Apple preps summer bonking bonanza for Brits People of Blighty rejoice for you will soon be able to bonk with Apple - the contactless mobile payment service is reportedly landing this summer, or to be a little more precise in two months time. The launch of Apple Pay is expected to be touted about at this year’s worldwide developer knees up on Monday, or so says The …
This post has been deleted by its author
It'll be interesting to see if we have the same issues here as the US has had. I suspect that many of their issues were due to both chip and pin and contactless being deployed as new technologies. Since we've had both for many years we should in theory see fewer problems as it's a more tried and tested system here.
I beg to differ. The banks must trust it somewhat as the limit is to be increased in September of this year to £30 - see here --> http://www.theukcardsassociation.org.uk/contactless_merchant/contactless_limit.asp and here --> http://www.nfcworld.com/2015/02/09/334045/uk-to-increase-contactless-transaction-limit-by-50-percent/
The latter article also quotes the massive growth in use of NFC as a method of payment. At least the Apple Pay technology requires a finger print, a bog standard card just needs tapping. Now if they upped the limit a little more so I could fill my petrol tank with a "tap"...that would make life easier.
This post has been deleted by its author
I beg to differ. The banks must trust it somewhat as the limit is to be increased in September of this year to £30
That's still entirely trivial to what a normal card transaction is. I suspect it's less about the risk and more because the banks have to see enough debt to get an ROI on this new technology. That banks impose a limit *at all* tells me enough about how safe they think NFC is.
"Now if they upped the limit a little more so I could fill my petrol tank with a "tap"...that would make life easier."
Considering the time it takes to fill the tank, a few extra seconds to insert card and type the PIN is not really an inconvenience at a "Pay At The Pump". My fill is £50-£70 a pop so the bonk limit has a way to go before it reaches a usable limit for fuel payments.
Sigh... the limit is currently 20 quid, and no, repeated transactions aren't possible, it will do a small number (for example 3) and then need a PIN if a qualifying PIN transaction hasn't since happened anyhow, and in any case liability is limited.
This myth that never ending transactions can happen is ridiculous.
So you doink for your Oyster, doink for a newspaper, doink for a sandwich from your shop, and then you have to go find somewhere to tap in the PIN anyway? Anyone who uses it for the intended purpose ends up having to put in a PIN every day? Anyone who doesn't even know their card does it doesn't? That's the wrong way around.
Not at all sure what you're saving here, except for a fraction of a second, at the risk of £60 (soon to be £90) of unauthorised charges.
The question is not what happens if you lose the card (but, generally, in that case unless you know the PIN you can't withdraw from ATM's or charge it in shops or even use it most places online - and those you can you won't be liable for because they failed to check your details and/or shipped to an unauthorised address anyway), but how easy it is to fake / force a transaction.
Doink to the card is inherently insecure. Work briefly anywhere there's a doinker, order a replacement doink-device, strip it down, walk around London bumping into people (or, as demonstrated, site it somewhere inconspicuous and have it point down a road - you can power up the RFID coils in the cards remotely and just snatch the transaction out of the airwaves as normal for doinking). If you have a brain, make it charge the people who stop / look / visit the shop it came from on a 1/100 basis, so it disguises as just an accidental / double transaction, if they notice that they didn't buy a sandwich on Monday at all. By the time people catch on, you can have stripped the account and been long-gone.
Doink to the phone isn't any more secure but - actually - if the phone is software-authenticating your fingerprint then the software has the ability to authorise a transaction. Although modern devices are FAIRLY isolated, there are by no means perfect. It's like storing your credit card number on your desktop - in theory it should be secure, but it's not really the kind of thing you want to be doing.
First thing I turned off on my phone was RFID (because I could doink and get info from my card from 20cm quite easily - not the sensitive info as it's all encrypted but it's ONLY the encryption that stops that, the capability to have reader hardware that ubiquitous is scary in itself, but again it's one software / encryption compromise away from complete access). First thing I did when my bank issued a doinker-card was stick it in an RFID sleeve and test it against my RFID reader - it worked enough to block the card no matter what I did. Also saves me from "card clash" as Oyster etc. as so keen to point out ("Hey, our technology is so good we can charge entirely the wrong card in one little doink without you getting a say in the matter!").
>This myth that never ending transactions can happen is ridiculous.
I've used Pay-by-Bonk quite a bit on my debit card, usually in pubs or supermarkets. I've never been asked to enter my PIN, which I had believed I would be every so often. Perhaps it is because I have interspersed my Pay-by-Bonk payments with Chip-and-PIN transactions and withdrawals.
I am cautious with it and insist on taking the receipt. And I usually take some cash-back, so that I only need to use my card once or twice in the evening.
I have heard on Radio 4 that some pubs and nightclubs have decided to stop using Pay-by-Bonk, due to lost or stolen cards being abused to the tune of around £100 over an evening across multiple transactions. This money, in at least one case, was refunded by the issuing bank.
"Work briefly anywhere there's a doinker, order a replacement doink-device, strip it down, walk around London bumping into people"
Do you really think you can work briefly in a shop and then order a replacement merchant terminal, set up an merchant services account, add on a private bank account ... etc etc?
You can't of course, getting that set up is not a trivial task. You may be able to set up a front organisation and set up a trade account but you are still going through quite big deal to be able to open a merchant account and accept contactless transactions all using fake IDs (you are asking for a merchant and bank account using fake details here!). However if you manage to get a fake account set up then you are better off just running an online scam, you'll get more money with less risk.
This post has been deleted by its author
I say an article in WSJ which seems to suggest there are problems ahead for Apple because their key advantage they had has been taken away by new tokenisation efforts at Visa which more or less mimic what Apple had developed.
I didn't have enough time to read it all, but it's an interesting topic. Personally I don't care for either - I am very wary of wireless payments, and shall remain so for quite some time.
Apple's tokenization is an implementation of the EMV standard. Visa didn't "mimic" what Apple developed, Apple was simply able to implement it on their own before Visa was able to set up a way to support others trying to implement the EMV standard.
When Apple's deals with the banks that give them the 0.15% expire they may not be able to collect any more. But I think they will be able to keep collecting it - if they have stats that show fraud on iOS devices is less than fraud with traditional cards, due to the fingerprint reader or reduced ability to steal iPhones (due to Activation Lock) than stealing someone's wallet containing EMV compliant cards.
Well, if my recent trip to CO, UT, NV, OR, ID, MT, WY, SD, NE and NM is anything to go by the October deadline is going to be missed by a huge margin.
Lets take Gas (sorry Petrol) Pumps as an example.
about 50% didn't require a PIN
0% actually read the Chip so all the data was taken from the magstripe.
One station required an in state ZIP code as well as my card PIN WTF is that all about. Cash to the rescue!
IMHO, outside CA and a few states on the East Coat end Chip & Pin is a futuristic dream.
I saw one Point of sale terminal that accepred 'Square' (UP Museum in Cheyenne) and only one place actually advertising Apple Pay (outside of the Denver Apple Store)
So my point above about C&P is even more evident when it comes to Apple Pay. As most of the phones I saw were of the Fruity variety then I think that Android Pay is going to find it tough in the states mentioned above.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
