back to article Barclays heralds new wave of wallet-waving

Barclays Bank is to embed contactless technology into every debit card issued from this day forward, allowing punters to pay for coffee with a wave of the wallet - providing they can find somewhere that accepts the new technology. Barclays has had a contactless card for a while now; the OnePulse, which also has an Oyster card …

COMMENTS

This topic is closed for new posts.
  1. POPE Mad Mitch
    Coat

    micropayments ftw

    I can just imagine now, in the not so distant future, some not entirely honest vendor in a busy public place using a boosted antenna and subtracting a small fee from every person that passes. The amount deducted, say 50p, would be too small for many people to complain about or even notice, and wouldnt trip the transaction fee limits. now say it was something like a sporting venue, thousands of people could wander past, and that small fee would quickly add up to a tidy profit.

    Mine is the coat with the faraday cage woven in.

  2. John Macintyre

    concerning

    "More concerning is the ability of the banks to collect usage information about all those cash transactions"

    Or... you know... you could just use that thing... fangled tech and all... cash? It's not like they don't already collect debit card habits, so why is this any different?

    I try to pay for small exchanges in cash anyway, using card for small transactions is asking for trouble since you never see what you have, so you're more likely to spend more than you expect, whereas you know where you are with cash. I know if my snack machines at work had this i'd end up spending way more than i want on them than when i check to see if have enough change or not

  3. Code Monkey

    @John Macintyre

    Amen to that! We may seem like Luddites but it's good to keep track of the ever-dwindling balance.

  4. Steve

    The Foil

    Yeh get to wrap me wallet in foil now!!

  5. Nic Brough
    Unhappy

    Barge pole, not touching tag?

    So, are they going to implement anything resembling security on these things? I'm thinking of how secure Oyster is as a relevant example.

    No? What a surprise. I'll be using those small metal or linen tokens until they sign a contract that makes them liable for any and all of any loss I report to them (unless Bruce Scheier or Ross Anderson can prove I was acting fraudulently)

  6. lIsRT
    Happy

    @ POPE Mad Mitch

    There's a solution, I've had one of these for about a year now:

    http://www.thinkgeek.com/gadgets/security/8cdd/

    No idea whether it works though, guess I'll test it if I get contactless payment on my cards.

  7. adnim

    Opt in technology?

    "Barclays Bank is to embed contactless technology into every debit card issued from this day forward". Is there a choice here?

    I don't use Barclays, but I am sure other banks will follow suit especially if the sheeple see this as a good thing and it takes off.

    As this is an offline system how is unusual behaviour detected?

    How often are these offline purchases compared to a card holders "normal" usage?

    How often do random checks take place, Every 2, 5, 10 or more transactions?

    In essence how many £9.99 CD/DVD's, packets of ciggies or alcohol purchases be made by the thief who has lifted ones card before the system thinks, hold on wait a minute?

    I guess every card stolen will, without a PIN or signature, be worth at least a tenner. A guaranteed £10 bonus possibly much more is enough motivation for some lowlifes to smack some poor sod in the face and take their wallet/purse.

  8. MontyMole
    Thumb Down

    More than one card in my wallet

    Just wondering what happens if you've got more than one contactless card in your wallet. How do you know which card will be charged?

  9. John Scott
    Alert

    I can see little benefit

    I fail to see how the current chip and pin system is slow! The bottleneck is when the terminal itself taking ages to accept and process the payment. Not sure how waiving your magic card will make it much quicker. Also, I already use my card for everything. 73p is my best to date in a well known supermarket which I know probably cost them about that much to accept my card.

    It will only be the big retailers who get setup with this tech anyway as they can afford the processing costs. Small shops just won't bother until cash costs more to bank than accepting cards, which I can see happening soon enough since the banks control this too.

  10. myxiplx

    about bloody time

    'contactless' You mean like good old mag stripes used to be?

    Chip n Pin might have sounded great on paper, but whichever pillock thought a technology that relied on regular physical contact between the device and the reader would work in commercial environments wants shooting.

