Slashdot Mirror
PayPal Unveils Mobile Payment System
angry tapir writes "PayPal is targeting small businesses, service providers, and casual sellers on the move with its new PayPal Here service, which allows vendors to process a variety of payments including checks and cards using their mobile phones. The new service includes a free app and encrypted thumb-sized card reader, which allows merchants with an iPhone, and later Android smartphones, to process payments."
To compete with Square? They are already established and don't have a reputation for taking everything that someone has in their account on a whim.
The internet is full of "paypal stole all my money" stories.
Do not look at laser with remaining good eye.
Yes, a lot of people do this all the time. I have been using SQUARE on my iphone for a year now to do this for my small business.
Do not look at laser with remaining good eye.
Since you probably don't work in this space, I'll drop you a hint: https://squareup.com/
So you won't let the waitress swipe your card, but you'll let her take it into another room for several minutes?
Is it just my observation, or are there way too many stupid people in the world?
Because they don't abuse customers in general. They abuse sellers. The regular users who are paying are left alone, and thus the service is popular. Sellers don't really have a choice, and just have to put up with whatever bullshit PayPal comes up.
Full Disclosure: I work in the credit/debit card industry. Specifically, I work in the part of that industry that involves testing the shizzle out of them.
Your old magstripe only card isn't safe, the magstrip can be easily copied in a variety of ways. Readers are cheap and skimmers that are so small, they can fit inside ATM card slots, are easy to buy online (and don't cost much). Lesson? Don't use the magstrip for anything, ever.
So what are you meant to do? Well, like a lot of the rest of the world, the US is switching over to EMV. In the UK, it's known as chip and PIN, but the basics are as follows:
Instead of a magstrip, your card has a "chip" inside it. That chip is where the communications happen. Readers contact the chip and exchange a bunch of cryptographic data, but the key thing is that the chip isn't simply "read", but it performs calculations itself, using its own private keyset that cannot be read by the chip reader. I can't stress that point enough. There's no way to read the contents of the chips, all you can do is communicate with it.
Each transaction is "Unique" and the card itself will sometimes request to speak directly to a Host (i.e. somewhere at your Bank's HQ), in what's called an "online" transaction. If the card chip isn't sure of a terminal, it will demand to go online before processing a transaction. Hell, sometimes it'll demand to go online just because it hasn't recently. The two then communicate in such a way that the terminal (the middle man) can't intercept in any meaningful fashion. Each message is cryptographically generated so that the host knows the card sent it and not some MITM.
The bottom line? Come 2013, when the US is mandated to support EMV, card skimming will be a thing of the past. Stick your card wherever you like, nobody can do anything with your bank account*.
*there is, of course, a small caveat to this. As I said, each transaction is unique, so theoretically someone could skim a single offline transaction from you, but if they try to replay that transaction, there's every chance the transaction will then go online (the terminal AND the chip can demand to go online at any point), in which case the host will void it immediately. There's also plenty of upper and lower transaction limits, so for example if a transaction amount is above say $50 or $100, it HAS to go online or will fail outright.
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Mod this parent up. Posting as AC on purpose. I'll add that in a dispute over a debit charge, the problem as the cardholder is that you are fighting with your bank (debit card issuer) to get your money back.
When disputing a credit charge, you are helping the bank (credit card issuer) that "loaned" you the money get *their* money back. With debit, the bank is not overly encouraged to spend a lot of resources on helping you get your money back as it isn't their money that was defrauded since there is no profit in it and the risk is that you (one customer) will leave for another bank, and there are barriers (hassle) to you if you do this.
With a credit card, the risk is they will lose you as a customer (you will use some other form of payment) and lose their profit (interest and transaction interchange and data mining value - spend patterns, market analysis, marketing other products and services, etc.).
The bottom line is that the security focus of the industry isn't to protect the cardholder from fraud, but the banks in protecting their revenue streams.
Nonsense. Don't you remember the fiasco about them claiming to insure against fraud? Then it turned out that they were "self insuring", and never paid once.
I was one of those who lost something like $350 on it [the normal used price for that particular Quark Xpress]. I proved fraud 5 different ways: two of them were that the seller claimed to be selling a licensed copy of Quark Xpress, and actually delivered a Windows 95 user manual; and the seller claimed to be from the Antilles [not a Russian mafia hotbed] and shipped from Tbilisi Georgia, which would have caused me not to buy, right there.
Anyhow, Paypal said that since he shipped *something*, they considered that a 'quality dispute', which they didn't cover.
I never got my money back, and Paypal has never paid on the claim, and as far as I am concerned, *Paypal's fraud* worked hand in hand with the sellers' fraud.
No, it is NOT TRUE that Paypal doesn't abuse customers in general. There is a class actual lawsuit that demonstrated that. I just never signed on to it, because plaintiffs in class action lawsuits typically never collect. But if Paypal ever wants me to consider doing business with them in any way, shape, or form, they'll first pay me back the money I lost, plus interest.
And yes, I am aware that Paypal is in the middle of a media blitz right now, which means that they probably are paying for "online reputation protection" as advertised on National Public Radio, and therefore I am probably going to be modded with a combination of "Troll" and "overrated" to make my post vanish. I've noticed that that has been the pattern these days.
So be it. I'm still going to post the truth.
Saying "they don't abuse customers" is false. I'll assume you said it in ignorance.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's