The UK's network of 12,000 Post Offices will start accepting contactless payment cards and thus NFC phones by October next year, making it the largest retailer to yet do so. More than 30,000 contactless terminals will be installed to accept pay-by-tap transactions of up to the industry limit of £15. Those account for 60 per cent …
This will go badly sooner than later
I give it less than a year to the first large scale security problem with NFC payments. The associated industries keeps pushing for NFC while the two ISO standards that do exist for NFC make no requirements on the security side of things. As such, it is up to the implementers to incorporate proper security procedures to avoid data interception, man in the middle attacks, traffic replaying exploits etc.
I give it six months, if that.
Regardless of how good the NFC protection itself gets, the underlying concept is flawed anyway.
Any person could take your NFC card/device and use it without any form of authentication whatsoever as many times as they like before the chip is either cancelled automatically or you realise that it's missing.
On top of that, an unscrupulous card reader can charge your card simply by walking past.
Even a scruplulous one can charge your card by accident because your card was too close to the reader when they turn it on.
So while any individual attack might not cost much, attacking becomes trivial and effectively risk-free to the attacker.
I do wonder who eats the cost of a reversed RFID transaction. (Obviously the consumer does eventually in terms of higher prices/bank charges)
you have to tap it and use ur pin After every nth charge,well with barclays.
So, is it lead, or tin foil, I need to line the wallet with ?
"So, is it lead, or tin foil, I need to line the wallet with ?"
What do you use for your hat?
I already use contactless payment with the Post Office
I buy stamps elsewhere (rarely - I don't use them much) and most things can be done online.
As a result I have no contact with the Post Office :D
What's the point
Can't see the point of rolling out contactless payments. Every time I go to a post office it's full of unwashed people picking up big wodges of cash and immediately spending half of it on mobile top ups and fags.
I remember way back when being part of a trial of a similar system. IIRC it was for transactions of up to a tenner and wasn't contactless, but worked on chips like current chip and pin setups. It died at the trial stage because not enough customers were interested in using it.
Waving your card at the terminal without entering a PIN or something similar isn't something I, or I suspect a lot of other people, would be interested in. Who cares if it's "only" £15 quid? That's still quite a significant amount of money to most people and it wouldn't take many fraudulent or erroneous transactions to make for a properly significant amount of money.
What sort of protection are banks and retail outlets offering card holders against fraud or errors? And how easy would it be to prove to the bank's satisfaction that a transaction wasn't genuine in the first place?
I have one of these cards, but I've already told my bank I won't be using it so any transactions on it won't be valid. They tell me that they can't disable the functionality and that they don't offer cards without the feature any more.
I sent my card back!
Two months ago my bank issued me with an updated debit card which had that "rip me off I'm a dummy" contactless payments logo on it. I phone my bank and told them to disable this feature IMMEDIATELY and send me another card which doesn't have that piece of crap built into it. The bloke at the other end agreed that he wouldn't want any tom dick or harriet access to his debit card just because you happened to walk too close to a payment point!
You will need to treat it with the same care as you do actual cash in your wallet. With my contactless card I am liable for a maximum of £50 of fraudulent transactions which take place prior to me notifiying them of the loss. Nothing afterwards.
I got sent 2 of them, one personal debit and one for my business account.
Having checked the antenna position (via putting on into a microwave and burning the antenna through the card...) both my contactless cards have had an accident with a dremel that just happened to slice through the antenna a couple of times.
Barclays say if I want a non-contactless one, I have to have visa electron instead of a full visa debit.
Weirdly neither of them work for contactless now :)
You're missing the point about fraudulent or erroneous payments. We're not talking about the card being stolen.
Erroneous payments could happen if your wallet is close to the terminal when somebody else's transaction is being processed.
Fraudulent transactions could occur if some dodgy git working in a shop were to say put a terminal under the counter. Every wallet hitting the counter could be scanned Probably easier than skimming card details for later use. Many fraudsters prefer to get a lot of card details and carry out one or two small transactions on each. The trick here being that many people won't notice a tenner going missing.
Your being liable for the first £50 means you are effectively unprotected against this type of fraud or error.
@Jon182 - So I have to take *more* care than my cash, then.
I don't carry £50 around with me very often, if ever.
Now you're saying that card is an unprotected £50 personal liability all the time? And you're happy with that?
I do not want contactless payments at all. What I would like is a local post office to replace the three nearest to my home which have closed.
I am so glad I am not the only person that got no interest in this, thankfully my bank have not started to give the cards out around here.
i know you can change or suppose to be able to change the amount of times it can be used without a pin, so if I am forced to have one it will be set to zero.
Coins killed by inflation
I emptied out my pocket, and I have around $4. The equivilant of 1 10c piece from 1970, but now it fills up my pocket and causes holes.
When I was a kid, I could get minimum chips by tapping a 10c coin on the counter. Now it's $3.80, and every transaction involves change.
I don't know whose fault this is, but tap-and-go payment is attractive because the national currency system is abdicating the field.
Who will have access to all your transaction records?
Back to cash then?
No way I'll be using one of these. The insecure chip and PIN is bad enough, I'll be going to the ATM more often i suppose. Oh well . . .