    Time after time after time, chip & pin cards or readers fail to read because the contacts are worn or dirty. Every retailer I speak to says they are far less reliable than mag swipe cards used to be.

  11. Anonymous Coward
    Thumb Down

    Only reason Oyster works

    Is its unique, therefore i know how much i should have paid them and on the fairly frequent occasions when it charges me £4 instead of £1, i notice and often journey data shows that its an error.

    So in a crowded shop, how does it know to take money from MY card, not my friend's or that bloke in the queue that is too close or the granny at the second checkout.

    Just because contactless is possible, it does not mean it desirable or secure!!!!

  12. Anonymous Coward
    Boffin

    Please get your facts right....

    "The communication protocol used by both Visa and Mastercard conforms to the EMV specification, though the kernel and encryption systems are kept secret - a strategy which rarely works out for the best,"

    The communication protocol is an ISO standard (ISO 14443). The encryption systems are standard EMV (again, a public standard), and Visa and Mastercard then have their own card application standards built upon EMV (but again, available to terminal and card manufacturers). The kernel - well, that's the logic which goes inside a terminal, which is proprietary software in that each terminal manufacturer will - however, it operates to EMV standards.

    A contactless transaction is just a variant of a normal EMV transaction. There's little different apart from the interface used - and certainly there are no proprietary encryption systems used. The only 'secret' part is the private keys loaded onto the cards. In any PKI system, the private keys are kept, well private. The public keys are used to verify the data on the cards. Anyone with an EMV spec, a card reader and a bit of programming skill can perform an EMV transaction (that doesn't mean that they can actually get any money - although they can trigger the risk management logic, which then requires a full 'online' transaction to reset it (ie. in the case of a contactless card - a standard EMV transaction with PIN and communication with the issuer).

    Please, don't scare monger on things which don't need it.

  13. Anonymous Coward
    Stop

    Where to drill

    ..Anyone know where the specs are so we can drill through the RFID/whatever-paywave-is chip without frying the chip and pin one? Microwaving the card would work but would fry them both :(

  14. Anonymous Coward
    Boffin

    @POPE Mad Mitch

    The range on the cards is very small - a couple of cm at best. An amplified aerial to power up the card at a distance (e.g. even 1m) needs significant power output to do so (although is theoretically possible). Cards being closer than 1m are likely to be damaged in the process!

    This ignores the problem of actually receiving the response from the card. It works by modulating the signal from the reader - which needs to be super, super sensitive to pick it up at a distance of 1m. Again, possibly not impossible - but in practice, with cards moving through the field, other cards moving in, moving at angles to the reader etc - makes it practically impossible in a real world situation. Oh, and add to that 'noise' and interference from other RF emitters means the super sensitive receiver gets overloaded with noise.

    The fact that everyone walking past a retailer suddenly gets burning coins and molten cards in their pocket is likely to be a bit of a give away...

    Still, it makes good headlines....

  15. Anonymous Coward
    Anonymous Coward

    Great...

    First Lloyds swap my cashpoint card over for a debit card that I can't now use in all the cashpoints the old card could, meaning I /have/ to find a Lloyds cashpoint to get money out/find out my balance (don't want to use it as a debit card, too easy to loose track of money spent/still left), and now my next Barclays debit card is going to have a new way to 'loose' money from - won't be too long before someone figures out how to do drive-by money stealing by syphoning off the cash to a bogus company or through a legit company that has been compromised.

    Three cheers for anonymous cash you can actually hold in your hands! (apart from the odd counterfeit note & £1 coins) and I wish cashpoints would go back to offering £5 notes again, I don't always want to take out £10 or £20 especially when you've got to make what money you do have last.

    Bloody banks.

  16. Colin Miller

    What happens if you have two of these?

    I used to carry two current account cards in my wallet.

    What happens when they both move to contactless technology,

    and I scan my wallet for payment?

