back to article What's NFC? PayPal lobs Chip and PIN readers at UK small biz

Accepting credit cards just got even easier, with PayPal and iZettle both announcing Chip and PIN readers suitable for European markets where mag-stripes are considered passe. PayPal Here has been around in the US for a while, allowing merchants to take credit-card payments into their PayPal accounts, but like rival service …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Apart from being forced to use PayPal for Ebay transactions would anyone actually bother to use it?

    1. Phil W

      I'm not the biggest fan of PayPal but it has it's uses.

      I use it for paying for subscription service like my internet hosting, where I'd rather not set up a direct debit but don't want to have to pay manually each month.

      It's also handy if you want to buy something from a website that seems a bit dodgy, but is the only place where you can get a particular item.

      1. goldcd

        Also handy for places that don't like Amex

        oh, and saves me the bother of having to type in my address... yes, I do realize that I have become incredibly lazy..

    2. Anonymous Coward
      Anonymous Coward

      Possibley

      I work at a small event that takes £50,000+ in cash over two days (it's a bring and buy stall in a bigger event). However we then pay most of that out to the sellers, so it's high turnover but relativley low actual cash we keep. We're all doing as volunteers as all the fees we take from charging the seller, all go (after costs) to our club funds. We can't currently do any cards, as the setup and running costs for a merchant account are not worth it for the scale of our event.

      However, if we can offer chip and pin (and the buyer will have to pay the %charge as we pay the majority of the cash out to a seller later) then we can offer cards, useful when some items go for £500 plus and at the moment we have to rely on cheques or people carrying wads of cash.

      All will depend on the costs to use it I guess.

  2. Tom Chiverton 1
    WTF?

    "impossibly-difficult-to-copy chip"

    Oh ho ho ho - nice joke !

    1. Anonymous Coward
      Anonymous Coward

      Ok...

      Can you let us know where they've been copied then?

      1. Anonymous Coward
        Anonymous Coward

        Re: Ok...

        There a shop local to me that will sell you any number of near-identical chips.

        They do fish as well.

      2. JaitcH
        FAIL

        A certain Pin/Chip reader manufacturer ...

        who manufactures motorised card reader/writers had a test ROM that allowed for duplication. The cards have no logo's (i.e. blank) and are intended for test and production purposes.

        A technician friend works there and I made my own machine and he supplied the ROMs. Cost was around $320 - using my own PCB. The quick copy procedure is called a 'Yes' card. The version that takes longer yet to copy, with multiple read/writes of the 'master' card, which is because it has to test some code in a card being copied.

        My wife has a copy of my card, the codes are contained in a small safe in our house. In the event of my death she will be able to continue to transact ATM business.

        Banks seemingly don't do sophisticated checks as I was in the UK last year and used an ATM and then, receiving a SMS/text from me, my wife used her card in an ATM physically thousands of miles/kilometres away successfully within minutes of my use. Obviously banks believe in fast travel.

        Even more susceptible are the PIN/chip readers in stores - they are designed to be remote programmed. The 'floor' levels are often changed at busy seasons. Leave the power off on a terminal overnight and see what doesn't happen.

        We can also clone cell SIM chips, the easiest is a 'virgin' chip that has never been used, which can be obtained quite easily.

        So much for security. As long as the banks are satisfied PIN/chip is secure. their smugness will allow us to continue copying cards. I even told a bank manager cards could be copied - he said that his information is that they are totally secure.

        These unique "unpredictable numbers" aren't so unpredictable. My SecureCard is so secure I have a list of numbers in a file on my Note 2 which I can use to fool the HSBC computer. Usually it makes a request for one or two entries, just as with the real 'Secure'Key. Go figure.

        What is secure is the password to the file!

        1. greenawayr
          Stop

          Maybe your credit card company...

          ...is a bit sloppy, but ours were sh!t hot when we were travelling. We gave them a list of countries we'd be visiting around Asia, Europe and America, popped into Lao for a few days having not notified them, and no dice (luckily had cash to exchange), but the other countries listed all cleared fine.

        2. Anonymous Coward
          Anonymous Coward

          Re: A certain Pin/Chip reader manufacturer ...

