Contactless payment - Yay or Nay

earth
earth Posts: 934
edited March 2016 in The cake stop
It's convenient in the pub but I don't really like it for the obvious reason of security.

Comments

  • Pross
    Pross Posts: 43,593
    I think it was OK with the initial expenditure cap but that seems to be going up and up. Someone could easily blow a few hundred across several shops before you notice it's missing.
  • Stevo_666
    Stevo_666 Posts: 61,809
    Very handy I reckon. I pay for lunch at work with it, buy stuff at the supermarket and it doubles up as an oyster card. Saves a decent bit of time. Security wise I had the same concerns initially but you just have take reasonable care with your cards.
    "I spent most of my money on birds, booze and fast cars: the rest of it I just squandered." [George Best]
  • slowmart
    slowmart Posts: 4,516
    It's the future, biometric, facial recognition or voice are all possible authentication avenues.

    Massive change in this and banking. Any doubts then look at the share prices of the encumbrant bricks and mortar institutions

    One thing I never understood was why didn't PayPal offer a saving account where salaries could be paid directly into?

    Challenger banks have to build a brand, trust and capability but the consumer will benefit.
    “Give a man a fish and feed him for a day. Teach a man to fish and feed him for a lifetime. Teach a man to cycle and he will realize fishing is stupid and boring”

    Desmond Tutu
  • I've embraced it whole-heartedly and I now get irked slightly when I find myself in places where you actually have to put your PIN in. I'm also looking at getting the contactless payment device you can stick to your phone so you can just take that out with you.

    I think they've been paying for things with their phones for well over a decade in Japan and when I read about it a while ago I always thought it was the way forward.
  • sungod
    sungod Posts: 17,430
    earth wrote:
    It's convenient in the pub but I don't really like it for the obvious reason of security.

    eh?

    if you keep hold of your card it's secure, if you let go of your card, it's not

    contactless is more secure than your card in any place that still allows use by swipe and signature rather than pin only

    use contactless enough without a pin transaction and you can trigger the anti-theft check (depends on the card issuer) which'll prompt you for a pin, just to be sure the card hasn't gone walkies

    but if i pinch your card, zap chip, present card, it fails, offer to sign, fraud done, except those places don't cap the transaction like contactless does

    or just let me get your card in my all track reader and take front/rear snaps, thirty seconds and i return it to you, but now i can duplicate it and go wild everywhere that allows use of signature, globally, in minutes your card can be cloned to countries you may never have heard of

    if your name isn't too common i can use various sources to try and get your address, then if i pick my websites i can run wild online too, with the right airlines i can even do a quick trade in discounted business class seats for unsuspecting punters, you won't know anything until the bill hits you

    in comparison, contactless is incredibly secure
    my bike - faster than god's and twice as shiny
  • bianchimoon
    bianchimoon Posts: 3,942
    Definitely yes, hate all the fiddling about with small change, managed to wash coins in the back of jersey after today's ride again! Can't be doing my gear or the washing machine any good. Just taking phone and cards on a ride makes a lot more sense to me
    All lies and jest..still a man hears what he wants to hear and disregards the rest....
  • rick_chasey
    rick_chasey Posts: 75,660
    Mate it's 2016 not 2009!
  • Poitr
    Poitr Posts: 35
    The main security problem isn't whether your card is nicked, it's people who walk around with a battery powered terminal in their bag and skim $10 of every card that wanders into their range.
  • redvee
    redvee Posts: 11,922
    Poitr wrote:
    The main security problem isn't whether your card is nicked, it's people who walk around with a battery powered terminal in their bag and skim $10 of every card that wanders into their range.

    Someone posted a pic on twitter of just that. Somebody on the tube/subway had a machine in their hand obviously scanning bags etc for cards.
    I've added a signature to prove it is still possible.
  • sungod
    sungod Posts: 17,430
    the fraud method with illicit scanners is not really making unauthorised contactless transactions - that needs a payment processor and the various anti-fraud measures would limit return, it's too much hassle

    what they're trying to do is pinch your card details, number, date etc., after which ye olde methods describe in my post above are used to exploit them
    my bike - faster than god's and twice as shiny
  • True story...

    Sat in our apartement in Colorado a few weeks ago and I hear "shit, someone has raided my bank" from the bedroom.

    Mrs HD had checked her business account so see what invoices had been paid and somone had made 7 emergency cash withdrawls from her account.

    Rang the bank and apparently someone has cloned her phone, hacked her banking app and generated a code which allows cash to be withdrawn without a card. £130 per day x 7.

    No service on her phone which we had put down to being in the states, rang EE and someone had rang them impersonating MrsHD and done a sim-swap rendering her phone useless, this was obviously part of the plan.

