back to article Visa to devs: Please take contents of our wallet

Buying stuff online should be so fast and fun that it resembles the experience offered by first-person shooters, in which as soon as one acquires a tool it is possible to start using it. That's the professional opinion of Greg Storey, head of Visa's V.me service for Asia-Pacific, Central Europe, Middle East and Africa. …

COMMENTS

This topic is closed for new posts.
  1. Don Jefe

    Agree

    Online payments with most small or specialty vendors is hideously complicated and often just doesn't work. 'Error - Correct Error to Continue', I believe it has been the bane of small shops for years and helped Amazon become so large. PayPal works ok but the merchant fees are astronomical and lots of people still don't understand PayPal. A visa solution might be a big deal.

    1. Tom 35

      Re: Agree

      I don't have a problem with most of the small vendors I use, it's the ones that use that crap verified by Visa or the clone that Mastercard uses where you get sent to another site and enter another password to pretend it's more secure if you have to fart around to do anything, that pisses me off. Most often I go to another vendor to avoid it.

    2. Magani
      Pirate

      Re: Agree

      "...and lots of people still don't understand PayPal."

      In my experience that should read "and lots of people still don't trust PayPal."

      1. Equitas

        Re: Agree

        Many of us have indeed been bitten by PayPal. However it has got better over the years and nowadays usually works fairly smoothly and is reasonably understandable.

        There should have been no room for such a company -- but the banks still have no way of transferring money across international borders simply, quickly and cheaply. Credit cards have become dramatically expensive where international transactions are concerned.

        Convoluted "security" questions, passwords, passcodes and who knows what do nothing to endure the credit cards' online systems to the user. And who would trust a bank, anyway?

        I'm still waiting for someone to come up with a really cheap and meaningful system to allow microbusinesses to receive payment by card on a face-to-face basis. It isn't there. And aren't banks the ones with whom the most up-to-date method of communication they'll accept is the fax -- invented in the century for last by one Alexander Bain, a clockmaker from Wick, Scotland?

  2. streaky
    Childcatcher

    VISA

    Need to be more proactive in telling banks to get of their collective arses and ship contactless for a start.

    Literally fighting with my bank to give me one. Basically the only option is to move to the worst bank of them all (Barclays) who are the only ones bothering with proper rollout. Complete joke the payments industry in this country is.

    1. Richard 12 Silver badge

      Contactless?

      You must be American to like the idea of being able to pay for smallish transactions direct from an account with no authorisation or security process at all.

      That's the only place I've seen "swipe'n'nothing" credit card payment, anyway.

      The card is not the account holder!

      I used to think the SciFi stories were silly where people had credit chips that almost anybody (usually the villain or hero) could easily use to take money from random civilians, but now it looks like the banks really do intend to go there.

      1. Anonymous Coward
        Anonymous Coward

        Re: Contactless?

        The internet is forever rife with CARD-NOT-PRESENT fraud.... So really, what's the point of CHIP & PIN?

        I shy from online-shopping due to lack of privacy and security, but its often unavoidable. In 2012 I was on route to the USA and bought online in one go at Amazon.com... CrateandBarrel.com... AerLingus.com. I also bought in-store @ Micro-Centre. I used my long-standing 3Pay dongle for net access.

        The result-- a week later fraudulent transactions from Tiger Airways & Easyjet showed up on my card. I was travelling at the time so cancelling the card and having a new one shipped at my expense was a PITA. I wrote to all four vendors. All denied being hacked, claiming it was my computer at fault. The netbook I used was relatively new and had had little exposure to the wild: no flash, no java, little JavaScript and the latest AVG!

        I was able to cancel the card with ease and no questions asked. This made me suspect that one of the four merchant's payment processors got hit that week. But of course they'd never admit to that as it would lower confidence in the system. That week perhaps millions of cards were exposed at some middle-guy payment firm! We need a reliable option to enter a form of PIN online, but Verified by Visa is no answer!

        1. Anonymous Coward
          Anonymous Coward

          Re: Contactless?

          @AC 12:28 - Chip and PIN is not a card not present technology, it's sort of given away by the name. It isn't and never was intended to stop CNP fraud. Things like CVV2 are supposed to help stop CNP fraud.

