Feeds

back to article Why the Windows Phone 8 digi-wallet is different to the others

Windows Phone 8 will have an electronic wallet, but one which spans the functionality of Google Wallet and Apple's Passbook, and plays nicely with the network operators too. Demonstrating the Near Field Communications (NFC) capabilities of Microsoft's new phone OS Joe Belfiore couldn't demonstrate pay-by-bonk, as he didn't have …

COMMENTS

This topic is closed for new posts.
Silver badge
Windows

In a way NFC also points out a miss...

Owning a WP7.5 device I'm a bit puzzled about the whole NFC communication hype.

Its nice that upcoming phones can now use new tech to communicate with each other, but it also makes me wonder why the current phones never utilized such existing technology for information exchange? For example; being able to send/receive e-cards or contacts using bluetooth... BT used to be relatively decent for that stuff, yet this isn't supported on a WP7 device.

So while I think MS is on the right track here I also think they missed the boat again as well. Now all of a sudden communication is an issue, but like; that has already been an issue for years.

2
0
Anonymous Coward

Re: In a way NFC also points out a miss...

The issue with BT is the pairing (enter code from one device to another, or use default code, but first have to search for devices etc....). One use for NFC, suggested from the early days, was using the NFC tap to initiate a pairing - like it's being demoed now! No need to work out which device you want from a list of 10 displayed on the screen (just physically tap the one you want) and the BT pairing codes then gets handled for you.

0
0

Re: In a way NFC also points out a miss...

Surely the tap part has nothing to do with NFC?

0
0
Anonymous Coward

Re: In a way NFC also points out a miss...

The 'tap' part is entirely the NFC part. Okay, maybe an actual 'tap' isn't necessary, but it's easier to say that than "present the handset to the marked NFC/contactless area on the other device, within the read range of the handset, which may be up to 2-5cm, possibly up to 10cm". Instead "tap the handset on the device" is easier to understand. ;)

0
0
Silver badge

I like the network setup thing

That could be kinda cool.

Am I alone, though, when it comes to an instant distrust of the idea of keeping credit card details, which can be used wirelessly with no pin or signature, inside your mobile phone?

I'm all for device convergence but this leaves me less than thrilled.

3
0
Silver badge

Re: I like the network setup thing

No, you're not alone. There are lots of us who are wary about this sort of stuff. We're called old people. : (

2
0
Silver badge
Happy

@h4rm0ny Re: "We're called old people."

Indeed, furthermore if we are to judge by the degree to which nefarious activities utilising modern tech provide substantial earners for the ethically challenged amongst, we "oldies" are not always simply suffering from not having read the right memo. Our wariness is actually sometimes not without some justification. -:)

1
1
Gold badge
Childcatcher

Re: not without some justification

That justification is usually (someone else's) experience.

Perhaps that nice Mr Gove should make El Reg compulsory in secondary schools.

1
0
Silver badge

Re: not without some justification

It's probably worth adding a bit of information on some of the security measures about contactless payment (or what we expect to be the measures in implementations such as this). For a start, systems like this are in place and in use in places like Japan or China. In some places, people will just walk on and walk off a bus without having to worry about talking to the driver or fiddling with coins. Ditto all sorts of other use-cases. The thing with instances like this is that they are all low-cost items. People are willing to accept the security risk when it might mean they lost £5 or less in exchange for trouble-free experience the rest of the year round. If something tries to charge you £20 or £50, that's not going to go through without you entering a pin or approving it in some way. Similarly, these devices wont allow massive and rapid deduction of small amounts either - so that's not a way round this. If someone follows you round all day and bumps into you every twenty minutes, sure, they might get a larger sum off you. But most people would notice.

So instead, people wanting to exploit this would be trying to skim small amounts off large numbers of people. People are more willing to tolerate this risk than anything that is large scale to themselves. They might rightly point out that they're more likely to lose a physical fiver from their pocket as to get robbed of the same.

