The Apple walled garden
Why do people pay over the odds for their crap given all it's restrictions.
Barclays is trialling smartphone cash withdrawals. The UK's first contactless mobile cash service will allow the bank's customers to withdraw up to £100 in-branch, with just a tap of their Android smartphone or contactless debit card. The technology offers an alternative to traditional cash withdrawals from specially outfitted …
the reason why they do this is quite easy really, they are not the same person as you, they have different priorities (rational or otherwise), and differing requirements...
Hence they chose a phone that you don't like!
Btw I don't have an iPhone, I f'ing HATE touchscreens, they don't work for me at all...
I had one of these (from Barclaycard) which fitted snugly under the casing of my old (non-smart)-phone. Had a lot of fun tapping the housebrick against the card reader, and seeing the look of surprise from cashiers and customers.
It was actually a pretty nifty idea. Which is probably why it seems to have died .....
The Apple vs Android hyperbole aside, is this really that much faster or convenient? You still have to physically open your wallet and wait for the cash to dispense. I fail to see how removing a few button presses (which you still have to do on your phone) is worth all the fuss. Now if it transported the cash directly into my wife's purse I could see the point...
No, because what is transmitted is a one-time use. If it's like android pay, it uses one time use transaction tokens that expire, the real details aren't sent via NFC.
The advantage of you phone over chip and pin or mag stripe is it's internet connected and can generate tokens each time, you also have fingerprint scanner too...
@ Scotthva5 "You still have to physically open your wallet and wait for the cash to dispense."
TBH the phone makes things more cumbersome unless you store your phone in your wallet.
Using a bank card means you open wallet, put card in ATM, get cash, put bank card plus cash into wallet.
Using a mobe means you have to juggle wallet and phone while also keeping one eye over your shoulder at that shifty looking guy over there. It might be easy for Da Kidz to sort, but I can see it being really easy to put down your phone or wallet or cash on the ATM while trying to put everything away and forget one or more of them.
It might be a nice idea if, for some odd reason (or you just want to show off), you have phone but not wallet/cards but it sounds like more faff than it's worth.
NFC itself has nothing to do with security, this should be implemented by the chip + PIN because the magnetic stripe isn't in the least bit secure.
Medium term it would also mean cash machines with fewer moving parts. Though there are many economists who want to move us away from cash so they can devalue the currency faster.
If it's anything like android pay, yes, it generates a unique one use card number that's no use even if it's captured.
I use android pay, as it's fingerprint check and one use credit card number means it's MORE secure than my debit card (which I have requested a contactless card from my bank)
If you don't swipe your card (you tap or insert the chip end in) you prevent skimming since currently almost all skimming relies on data from the magstripe. So using the phone isn't preventing skimming, not using a magstripe is. Of course skimmers will eventually upgrade to devices that do NFC and chip reading, so entering your PIN on your phone would help there by preventing them from capturing your PIN, but other attacks like cash trapping (preventing the cash from being dispensed to you and others, with the criminal sending someone to pick it up later) aren't helped no matter how secure your authentication is.
But there's also a downside to entering your PIN on your phone. If you pull out your phone at an ATM, you make yourself an easier target for muggers. If they see someone approaching an ATM typing in a PIN they can grab their phone, run to the next ATM around the block, tap it, grab the cash and dump the phone. Or wait for you to cause it to dispense cash, then knock your phone out of your hand from behind on one side to distract you and grab the cash from the other.
With an Android you will be safe from the germs left by unclean iPhone users at the ATM. Unfortunately this does not solve the problem that iPhone users may have previously touched the cash dispensed. Perhaps these machines can be filled with only unused bank notes to make these ATMs truly safe.
" Apple restricts the use of iPhones' NFC chips to its own Apple Pay facility and there's no hook-in that for third-party apps from banks or anyone else."
As far as I'm concerned this is a good thing. At least that way I know there's no leakage of payment data to some rogue application that makes use of an API vulnerability.
The real question here, though, is why Barclays have had to implement some custom app-powered NFC hook to get this to work when existing NFC payment infrastructure would handle this use case perfectly?
The newest version of the ChargePoint app lets me use the NFC in my Android phone to enable the charger. I no longer need to use a separate card.
Obviously the phone is just emulating the existing RFID tags that you're issued, but it's still a nifty idea.
As the tags are very small, I've always worried about getting stranded by having them fall out of my wallet or otherwise losing them.
 A big car charging network on this side of the pond. They're actually very good with customer service and fixing issues with the chargers in my experience.
Well, given that rooting is only way to get proper control over your device & arguably makes it more secure e.g. only way to remove dubious pre installed crap ware, to take it further, for most phones updates are not really forthcoming, (depending on your bootloader) rooting usually needed to add e.g. CM so you actually get security updates.
So, which is more secure?
A phone way behind on updates OR
A rooted phone up to date with security fixes?
As someone has mentioned, ApplePay isn't actually that secure. Each time you use it, you are broadcasting your account details, and open to skimming (for NFC interception), Also as mentioned, AndroidPay is superior, as it keeps a cache of 12 (I believe) one time use card numbers and uses that in preference to your real details. As each one is used, it refills that 12 card numbers. If you have no data, yes, even eventually it will fallback to insecure "iphone mode", but on the whole, it's a superior implementation.
to say anything vaguely positive about the banksters, Barclays do seem to innovate more than some.
Obviously we all know this will be attacked sooner or later but sticking a card in the wall and entering a code was invented in the mid sixties, Beatles playing in the background and miniskirts the fore, it's about time something was done.
Pretty sure my local Santander has been doing this for a while. They got some fancy new ATM's in branch a while back and they have a little 'patch' on it with the 'contactless' symbol on it. Haven't tried it myself, so I can't be sure, but that is certainly what it looks like.
Biting the hand that feeds IT © 1998–2020