          Also, I don't know who your card provider is, but if you have to have the card delivered to you at your own expense (abroad or not) I'd find another. All of mine (Co-op & RBS) will deliver a card in an emergency to anywhere in the world.

          1. Anonymous Coward
            Anonymous Coward

            Re: Contactless?

            @AC 12:47 - 'Chip and PIN is not a card not present technology...'

            I realize that of course. But I was highlighting that throughout the entire evolution of the net & online shopping, Card Issuers never bothered to remove CNP and replace it with something better. Instead they spin C&P as if its a panacea to everything! Thanks for the tip btw, but my host bank is AIB, a bankrupt POS that never offered emergency card services even when they were solvent! They don't even offer one-time-use credit card numbers anymore!

      2. Anonymous Coward
        Anonymous Coward

        Re: Contactless?

        @Richard 12 - Why must he be American? and why do you think that there is no authorisation?

        I can't stand all this American bashing, using "American" as shorthand for stupid is not acceptable in my opinion. This is especially the case if you then go on to make statements about contactless payments which are outright wrong.

        Contactless payments are authorised, the card provides the authorisation and won't allow more than a small amount of transactions to occur without a pin being entered. Normally you won't notice, because you'll typically use an ATM or chip and pin transaction before you use enough contactless transactions. You also then carry on to suggest that people can magically remove money from a contactless card, which is a tedous and incorrect meme often repeated by people who have no idea about contactless or payment processing in general.

        1. Richard 12 Silver badge
          FAIL

          Re: Contactless?

          AC@12:41: You could read the next paragraph: "[America] is the only place I've seen "swipe'n'nothing" credit card payment, anyway."

          Also, this statement is just plain wrong:

          Contactless payments are authorised, the card provides the authorisation
          That's not authorisation, because it's taking money without asking the account holder anything.

          The account holder is the only entity who can authorise money going out of an account. If the account holder didn't authorise a transaction, that transaction is unauthorised by definition.

          By (EU) law, you must be refunded if the bank permitted a transaction without that authorisation.

          So you're genuinely happy that anybody at all can make multiple transactions, each up to %VALUE% (£50?) once they've nicked your card? (Or even without stealing it, instead remotely using the RFID to determine the card number and doing a few CNP transactions until the anti-fraud trips in and blocks it.)

          Leaving you with the fun and games of getting the money back, perhaps bank charges (and even court summons) due to going overdrawn or having cheques, direct debits or standing orders etc refused?

          For most people it wouldn't take many £50 transactions to do that - just one may be enough.

          That sounds like a dangerously foolish idea to me.

          1. Anonymous Coward
            Anonymous Coward

            Re: Contactless?

            @Richard12: I'll concede that you can argue that there is no authorisation, I personally disagree, as there is card based auth, however:

            The cards are not RFID, they are NFC - this is a very important distinction.

            They are not clonable, they don't just give up an account number, there is interaction between the cards crypto processor and the PED.

            The cards do not give up random unencrypted information.

            The limit is typically set to about £15, often lower.

            If your card is stolen, you report it to the bank and they refund you - The law and the regulator both clearly state that a customer must never end up out of pocket in any way.

            You can say it sounds dangerously foolish, but with respect, you clearly don't know much about the subject other than that which has been culled from some of the more conspiracy orientated internet forums.

    2. Anonymous Coward
      Anonymous Coward

      Simple solution for you

      Move to Poland.

      Over here we have the opposite situation, where you virtually can't have a non-contactless card issued. Admittedly it is very convenient, especially since almost every store seems to have a compatible terminal (at least in the cities, supposedly we're No. 1 in the EU by coverage), but I wish the banks would actually educate the users about the security risks.

    3. Anonymous Coward
      Anonymous Coward

      Re: VISA

      @Streaky - Most banks are rolling out on a basis of when your card expires, you get a new one with contactless.

      I just got mine from Co-op, I know that NatWest/RBS are actively rolling out, as I used to work there. I can't talk about others, though.

      1. Joseph Lord
        Black Helicopters

        Re: VISA

        Yes my last debit card came with it VISA Paywave. I think I have successfully disabled it with a Stanley knife cutting a slit on three sides of the chip. Chip still works but didn't work for contactless because basically I managed to sever the antenna.