          Err... I think you're describing something which is not chip and pin.

        3. sugerbear

          Re: A certain Pin/Chip reader manufacturer ...

          Unfortunatly you are being very selective by choosing a card (not Visa/MasterCard/JCB/Discovery/Amex) with a well known defect.

          So please please please, take a bank card from the UK and clone ALL of the chip data (software, keys etc).

          When you have done you can then post about it.

  3. Anonymous Coward
    Anonymous Coward

    So...

    The question is: A market trader says that you can pay with your card. He offers you a mobile phone with a gizmo attached to it. Do you

    a: Say, no thanks I'll pay by cash.

    b: Put your card into an impossible to verify piece of hardware hooked up to someone's mobile?

    Hmm. Tough one. I think I'd prefer a proper GSM connected C&P PED.

    1. sugerbear

      Re: So...

      ok. The worst that could happen is that the trader will know your PIN number. He may also know your card pan number and its expiry date. But the reader wont know what is on the magstripe (which is good, cant be cloned and used in the US).

      Without the physcial card the info the trader has is useless. The generated cryptograms rely on (amongst other things) the application transaction counter (which is held on the chip) which is unique to every transasction.

      So I understand peoples reluctance to use something that looks odd, but because it's chip it is much more secure.

      1. Graham Marsden
        Thumb Down

        @sugarbear Re: So...

        "The worst that could happen is that the trader will know your PIN number. "

        Yes and that's a prima facie excuse for the Card Company to deny liability for any fraud on the card.

        And how difficult would it be to create a gizmo that, when you put the card in the slot, also reads the mag stripe?

        And this doesn't even get near PayPal being so willing to reverse a transation and take money out of a Trader's account based on the say-so of a customer and *then* maybe start looking at whether the complaint was actually valid...

      2. Anonymous Coward
        Anonymous Coward

        "Without the physcial card the info the trader has is useless"

        So knowing the PIN, PAN, expiry is useless eh?

        In that case, please upload your PIN, PAN and expiry date to this comments section.

        Let's see you put your money where you mouth is.

  4. dkjd

    "rival service iZettle and the much-hyped Square it uses only the magnetic stripe" I think this is not correct. IZettle used chip-and-signature, and this means that VISA didn't approve it because "it has to support mag-stripe too". Nothing to do with mastercard supporting IZettle ofc.

    As far as I know they now have started a chip-and-pin solution, but they have never done mag-stripe

  5. JimmyPage Silver badge

    "European" C&P

    Was intrigued, a couple of years ago in Spain, to note they have C&P *and* signature. As the cashier told me "Even if the C&P were OK, if the signatures don't match - the bank don't pay."

    I wonder if this reduces fraud ?

    1. greenawayr

      Are you sure they were Spanish???

      "Even if the C&P were OK, if the signatures don't match - the bank don't pay"

      They don't sound Spanish!

  6. Anonymous Coward
    Anonymous Coward

    US Banking on the Past

    I do miss chip 'n' pin. Here in the States they have swipe 'n' pin, and for transactions under about $10 they'll just swipe and offer you a receipt - no signatures or PINs.

    I still keep my UK account open, and get my new debit card sent to me here. My American family and friends look in awe at this fabulous card with a golden chip and even contactless payment, ooh! It just amazes me that America is so far behind on so many things, especially when it comes to banking.

    As for PayPal, I closed my account, because even though my UK bank lets me use my US address as my main residence, PayPal only lets you enter a UK address, so you can't link your account.

  7. tempemeaty
    Devil

    Fom strip to chip then discard the card....

    Strips never really became useless, you just can't read them from under the skin. Next step, declare the plastic card passe, discard it and have the chip under your skin. Kind of looks like that mark of the beast thing is moving right along...

  8. Henry Blackman

    iZettle supports Chip and Signature - so Visa, quite rightly doesn't support it.

    No one supports NFC, because it's not worth it. Not all cards have it, so why reject cards which haven't been replaced yet, or the bank isn't bothering yet. Maximum transaction value is £20 usually, so that eliminates that. All in all Chip and Pin is the best solution!

This topic is closed for new posts.