    Cash had been refunded by the bank but we've heard nothing from the fraud squad, bank or ee which I find a little odd. Maybe £910 isn't worth investigating these days...
    Advocate of disc brakes.
  • Bobbinogs
    Bobbinogs Posts: 4,841
    I think you made that up...



    ...your wife did not say "Shoot" ;-)
  • earth
    earth Posts: 934
    Mate it's 2016 not 2009!


    And?
  • mamba80
    mamba80 Posts: 5,032
    Contactless is great, no more of a security issue than hacking some Garages terminal server to get your CC details.

    But NationwideCC take the biscuit for security over the top, paid for a bike on line, transaction failed, phone NW who said it was a VISA issue, tried again, this time NW decline transaction, ring again, clear block and i try again, this time it goes through, next day NW fraud dept ring me, they cant prove who they are or say what its about but do ask me CC details etc i say fxxk off!
    ring back having phoned a few other numbers first, they say my transaction triggered their fraud algorithm on my card but all is ok, i try again, looks good but following day is same as before, ring NW and the guy says he ll stay on line to make sure transaction goes through (as it keeps triggering their fraud detection)...
    this time all good and they give £50 for my trouble... a few days later, i use card to pay for fuel... declined, phone NW to be told card blocked by fraud dept following unusually activity ie buying a bike....... now got a letter to say card has a permanant block, even though bike has been paid for Grrrrrrrr
  • redvee wrote:
    Poitr wrote:
    The main security problem isn't whether your card is nicked, it's people who walk around with a battery powered terminal in their bag and skim $10 of every card that wanders into their range.

    Someone posted a pic on twitter of just that. Somebody on the tube/subway had a machine in their hand obviously scanning bags etc for cards.
    It's not actually a problem though ;)
  • team47b
    team47b Posts: 6,425
    Mate it's 2016 not 2009!

    I think by 2009 we all realised why calling each other mate was Considered, well, wrong :D
    my isetta is a 300cc bike
  • oldbazza
    oldbazza Posts: 646
    mamba80 wrote:
    Contactless is great, no more of a security issue than hacking some Garages terminal server to get your CC details.

    But NationwideCC take the biscuit for security over the top, paid for a bike on line, transaction failed, phone NW who said it was a VISA issue, tried again, this time NW decline transaction, ring again, clear block and i try again, this time it goes through, next day NW fraud dept ring me, they cant prove who they are or say what its about but do ask me CC details etc i say fxxk off!
    ring back having phoned a few other numbers first, they say my transaction triggered their fraud algorithm on my card but all is ok, i try again, looks good but following day is same as before, ring NW and the guy says he ll stay on line to make sure transaction goes through (as it keeps triggering their fraud detection)...
    this time all good and they give £50 for my trouble... a few days later, i use card to pay for fuel... declined, phone NW to be told card blocked by fraud dept following unusually activity ie buying a bike....... now got a letter to say card has a permanant block, even though bike has been paid for Grrrrrrrr

    Had a similar thing happen trying to put a deposit down for some Hunt wheels;had just before bought a saddle off Hargroves site with no problems but the payment was declined for the Hunts.When I contacted Nationwide they just said it popped up as irregular activity which is weird considering the most common transactions on my card are from bike shops and websites :? .There is supposed to be a security password which comes up but the only time that's happened was when I made a booking for a Travelodge room.Only other explanation is that it was pretty early in the morning.

    Regards contactless I must say I really like it,very handy in the mornings and saves fumbling about for cash.
    Ridley Helium SL (Dura-Ace/Wheelsmith Aero-dimpled 45 wheels)

    Light Blue Robinson(105 +lots of Hope)

    Planet X XLS 1X10(105/XTR/Miche/TRP Spyre SLC brakes

    Graham Weigh 105/Ultegra
  • bobmcstuff
    bobmcstuff Posts: 11,444
    Cash had been refunded by the bank but we've heard nothing from the fraud squad, bank or ee which I find a little odd. Maybe £910 isn't worth investigating these days...

    IME the banks are really good at refunding you no questions asked if you get defrauded. Usually it's someone in India has cloned your card and taken a bunch of cash out though (apparently some of their cash machines don't require pin??) so that does sound a bit different.

    But you're right I think the fraud squad probably has bigger fish to fry than a £910 fraud. And in any case can probably get all the info they might want (where the cash was taken out, where the call to EE came from) directly from the bank and EE.
  • I was keen on it but there's not many times I've been at a place with it and the value was less than £30. Also I tend to pay in cash if less than £20 anyway.