        1. Anonymous Coward
          Anonymous Coward

          Re: VISA

          You could have just bought a tin foil hat, you know?

  3. Anonymous Coward
    Megaphone

    Guess what Visa?

    Competition is coming, and pretty soon we won't need you or Mastercard or American Express, and your byzantine hidden fees and interest rate manipulation.

    When Storey says Google and Amazon don't understand banking, what he really means is that they haven't yet perfected all of Visa's methods of screwing over customers and businesses alike, all the while running such lax security that one of the most frequent (and easiest) crimes in the world is credit card fraud.

  4. Kraggy
    WTF?

    Er, it's complex because the damned CC companies made it so!

    Do the PR bunnies who write this sort of thing actually use the products they're writing about?

    Fact is, using a CC online was made HUGELY more of a pain when Verified By Visa and the Access equivalent came into being.

    Do those parts of the banking system that foisted that horror upon us know what those propounding this simplified system are doing?

    1. dogsolitude_uk
      Facepalm

      Re: Er, it's complex because the damned CC companies made it so!

      Indeed. I use it so rarely (I'll generally shop elsewhere if I encounter it) I have to reset my password every time. Luckily all I need to do that is my card and my date of birth.

      ...Which means that if your driving license is in your wallet with your card, your password can easily be reset and your card used to complete the purchase.

      The worst thing is you can't get out of it. I tried to ask the bank to remove my card from it, but they told me that Visa insisted on it. I contacted Visa, and naturally they were having none of it. Whenever I've fed back to vendors that sue it about how awkward and insecure it is, they tell me the bank has insisted on it... Etc.

    2. Anonymous Coward
      Anonymous Coward

      Re: Er, it's complex because the damned CC companies made it so!

      Verified by VISA-- fun because of all the inconsistencies. If you buy a trip off Expedia or buy off Amazon with Visa then there is no Verified by Visa... But if you TOP-UP on Vodafone you get hit with VbV stupid duplicate authentication which doesn't work for me anymore because the password is no longer recognised for some reason.

      Sometimes I can reset the password though anyway which seems like a security hole to me.... I wrote to Vodafone and Visa to report various problems with the system and got no replies from either! Vodafone have recently outsourced their support to India so now you get everything read off a script like a automated FAQ which of course is exactly what everyone wants!

  5. BongoJoe
    WTF?

    I have to admit I am struggling here

    The other day I bought some replacement bed linen from an online store. The process was painless and the stuff arrived in days.

    I fail to understand how biying bed linen in a manner which can be likened to a first person shooter experience can be an improvement.

    Would I have to enter the on-line store, hit the deck when another shopper movedsilently by, creep to the bottom of the stairs, find some power ups, shoot the floor assistant in the head, nick his BFG-9000, crab up the stairs, fling a fragmentation grenade towards the Customer Services desk (never a bad option, to be honest) before moving to the haberdshey department and fight off zombies with a chainshow whilst I decided between blue gingham or a Laura Ashley flock?

    1. Anonymous Coward
      Anonymous Coward

      Re: I have to admit I am struggling here

      @BongoJoe

      Excellent stuff! You should have written this article for the Reg!!!

  6. Arachnoid

    Are you sure it wasnt Gangnam style?

    The payment path has gone from full bore[dom] security to swipe it away with zero security.I for one cant see any trust being generated for the end [L]user by this method which seems an easy leap from the consumers pocket to someone eleses just walking down any busy high street pavement.

    As to Paypal they have it easy at the moment having killed off any other competition so charges are higher than they need to be but in a one horse race the jockey is always a victim of circumstance.

  7. Pascal Monett Silver badge
    Flame

    "PayPal [...] has “laid a path for us to follow""

    Oh but of course, which banking company would not like to be able to freeze user accounts without a court order, ignore or refuse to answer questions (or send cookie-cutter answers that answer nothing), add operating expenses at a whim and change the rules (ever more) in their favor when they feel like it ?

    Given that the banking industry has now found a method for getting regular government injections without any effective oversight or obligation to put that money down to help the little guys, I understand clearly what that means when they refer to PayPal as a reference.

    If banks decide that PayPal is a reference, it is time to go back to stuffing mattresses.

This topic is closed for new posts.

Other stories you might like