    Will I be asked which card I want to use by the terminal or will it just give up?

    Either way, kinda defeats the speed argument.

  17. Bumhug
    Stop

    Obvious flaw in this system

    What happens when every card has this technology? If your wallet contains 4 cards which one will it take payment from?

  18. Anonymous Coward
    Boffin

    @Nic Brough

    Oyster and contactless EMV payments have little in common apart from the fact they communicate over the same medium. The fault with Oyster (well, actually Mifare) was that NXP/Philips designed an in-house encryption system which was flawed. Cryptographers could not validate their encryption methods - and as often happens without peer review - vulnerabilities were found.

    With EMV it uses standards based RSA PKI cryptography. People can look the EMV standard and check it. You can validate RSA for vulnerabilities. It's actually a pretty open standard.

    Now, I'm not saying that EMV is perfect - but it's nothing like Mifare. It's almost like saying that one brand of car rusts badly - therefore all cars rust badly.

  19. Alasdair
    Thumb Up

    do they.....

    get a big water flume installed at work so they can slide home and pay for things on the way?

    If so, am sold!

  20. Tezfair
    Thumb Up

    I can't wait

    I will give my card to the kids while im in a public place surrounded by CCTVs and the kids can go on a spending spree. (the kids will be wearing an IR hat to block their face from the instore CCTV)

    I couldn't have possibly have purchased those items m'lud, I was was here - see.

    watch fraudbay for low priced items as <ahem> items are laundered

    oh yes, brilliant idea

  21. Richard Johnson
    Thumb Down

    what's the point?

    Presumably I'll still have to enter my pin, so what's the point? If I still have to enter my pin, why limit it to transactions under £10?

    If I don't have to enter my pin then where is the security in this system? Being the tight-fisted yorkshireman that I am, someone nicking £10 is just as concerning as someone nicking £100.

  22. Anonymous Coward
    Alert

    @adnim

    "I don't use Barclays, but I am sure other banks will follow suit especially if the sheeple see this as a good thing and it takes off."

    No no no, you don't see the big picture. This is nothing whatsoever to do with the individual customer. Barclays have launched this new 'product', which its customers will get whether they like it or not.

    The inevitable next step is that the boards of other banks will look at what Barclays have done and say: ... uh oh, our competitor is offering a new product that we don't ... they're in a new market that we aren't(*) ... QUICK! get working on our own version of this 'product'!

    sad but true, this is the abstract box-logic thinking which drives these huge corporations, which incidentally how the credit crunch came about.

    (*) Yes, Bill Hicks had it spot on.

  23. IR

    Okay

    This is the same system that was advertised by having a zoo elephant steal the zookeepers card and buy a load of stuff. Okay, so it was all cold medicine for the zookeepers cold, but it was a pretty blatent show of how easy theft can be with one of these.

  24. Anonymous Coward
    Stop

    @AC (@POPE Mad Mitch)

    AC, maybe you should go and read the article "Passport RFIDs cloned wholesale by $250 eBay auction spree" - that could read RFIDs from 30 feet away and the researcher thinks he can extend the range to over a mile

  25. Tawakalna

    but I have no cards..

    nor chequebook or current account, all my transactions take place with a building society passbook and a weekly cash withdrawal. Onoes I am being left out of da brave new world of technology! but my loot is safe...

  26. Anonymous Coward
    Stop

    Cash is king

    I reverted to cash when chip and pin became manditory.

    Everything I buy that is expensive I buy online with a credit card, the debit card is never used anymore.

    Haven't had any negative experiences and it's miles easier to balance the books at the end of the month.

  27. Anonymous Coward
    Anonymous Coward

    @adnim

    "I don't use Barclays, but I am sure other banks will follow suit especially if the sheeple see this as a good thing and it takes off."

    Years ago Barclays piloted a cash card system in Leeds where there was a chip built into your card looking not unlike the chip and pin cards used today. You could top up this chip with cash from your account and it could be used in readers found in local traders. You could fit a small amount of cash on the chip, £10 IIRC so the opportunity for fraud was relatively small.

