paypal app and doesn't need all the NFC gubbins.
Adding more value to an already valuable device just seems a bit odd, especially if I've got a pay to wave card.
Use case A:- wave my nfc barclay card at reader, take cookies and walk off.
Use case B:- load app1, then app2, then pin number then, then then wave hope it works, walk away with cookies.
This has to be at least as fast as using a pay to wave card, and not suddenly shift liability to the consumer if a PIN hasn't been entered.
Hopefully the NFC enabled phones will have epic batteries to support the 3G/GPS/NFC/wifi/mp3/apps/etc they will be doing. Or it will be "wave, wave, wave oh sh*t my battery is dead, do you know if there is an ATM anywhere??...."
Dude, where's my NFC?
I still won't be using it.
It's just too risky. £15 may seem like a perfectly acceptable amount for the card companies to lose regularly, but the time and effort I'd have to put in coupled with the costs of phoning up the companies (likely on 0870 or 0845 numbers - so no free minutes) would likely cost me £15 in getting the theft sorted.
Let's be honest, this is aimed more at retailers than punters
It's seriously unlikely that the ability to pay by phone is going to become more widespread than the ability to pay by debit card any time soon, and as far as I can tell the sales pitch here is that retailers can process transactions "faster" and deal with queues more effectively.
I want precisely feckin' *none* of it, because I'd only ever want it tied to something like a 3v card and at that point I might as well just get in the habit of having an emergency tenner stashed in my pocket somewhere.
Can't we just call it 'The Boris Phone'? --
He is their main advertiser, after all.
So I have to answer/use all these after the usual 5 security questions when I call my bank? No Thanks!
"To register a Barclaycard online one identifies oneself with an account number and credit limit, then one has to come up with a username (eight to 16 digits, at least one number) and a password (six numbers, no repetition, no date of birth and no sequences). The card then has to be registered with the Quick Tap payment service, which requires a security word (six to eight characters, no keyboard patterns and no repetition), and another security word (five to 16 characters, as before) followed by a four-number PIN."
...nah just bitch and moan, complian how the ruddy hell you are supposed to remember them and they will always resort to DoB, mother maiden name and postcode.
Solution in search of a problem?
There are a lot of advantages to the collection of bits of metal and printed paper you already have in your pockets.
- Almost universally accepted in the UK.
- No need to register or top up.
- Quick to use.
- Retailers don't need a terminal or to give the bank a percentage.
- You can take payments anywhere.
- Cash doesn't suddenly stop working at inconvenient times. (I'm on my 3rd Oyster card).
- You can easily check your balance.
- Banks and governments dislike it.
... you will need to top-up though.
I think the 3 most popular methods are:
1. Work for a living
2. Become a benefit freeloader for a living
3. Steal it
If i loose my wallet with lots of cash in, its gone. Forever.
I can carry ALL my money in my wallet, on card - which can be transfered to my NFC phone without having to walk to the ATM machine.
If i run out of cash and the local bank is shut, i need to use a goverment tracking ATM machine with my card, which i might as well have used to pay for the think in the first place.
If my NFC app stops working, cash or card still works.
(tin foil hat?)
I'd rather just have an NFC card, or indeed selection of cards, and some excellent banking apps for my phone. I dont see the need to use the phone - becuase not everywhere accepts this payment system you do still need to carry your cards anyway.
And, i'm not sure this payment system is that much quicker than Chip and Pin? The slowest part of the chip and pin system isn't me typing in my PIN, its the cashier typing in the amount, or the machine dialing the bank, etc.
"If i loose my wallet with lots of cash in, its gone."
I don't see why, as long as you don't loosen it so much that it becomes lost.
you could always make sure you tighten your wallet properly before leaving the house.
Waste of time space and energy
I'm bored and tired just by reading all the pointless steps involved in making it slightly more slow and difficult to pay for things by waving my phone at confused staff.
I don't know about anyone else, but I keep my phone in the rough locality of my wallet. Getting one out is, by and large, about as difficult as getting the other out. I think I'll stick with money and debit cards...