    The one thing I'm not sure about is how the money can take up to 4 days to show in your account. Imagine you're not a big earner so money in money out situation. If you're not careful you could go into the red easier with contactless payments. 4 days is a long time to show if you're watching your pennies. Why can't it show straight away or at least in a shorter timeframe? This might be a minor thing for most on here but I've been in a situation where I was a few pounds off being in the red. Truly penny pinching going on.

    Also if there was ever fraud going on, 4 days to catch the start of it happening. I know banks pay fraud back but that's still a hassle.
  • earth
    earth Posts: 934
    I was keen on it but there's not many times I've been at a place with it and the value was less than £30. Also I tend to pay in cash if less than £20 anyway.

    The one thing I'm not sure about is how the money can take up to 4 days to show in your account. Imagine you're not a big earner so money in money out situation. If you're not careful you could go into the red easier with contactless payments. 4 days is a long time to show if you're watching your pennies. Why can't it show straight away or at least in a shorter timeframe? This might be a minor thing for most on here but I've been in a situation where I was a few pounds off being in the red. Truly penny pinching going on.

    Also if there was ever fraud going on, 4 days to catch the start of it happening. I know banks pay fraud back but that's still a hassle.

    Banks do not process transactions in chronological order. They are processed in the order that has greatest benefit to the bank.
  • CiB
    CiB Posts: 6,098
    earth wrote:
    Banks do not process transactions in chronological order. They are processed in the order that has greatest benefit to the bank.
    In my days working in the IT group of a major bank, transactions were sorted and processed credits first, debits next, to avoid punters being charged overdraft etc fees for momentarily going into the red before any +ve amounts went in.

    Contactless. I love it. It raises my heart when someone in front of me in a shop pays by contactlesss - no faffing with cash and then the change placed on top of the receipt that falls out of his hand when it's passed over. I don't need to wait for the punter to put his card in, wait for it to register then tap his pin in and wait for the auth to come back. Multiply that by the ten people in the queue and that's a lot of waiting removed. It's not the time, it's the fluency that counts. Keeping track is pretty easy - just need to be organised.
  • 964cup
    964cup Posts: 1,362
    Contactless is inherently more secure than other card transaction types. There are three reasons why:

    1. The most important: every time you use you card in a contactless transaction, it generates a fresh CVV code (like the three digit number on the back of the card you now need for all non-PIN transactions). This is done on the chip in the card using an encryption-based algorithm. So if someone clones your card using contactless they receive a CVV that is valid only for that transaction and cannot be used again (unlike the printed version on the card itself).
    2. There is a limit on the number of contactless transactions that can be conducted in a set time period. This, combined with the £30 payment limit, prevents someone who's stolen your card slamming it in the relatively short window before regular fraud checks will pick it up.
    3. There is an unequivocal fraud guarantee on contactless - the bank has to refund you provided you took reasonable care to protect the physical security of the card.

    So if someone actually tried to take money using the POS-in-the-hand scam that's being wibbled about on Facebook, they could only hit you once, the merchant acquirer would quickly identify them and you'd get your money back. If they tried to steal your card details without actually completing a transaction, they would only get card number and expiry, not CVV, cardholder name or address - so it would be a) impossible for them to execute a transaction for which you would not be refunded and b) pretty difficult to execute a transaction at all.

    tl;dr - contactless is fine.
  • neeb
    neeb Posts: 4,473
    For years I used to moan about the fact that contactless didn't exist. "Why do I have to type in an effing number just to make a £3 transaction??"

    At the very worst (and actually it's nowhere near that bad, as the post above demonstrates) contactless is like carrying a little bit of cash in your wallet. Sure, someone could steal your wallet and use the cash, but you put up with it and look after your wallet because the convenience massively outweighs the very small risk of losing a small amount of money.

    The really annoying thing about banking in the UK right now is that some places won't take plastic and many places have a minimum transaction and/or a charge, because the banks charge retailers for taking card transactions... This means we all still need to carry around stupid little bits of metal and paper as if it was 1016 instead of 2016. When I lived in Finland I could quite happily go for a month sometimes without ever using cash or needing to carry it. Everywhere took plastic. It feels positively neanderthal to have to go back to using cash.
  • rick_chasey
    rick_chasey Posts: 75,660
    You wouldn't enjoy living in Germany on that basis.
  • FatTed
    FatTed Posts: 1,205
    Hardly ever use cash in NZ, but the retailers have to pay for contactless, but not for EFTPOS, so not available everywhere.
  • VTech
    VTech Posts: 4,736
    With money and currency exchanges it is always the case that they know every system is currently flawed so the way forward is to measure cost of operation against losses and contactless payments save time. Time = money and the savings are better than the losses so its a win at the moment.
    I think fingerprint and voice/eye will be next.
    Living MY dream.