    The idea behind this presumably being that you didn't need a PIN or signature to use the card so it was faster and more convenient. But nobody could nick more than a tenner from you at a time, so it was relatively secure.

    Anyway whether or not that system was a good idea it never took off. So you shouldn't assume that this will fly either.

  28. MnM

    lost or stolen

    When you're not sure if your wallet's lost or stolen, or if you know you left it somewhere, the fact that cards are pin protected gives you a little time to try to find it, before cancelling the lot if you can't. How much could you lose per unprotected card before a pin request pops up?

    Cancelling cards is a massive hassle, tapping in a pin code isn't.

    I don't want to be a stick in the mud though. It'll probably evolve into a good, quick system, long as banks cover consumers for any errors, fraud and theft.

  29. EnricoSuarve
    Coat

    @AC (@POPE Mad Mitch)

    To add to ACs post above it seems like every time a technology comes along using radio people have said "you'll never be able to get the range". Whether this is in the context of good ("It'll prevent RFIDs being read from a distance") or bad ("You'll never be able to broadcast further than...")

    I've heard the bizarre ideas that if you could the world would cave in, "coins would melt" and the singular quantum thingy would stop being so singular

    Seems to me its been proven wrong everytime so far, long wave radio, digital radio, your mobile phone, satellite phone, college students reading entry passes from miles away....

    What makes you think that these cards will be any different?

    Also what makes you think range is even an issue? Pickpockets don't exactly work from the other side of the road but last time I looked they were quite real. Barclays just invented a new way of having your pocket picked which requires little skill, just wave a reader over peoples bums and no actual contact so far less risk

    I can easily imagine a certain breed of criminal drooling over this one

    Mines the coat that will always need to be stolen from the old fashioned way

  30. Anonymous Coward
    Black Helicopters

    No outlets

    I've had a onepulse card for about a year, and I have never seen anywhere I can use it as a paywave/contactless card.

    The oyster feature on it is well worth it though, I put all my travel spending on the one card.

    @John Scott: 12p was my lowest card transaction, at M&S. In my defence their self service machine repeatedly refused my 20p so I gave it all the change I had and paid the remainder on my card.

  31. Cameron Colley
    Joke

    @ Tawakalna

    Then you, my friend, are a terrorist pedofile*!

    *If you're going to mess with an already incorrect word you might as well go the entire pig.

  32. Dave

    RFID Zapper?

    What I need is a little device that I can put RFID-enabled cards (and passports...) on that will fry the circuit without causing it to burst into flame or be otherwise visibly obvious that it's been zapped. I'm not yet desperate enough to build a Helmholz coil setup, I'd much prefer a small gadget.

  33. Sooty

    offline??

    "PayWave transactions always take place offline"

    What that means is that if you happen to only have £5 in your account and pay for something worth £10 you will be allowed to, and helpfully charged £30+ for the privilege, you will then probably be charged another £30 for an unauthorised overdraft. With an oblivious afternoon, you could easily make 10 or more transactions racking up a charge every time.

    I can't imagine why banks like this technology

  34. Ishkandar

    Contactless cards

    I think there are two issues here.

    (1) General acceptance of the system

    (2) Financial damage limitation

    (1) I do not know what the take-up of this will be in the UK but the take up for the Octopus card (Hong Kong's equivalent of the Oyster card) was quite good. Then again, they have nearly a decade headstart on Britain !! I believe that many chain operations like 7-11 and the fast food chains love this and the savings to the chains in terms of staff cost to handle cash transactions easily offset the cost of the transaction charges.

    Since the transactions are only registered when the card is within the (short) field range of a reader, the system will not go berserk reading every card within a *wide* range from the reader as someone had suggested earlier. Otherwise this system will be unworkable when there is a load of people on a London bus with three readers on board going berserk reading everyone's cards multiple times !! And any one with multiple such cards should not put them together since it could not only screw up the transaction(s) but the cards can interact and screw each other up. Then again, in nanny state Britain, many people cannot function without someone going around wiping their bums for them !!

