?

Log in

No account? Create an account
 
 
13 October 2011 @ 08:13 pm
Contactless Payments  
Egg has been bought out by Barclaycard. As a result I am to receive a barclaycard. I'm taking steps to remedy this but in the interim I've been reading the wee booklet they sent me and am struck by its assurances about contactless payments

"you'll be able to make contactless payments up to £15.

...

it's really safe to use so you can shop with confidence knowing your account is secure.

....

Instead of inserting your card in the Chip and PIN reader and entering your PIN, to make a contactless payment you simply hold your card near the reader. And that's it - off you go."


No, it obviously isn't "really safe" otherwise you'd let me spend more than £15 at a time with it. In fact I can see no protection at all, under this system, which prevents someone with the right kind of reader wandering around a crowded shopping centre quietly nicking £15 from every customer in range. I had hoped that, like Chip and PIN, you might at least need to confirm your purchase with a PIN number (even though there are security issues with broadcasting PIN numbers wirelessly between devices) but it doesn't look like you do.

I'm also imagining the chaos that will be caused when the person behind you in the queue accidentally pays for your shopping because they were standing too close and holding their credit card while you were fussing around in your bag.

Maybe I'm being overly pessimistic, but I can't see anything which suggests that contactless credit cards aren't the plastic equivalent of wandering around with your purse open and a sign on it saying "help yourself". Well, OK, you do need the right kind of card reader and then a way to quickly launder your ill-gotten gains but I have rather more confidence in the ingenuity of the criminal fraternity than I do in the forethought that has gone into preventing abuse of these things.

This entry was originally posted at http://purplecat.dreamwidth.org/55919.html.
 
 
 
lukadreaminglukadreaming on October 13th, 2011 07:27 pm (UTC)
This has just reminded me that I need to get a shift-on and find another credit card that isn't bloody Barclaycard. I'm rather miffed, as on the whole Egg were fine to deal with - if you ever phoned, you got real people in a UK call centre who tended to be helpful.
louisedennislouisedennis on October 13th, 2011 07:29 pm (UTC)
We've gone with Amazon credit cards, but we generally pay our bill off in full and so we were mainly shopping on the basis of the best overall cashback offer. I've no idea what their customer service may turn out to be like mind.
(no subject) - lukadreaming on October 13th, 2011 07:31 pm (UTC) (Expand)
(no subject) - wellinghall on October 13th, 2011 07:38 pm (UTC) (Expand)
(no subject) - louisedennis on October 13th, 2011 07:53 pm (UTC) (Expand)
(no subject) - bunn on October 13th, 2011 08:04 pm (UTC) (Expand)
(no subject) - louisedennis on October 13th, 2011 08:06 pm (UTC) (Expand)
(no subject) - philmophlegm on October 13th, 2011 07:54 pm (UTC) (Expand)
(no subject) - louisedennis on October 13th, 2011 07:57 pm (UTC) (Expand)
(no subject) - philmophlegm on October 13th, 2011 07:58 pm (UTC) (Expand)
king_pellinorking_pellinor on October 13th, 2011 07:34 pm (UTC)
I completely agree. The whole thing falls down straight away as soon as you consider a person who has two credit cards. Which one does the magic box choose?

I'd far rather be able to say "this one" by putting it in the reader, and confirm that it's the one I meant by entering a PIN, and be able to spend more than £15 at a time.

Contactless cards have no use and many problems, as far as I can tell.
louisedennislouisedennis on October 13th, 2011 07:55 pm (UTC)
I'm assuming the readers (the official ones at least :/) will only have a very short range which will limit the chances for confusion, but I won't be at all surprised if they don't limit the chances enough to avoid confusion. But the fact that you could be entirely unaware that money was being taken from the card does worry me a lot.
(no subject) - king_pellinor on October 13th, 2011 08:06 pm (UTC) (Expand)
(no subject) - louisedennis on October 13th, 2011 08:07 pm (UTC) (Expand)
(no subject) - kargicq on October 14th, 2011 05:44 am (UTC) (Expand)
(no subject) - king_pellinor on October 14th, 2011 08:17 am (UTC) (Expand)
(no subject) - louisedennis on October 14th, 2011 08:21 am (UTC) (Expand)
(no subject) - king_pellinor on October 14th, 2011 10:17 am (UTC) (Expand)
(no subject) - louisedennis on October 14th, 2011 10:24 am (UTC) (Expand)
(no subject) - king_pellinor on October 14th, 2011 12:19 pm (UTC) (Expand)
philmophlegm: Spectrumphilmophlegm on October 13th, 2011 07:57 pm (UTC)
And what about the scenario where you are carrying two cards from the same provider but for absolutely, separate purposes? I'm not allowed to use my corporate Amex card for personal expenditure, but all business expenses have to go on it. Since I also have a personal Amex card, I can envisage multiple expense claim problems...
wellinghallwellinghall on October 13th, 2011 07:37 pm (UTC)
Snap (on all counts).
louisedennislouisedennis on October 13th, 2011 07:58 pm (UTC)
It worries me that the financial professionals on my flist don't like this either. Coming from a computer science perspective I know our concerns about weaknesses in security can turn out to be rather esoteric in practice...
reggietatereggietate on October 13th, 2011 07:46 pm (UTC)
Apparently, this kind of thing is being introduced on some mobile phones, as well. If it's every to be safe, they do need some way to make it secure, and right now, I can't imagine how they'll do it. It's a great idea in principle, not so great in practice.
louisedennislouisedennis on October 13th, 2011 07:59 pm (UTC)
It seems to me that a lot of the security rests on the assumption that readers can't fall into the wrong hands and that their range can not be extended beyond a few centimetres. Both those assumptions seem flawed to me.
(no subject) - reggietate on October 13th, 2011 08:12 pm (UTC) (Expand)
(no subject) - bunn on October 13th, 2011 08:35 pm (UTC) (Expand)
(no subject) - louisedennis on October 14th, 2011 08:29 am (UTC) (Expand)
Susanlil_shepherd on October 13th, 2011 07:55 pm (UTC)
inamac has spent some time telling Barclaycard that she does not want this "service" and, as I understand it, had succeeded.

I have been with HSBC Mastercard for over 35 years and have only had two spats with them in that time, both of which they sorted in my favour immediately.
louisedennislouisedennis on October 13th, 2011 08:01 pm (UTC)
If I planned to keep it I might try to get the service removed, but this was really just the nudge I needed to go shopping for a better deal anyway. I don't think my Amazon card is contactless, though since I don't actually have it yet, I'm not sure. However I have a nasty feeling it will shortly become very difficult indeed to refuse the service. It would be nice to delay until any major teething problems have been sorted out though.
MysteriousAliWays: U2 Fly video by Echomysteriousaliwz on October 13th, 2011 08:01 pm (UTC)
That sounds like the epitome of insecurity to me.
louisedennislouisedennis on October 13th, 2011 08:03 pm (UTC)
It seems completely ridiculous to me. Even assuming the readers and everything are secure and so forth if your credit card gets stolen someone could still quickly run up a few hundred in £15 chunks. There's a reason why a memorised PIN number of a signature have traditionally been required.
knitekatknitekat on October 13th, 2011 09:59 pm (UTC)
It they are so sure if is secure, why limit it to £15. Bloody daft idea if they don't have good security on it.
louisedennislouisedennis on October 14th, 2011 08:17 am (UTC)
I can see why they want a faster system than chip and PIN, but there's a reason I don't carry hundreds of pounds around in my pocket...
(no subject) - knitekat on October 14th, 2011 06:42 pm (UTC) (Expand)