.. and wait until your granny tries the same thing, but with her non-NFC-enabled phone! It'll be on Waterloo Station, rush-hour peak, WHS and she'll have a bag of humbugs and a copy of the Peoples Friend. And no money o course ;-)
>>I don't know about anyone else, but I keep my phone in the rough locality of my wallet. Getting one out is, by and large, about as difficult as getting the other out.
I think you'll find that inventory space becomes significant in the later stages of the game...
Oh, what? Where am I?
C'mon now guys!
"One was a chemist, but as we weren't yet feeling ill "
Something for the weekend sir?
something for the weekend?
Er, do you really think that someone who thinks waving a mobile phone around to pay for something is exciting is ever going to get laid?*
*well, until professional ladies start investing in that technology. Until then, only the banks will be screwing you.
Ladies of profession
Where would you wave your phone to pay?
NFC means something different to such people.
Crikey, all that to pay for a cookie? Even if it is a one-off, how much market penetration are you going to get by making people jump through all those fiery hoops?
On the other hand, here's what it takes to top up an oyster card:
Tap card on the reader
Say how much you want to top up
Pay with cash/card + PIN
Tap card on the reader again
Basically, for any process you are trying to get people to use, if the number of steps reaches double digits your process is going to fail.
>>for any process you are trying to get people to use, if the number of steps reaches double digits your process is going to fail.
You are obviously a hopelessly romantic optimist.
People simply don't like change.
I'm sure people had general similar negative feeling about plastic when it first arrived. It will take time, but it will improve and just like plastic consumers will accept it in the long run. But off course there will always be those with their tin hats and money under the mattress :-)
Except that Plastic required some kind of proof of ID
Originally a signature, and then a PIN - both of which were something the legitimate owner of the card was more likely to be able to correctly enter than an arbitrary attacker.
PayWave however can be drained by any attacker who takes the RFID unit (card or phone) - or can get *close* to someone who has one with the charging doodad.
Oyster works through most people's wallets and pockets. So does this system.
However, Oyster readers are neither portable nor useful to most attackers - while PayWave readers are both.
Aside from the obvious theft of the card, a 'dodgy' retailer can trivially wave the reader around to collect money from anybody in range.
Plastic was never this complicated. They took an imprint of the card, wrote the amount, you signed for it, done.
It actually made people's lives easier, while this just brings unneeded complication.
The other thing with plastic cards was that for a long while they were a symbol of status, while this just shows you're some sort of gadget freak.
I guess if they start giving stuff away - like the cookies in this article - it could manage to convince some, but that doesn't seem to be a long term plan and people will just fall back on the simple stuff as soon as it ends.
What do you mean, people don't like change
That loose change in my pocket is perfect for paying for small items such as cookies.
plastic added somthing
pepol could pay for expencive itams with out having to carry large amounts of cash around that where vunrable to being pickpocketed or heavy plastic had some security cash had none
I would have liked to see some form of off switch, to allow the user to disable the NFC in the phone, for this very reason. Such a thing is impractical for cards, but perfectly possible for phones.
That said, I would like to assume that there is *some* form of security involved on the card, and that an ordinary RFID reader can't read a PayWave card/phone. And that the readers are tied to the retailers, so that Visa/Mastercard can go after retailers who misbehave.
Re: plastic added somthing
No idea what you actually said. Love your spelling though!
Best kept separate
By putting money on a separate device (a card), I can keep that card zipped up in the depths of my pocket. If I kept my phone that secure, it wouldn't be so useful. The promoters of this idea clearly understand this, because the amount they let you put on the phone is far less than the amount they let you put on a card. Also, my credit card isn't network-connected or extensible, so I don't have to worry about undocumented "remote cash withdrawal" features in the comedy apps I download.
The kids will love it, though.
I think they missed a trick. If the app was crafted similarly to an identity selector (like the Higgins Project or CardSpace), and provided SAML or WS-Identity hooks it would make life a lot easier. You could attach any identity provider, be it the bank itself, the FCO or Experian. You could then use that identity. The bank could step in as an attribute provider (bank account and/or credit card number), and it would be easier, whilst remaining secure (inasmuch as anything can be these days).
I'm sure you're absolutely correct. But while I'm trying to figure what all that means, will you forgive me if I just continue to use my phone as a phone, and my wallet as a wallet? For me, that's simpler.