    (2) The damage limitation part is that you can only lose what money you have put in the card. It has *NO* access to your bank account unless you have specifically asked your card to be automatically topped-up when the card balance is low (which any smart person out there in HK knows is not a good idea especially when the card may be stolen and used repeatedly on small(ish) transactions) !!

  35. michael

    @ pepol who hav not read the article

    it will be quicker cos it dose not do the talking to the back that the current system dose so there will be speed increases and it only chagles you for the pin at random intervals so you will not need to enter your pin every time

  36. An nonymous Cowerd
    Coat

    thirteen

    point five six megahertz is the frequency for this (nearly) iso14443 RFID. One of the weaknesses/threats is that your mail could be scanned at 13MHz and any interesting letters/mail-sacks that ping back are either a credit card/ePass/european citizens card or whatever. I have an HP4700 ipaq PDA with CF based 13.56MHz antenna podule, I could be scanning your mail now, but I'm not! There's also a possible man-in-the-middle 'relay attack' against eCC, but the relay reader would have to be within centimetres of your card,the attack is possible due to the up to 5 seconds transaction windows that have been defined. Watch out when consumer RFID starts to implement the 900MHz band like for USA eDriving licence & passport cards, =big read range. Personally I will terminate with prejudice my eCC, provided the postman delivered it in the first place!

  37. Anonymous Coward
    Anonymous Coward

    Use of Information

    "More concerning is the ability of the banks to collect usage information about all those cash transactions; they'll know where you drink coffee, what paper you read and how much you spend on cigarettes."

    I really wouldn't mind if they used this information for something useful, like security. If they know my spending patterns why don't they notice when they change significantly, like last year when some cock used my card number to buy some online gaming crap. I noticed it on my statement and informed the bank who then cancelled the transaction*, but why didn't the bank notice the unusual pattern?

    BTW they are unlikely to know what paper you read or how much you spend on ciggies. All they generally get is the trader, date and time and value of the transaction. Unless the shop is Cigs-R-Us they won't be able to deduce how much you spend on cigs.

    * The bank informed me that the transactions took place on a web site that doesn't use the three digit security code from the back of the card. So why the fsck do they deal with these sites? If they refused to deal with companies who's security wasn't good enough fraudulent transactions would be slashed overnight.

  38. DutchOven

    Surveilance

    "More concerning is the ability of the banks to collect usage information about all those cash transactions; they'll know where you drink coffee, what paper you read and how much you spend on cigarettes."

    Well, they can already tell which shops I have spent money in. The information is on my credit card statement too.

    ...but unless I start using one of the new cards for every transaction, what you've said isn't gonig to be true.

    It would require *every* retailer in the country to switch over to the new system. Until this happens, intelligent people are going to carry that old-fangled cash around in their pocket.

    In fact, the switch away from cash doesn't seem likely to happen at all - unless things have changed since the times they introduced cheques and credit cards. IIRC these were both widely tipped to leave cash as an historical curiosity (but as we know, it didn't happen!)

  39. Tom Chiverton Silver badge
    Unhappy

    Bugger

    Where can I buy foil lined wallets from then ? No doubt the huddeled masses will swallow this wholesale, then moan when they get shafted by that man with the large briefcase they walked past...

  40. Dale

    Faster

    The retailer may be in a terrible hurry, to need such technology to make transactions go faster, but I'm not. I don't mind opening my wallet, taking out the notes, waiting for the change... Life doesn't have to go at a frenetic pace all the time. Slow down a bit and look at the trees

  41. Funkster
    Thumb Down

    Once again Barclays try to force a badly implemented change on their account holders...

    Barclays don't care what their customers think, they just come up with some half-ar*ed idea and then force it onto account holders whether they like it or not.

    They're a very very silly bank.

This topic is closed for new posts.

Other stories you might like