The attempt to skim small amounts off large numbers of people is problematic in the first place anyway. For a start, whilst the chance of someone reporting (or noticing) a fiver lost is much lower than them reporting £400 lost, the chance of someone in a hundred victims noticing and reporting is almost a certainty. And once that happens you have a problem. Because this isn't physical money. It is inherently traceable. That loss that someone reported isn't a missing fiver, it's a record of a transaction from them to thee. If you want to steal money this way, you first off have to be able to fool the proximity of the device (possible, but you need to be able to get away with getting your device in a few centimetres of other people's devices repeatedly and potentially triggering whatever security measure they have on that - e.g. a motion-sensor based bump trigger they have to do with their phone by tapping it against the receiver). Even just identifying which users have a suitable and enabled device in their pocket is a technical challenge unless these things become ubiquitous. And once you've done this, you're in a race to get that money out of the receving account and somewhere safe before either someone reports it or (more likely) an automated system notices and raises an alarm.

You need a business account that is approved for receiving funds by some reputable bank. So you're already moving into money laundering to enable you to steal money this way. You need to be able to get the money from that account quickly. And the limits on the amounts people can transfer this way without PIN or similar are low so the quicker you acquire money, the faster you set off alarms, get the account frozen. And then if you want to do it again next month, you'll have to be trying to set up a new approved receiver, etc.

The main scope for abuse of this is a legitimate seller of a service over-charging people and hoping they don't notice. But someone will and at that point it's quite easy to reverse the process and give the money back to everyone who was overcharged. Much more feasible than tracking down a few thousand visitors you had to your bar / shop / train / whatever over the course of the past year and each giving them their £2 back. And thus much more likely to be forced to do it (plus any applicable charges).

And when all that is done and taken account of, banks and credit card companies will want to use this system because it leads people to think less before spending so they will happily absorb these low risks by guaranteeing to cover your losses if there's a problem, just as they do with credit cards and for the same reason. What does MasterCard or Visa care if they have to cover the occasional small loss? If they didn't provide this service, people would move to someone who did. and in the meantime they'll rake it in. And they'll happy crash down from a great height on your behalf upon anyone who uses this system to defraud you.

Although I instinctively distrust this system because it rings all sorts of alarm-bells, on a society-level, it's probably fine and safe and the individual risk is low. It might even be safer if it means a mugger has to be a professional money launderer in order to rob you (or else march you to the shop to buy things for her). I'm more personally concerned about privacy implications than security. Which gives me small relief in seeing that MS are partnering wth your choice of backer rather than, e.g. Google with GoogleCheckout or a proprietary one with Apple. Or (Hell no!) PayPal. It looks like you'll be able to use or not use which you want. And I'd prefer doing business with a company that just wants my money up front, than think they can make money off my data.

6
0
Bronze badge
Thumb Up

Re: not without some justification

it rings all sorts of alarm-bells

As I started reading your comprehensive post, my first thought was that the phone could make a nice loud "ker-ching!" sound every time a cash transaction takes place.

2
0
Anonymous Coward

How long before the bad guys put a stop to this?

I am sure that this will be another attack vector that the malware generators will utilise ASAP.

Hey buddy wanna load my businesscard into your phone?

Blam. suddenly you have some untrusted 'stuff' on your phone. Who knows what nasties said business card may contain?

Exchange business cards with someone and suddenly you could find that you have kiddie porn on your mobile.

How long before some idiot of a Gov Minister gets his phone hacked like thins and all the phone numbers of his call girls (sorry other ministers) are sent to the press?

How long before business lock down their phones to stop this? Not long I'll wager.

2
0
Silver badge

The problem with operators

Knowing Orange France, I would be a little worried about

* I would have to pay for this service. ( This is a presumption on my behalf)

* Support when payment transaction problems arise. ( Who would I contact, the Telco, Microsoft ; Visa, Mastercard, the shop owner) ?

* Being locked down to an Operator only SIM card and possibly long term contracts.

* The "inevitable administrative problems" when trying to change operator.

* Network unavailability.

* Orange is kind of a state owned affair.