A whole family bucket of fail
We have phones - that are used to communicate and we have cash/cards etc that are used for payment. Even though cards are ubiquitous, the admin hassle ("how much is in my account", "who do I call if it's stolen" etc) and security issues mean many still use cash - which is simple to manage, anonymous and secure (if someone steals your wallet full of cash that's all they have, if they steal your cards... well who knows what they could do).
How does this product make either simpler? "register...number of the phone and the SIM identity". . So every time I change SIM cards (sometimes every few months, sometimes twice a day) I have to re register.. and when I change phone? How many of those passwords do I have to carry around in case the thing stops working and I need to call their support line (from a phone that may just have been stolen off me)?
It makes my phone not only more desirable to thieves, but if stolen, I wouldn't even have cash on me to buy another if this was my only form of payment!
Sorry, but embedding the functionality of a credit card in a phone is just bonkers.
I don't get it
Is this because cash is bad because it can't be traced?
Re: I don't get it
No, this is what you get when Banks, Telcos, Hardware manufacturers and Software types get together with a huge development budget to build The Next Big Thing and then realise that they haven't got the slightest fucking clue what it is.....
For the credit card companies, this is about entering the low-value transaction market. They want to make money from this that they weren't making before.
For retailers, this is about reducing (and eventually removing) the requirement to handle cash. It's a pain in the ass, especially for places like coffee shops where transaction values are low and involve a lot of coins.
it's not just a pain for retailers, cash is a cost too as the banks charge them to take it.
Anyway, I think this is great, the simple fact that it didn't actually deduct anything from the balance is a real winner. Presumably the el reg journos are hurriedly trying to find a pub that accepts this form of payment too.
You stalking me?
Jesus, I've worked in those sorts of places for nearly thirty years. Fucking crazy or what?
That's conspiracy theory bullshit. But cash is bad for every business, without them all getting together and conspiring. Even back in the days when we were allowed to use personal cheques (with cheque guarantee cards), most businesses were more than happy to accept them, even though the banks charged them a small premium when paying them in.
If you were a trader, having those cheques stolen was nearly as bad as having cash stolen, but it wasn't very likely to happen because the cheques were made out to you and were worthless to a thief. Less cash in the till means a lower chance of loss from hold-ups, but much more significantly - less opportunity for staff fiddling (which I'd guess is a significant loss for any organisation dealing in cash) and, as a bonus, maybe lower insurance premiums.
The whole credit card system sounds crazy if you don't realise just how expensive handling money can be. But the banks managed to sell the idea to the retailers. We take 5% of your turnover (or more!), and you are relieved of the expense and risk of holding and handling such large amounts of cash.
Cash is dangerous. Cash is anonymous. Cash is virtually untraceable (except with preparation). Cash is anarchy.
Use cash, brothers. Be free.
--- Where's the "The Revolution Starts Here!" icon?
If cash didn't exist, someone would invent it
and we'd be describing it as the best thing ever.
I spent last weekend at a music festival (Primavera Sound in Barcelona) that decided they wanted to be cutting edge and replace cash (or the system of paper tokens they used last year) on the bars with a charged-up account linked to a bar-coded card. The bars had a number of iPads running some kind of POS* app that scanned the bar code and performed an online transaction to charge your account.
The trouble is, it didn't work. I think the bars were all connected together by wi-fi which I reckon worked fine in testing but failed once several tens of thousands of people turned up on site with wi-fi enabled smartphones. Within a few of hours on the first day they'd switched all the bars to take cash and they remained that way for the rest of the festival. (Must have cost them a fortune in lost sales).
For all it's shortcomings (which I guess are mainly linked to cash handling costs and stealability) cash is still really very useful.
*Point of Sale, though I guess the other expansion probably fits too.
- Apple's spamtastic iBeacon retail alerts launch with Frisco FAIL
- Submerged Navy submarine successfully launches drone from missile tubes
- Cache in the Attic El Reg's contraptions confessional no.2: Tablet PC, CRT screen and more
- Pix Astroboffins spot HOT, YOUNG GIANT where she doesn't belong
- Developer unleashes bowel-shaking KILLER APP for Google Glass