( Some, if not most of these problems, would also apply to other operators)

1
0
Anonymous Coward

Put networks in charge of your money....is this a joke?

Of course the network operators want to gain more control over their users ! Just think what might happen if your security is locked into the same system as your phone contract ! This absolutely must NOT be allowed. to happen.

Has everyone already forgotten how difficult it used to be to switch operators - and how long it took to make this a more streamlined process?

1
0
Anonymous Coward

Re: Put networks in charge of your money....is this a joke?

"Has everyone already forgotten how difficult it used to be to switch operators - and how long it took to make this a more streamlined process?"

No, and the authorities are unlikely to allow a reverse of the situation.

0
0

Hey if RSA can be hacked and encryption seeds taken then how much easier a device in your pocket. I agree using a technology for bump payments that is also used to swap info with others bring up a whole new pick pocket trend where all they have to do is walk into you not actually get their sticky fingers into your pocket makes me a little nervous about the tech.

0
0
Silver badge

I own a WP7.5 device (Nokia Lumia 800).

I've read WP8 cannot be installed on it.

My next phone will be Android.

2
2
Facepalm

WP8 can't be installed on my iPhone4 either, my next phone will be a WP8 phone.

6
2
Gold badge

That solution seems to come in two flavours.

You can either choose your handset very carefully and hope that its makers current commitment to upgrades continues in the future.

Or you can end up like one of my collegues, running a port of a later version actually aimed at a similar handset, that makes the Assyrian Empire look stable.....

0
0
Silver badge

"I own a WP7.5 device (Nokia Lumia 800)."

Just upgrade to WP7.8. It will be almost the same as a WP8 device. Most Apps will be compatible. It's a lot less fragmented than Android market, isn't it?

2
0
Silver badge

Everyone with an 800 will get WP 7.8, which is the shell and some default applications from 8.0 ported back to the 7.x release. ( http://conversations.nokia.com/2012/06/20/nokia-at-the-windows-phone-8-unveiling/ ).

If you want to try it, then Nokia have stated that you will be able to install 8.0 at your own risk on the 900 models (which is pretty much the same spec as the 800), but performance may suffer and you won't get official support.

Not much different to the situation you'd be in with Android, to be honest.

3
0
Thumb Up

Your comparison with the Assyrian Empire is just great

0
0
Anonymous Coward

Microsoft changed from an embedded kernel to a desktop kernel for WP8. If they did provide WP8 for your phone it would be slow and unusable.

You will get some of the benefits on WP8 with WP7.8.

If you want a long period of official updates for free then iPhone is where you get the most. 2 years typically.

Android vendors are typically worse than Microsoft and Apple, but you can at least install some 3rd party firmware.

2
0
Silver badge

What the ....

"Having given up on getting a cut of the transaction fee the mobile operators are now hoping ..."

Why should the telco operators expect to get a cut of transactions? That would be like UPS getting a cut of the value of the contents of any parcels they delivered. Keep them as dumb pipes because they have a difficult enough job doing that properly.

2
0
Silver badge

Damning by faint praise

Windows Phone 8 provides a consistent interface, not a competing service, and that could be as critical as any other feature Windows Phone can boast.

Nicely done, Bill, tucked down at the bottom you point out that Windows Phone 8 does little to suggest that it will be any more successful than Windows Phone 7. Plus, it's still vapourware, while Google is already out there gaining experience and signing up customers. Apple, meanwhile, is pressing ahead with its own NFC-free, gatekeeper system. Again, gaining experience, educating punters and acquiring customers.

While I'm a great fan of NFC for all kinds of things, I reckon that payment by NFC is a bit like the new videophone: touted by all kinds of vested interests but greeted with a shrug of the shoulders by consumers. I'm sure I'm not alone in thinking that, as soon as my wallet is my phone, it's even more likely to be stolen? I like paying the banks to provide reasonably secure infrastructure: cash machines, payment terminals, etc. It means I don't have to assume the responsibility for securing them myself.

1
3
This topic is closed for new posts.