Slashdot Mirror
Why Mobile Wallets Are Doomed
redletterdave writes: "The other shoe has dropped for Square. The once-hyped mobile payments company is killing off its Wallet payments app and replacing it with a new app called Order, which will allow users to order food and beverages ahead of time at their favorite cafes and restaurants. For entrepreneurs, the concept of a mobile wallet seems so logical that the payments industry looks like it's ripe for disruption. If everybody is always carrying around a powerful computer in their pockets, it's natural to consider loading payment information onto that secure device as an alternative to cash or plastic cards. The problem comes when this logical entrepreneurial spirit merges with an industry segment that is classically illogical. The payments system in the United States is a mess of entrenched interests, fragmented business opportunities, old infrastructure (like point-of-sale systems), back room handshakes and cut throat competition. This behavior is not going to change any time soon, which means mobile wallets like Square are going to continue to struggle — at least until a more legitimate, easy-to-use and cost-effective solution comes along."
This behavior is not going to change any time soon, which means mobile wallets like Square are going to continue to struggle — at least until a more legitimate, easy-to-use and cost-effective solution comes along."
Like a usable cryptocoin?
Silence is a state of mime.
Here.
why is paying by phone so much better than with plastic?
i do it starbucks for the rewards
only other reason is if a food truck took cards instead of cash. why do it anywhere else?
for the retailers its more money to spend with no return on investment
Putting a wallet on a mobile phone that is not the least bit locked down, and has god knows what else installed on it. Then being the information through the air to be intercepted by some enterprising hacker. Yep convenience and security. But its all failing because of back room deals.
If I have to carry something around in order to pay for shit, a regular wallet works just fine. With actual cash in it.
I barely trust using my phone to log into a social network, let alone anything that might cost me money. With every app attempting to spy on each other, I would never trust my phone for financial transactions. Not for many years to come.
is carrying around ALL their DEBITS and ALL their CREDITS in their pockets. i diversify with a mattress.
" that secure device "
Since when? Smartphones are not secure.
Just let these innovations arise in other countries if the USA has such a backwards infrastructure. Even credit cards are more secure in other countries (chip and pin may be flawed, but it is still better than the magnetic strip and signature of the USA).
I'd be very interested to see how they approach that. Well, any internet payment mechanism is going to struggle with chip and pin, I suppose.
Make sure everyone's vote counts: Verified Voting
I challenge you to find out how many middlemen your money goes through between your bank account and the entity you're paying money to.
So I need to go back to lugging my safe around?
Is that I have to plug them in to charge for 3 hours before I can use them to buy a coffee...
The first time I get stuck somewhere because my phone died and I was unable to pay for a bus or taxi is also the last time I rely on mobile payments.
Sure it is. If a hacker gets my CC info and makes charges, my loss is limited to hassle and frustration. If a hacker gets my BTC info, I lose my BTC forever. That makes BTC like cash, which sure can be stolen, but to steal my cash you have to walk up to me and get my wallet away from me. A wallet thief can only rob a handful of people per day, whereas a BTC thief can take a hundred million dollars from ten thousand people in one night.
There are lots of tradeoffs for all these different systems. None of them are exactly perfect but none of them are worse than all the others in every way. Each has different strengths.
Please. This is a "solution" in search of a problem. And not even a good solution. All the CC companies in the US are (finally) being forced to implement chip-and-pin. Do you really think they're going to switch off of that for something even less secure than a standard CC? Not that they really care about security.
Besides, There are so many entities (not counting the malicious ones) tracking what goes on your smartphone, do you really want to trust your money to an app on one of these? If so, please use my app. It's complicated to set up, so please send me all your financial information and I'll get things going for you. You may notice some charges or emptying your bank accounts, but that just me making sure everything is working properly.
No, no, you're not thinking; you're just being logical. --Niels Bohr
There are specific examples the implementation fails. For instance Starbucks has a good implementation, but many Starbucks does not accept the card. Why am I going to have something that is useless. It also by default wants to annoy you every time you go by a Starbucks. We see the same thing with CVS. It is nontrivial to pull up the card, and easier just to type in a phone number.
Most of the digital wallet is just gather information on consumers without providing value in return. Like a grocery store loyalty card. Sure, some are going to use it. Some are going to shop at the store because of perceived value. But many are going to the store that just provides simple service. Walmart does not have a loyalty card.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
If everybody is always carrying around a powerful computer in their pockets, it's natural to consider loading payment information onto that secure device as an alternative to cash or plastic cards.
The summary used the words "computer" and "secure" in the same sentence as "payment information".
It must have been something you assimilated. . . .
I've always been a fan of the mobile wallet concept. I have a Google wallet account and spent the money for the NFC sim and all. Then I discovered absolutely No one in my town (major US city here not a backwater hill town) is set up for it. Sure a few have tap and pay card readers but those as a general rule are not programmed to accept and virtual wallet. I hope one day we get to the point where it is common place to use NFC payment systems at most major stores but I do not think it will happen anytime soon.
I wish an institution like the MTA or NJ Transit would adapt mobile payments for Public transportation. I would be on-board with that.
(Note: This comment is US-centric. I'll let others do the analysis for the rest of the world, but the case is actually easier there.)
NFC is still coming, and soon. Now that any Android 4.4+ device can use Google Wallet and with ISIS deployed to AT&T, Verizon & T-mobile customers who want it, one half of the secure mobile payments infrastructure problem is all but solved. Android 4.4 includes open APIs so that anyone else can implement NFC payment apps, also, and there are rumors of many coming. There are hints that Apple is also doing something with NFC.
The other half of the infrastructure problem is merchant acceptance. Visa and MasterCard announced in 2012 (IIRC) that the liability shift will be implemented end of 2015. What that means is that after the shift takes place, any merchant will be able to completely stop paying for any credit card fraud simply by deploying chip (including NFC) payment terminals. Given that merchants pay for nearly all fraud, and that it costs many billions annually, you'll see them moving fast. Already in some parts of the country I can go through a whole day using nothing but my phone for payment, and it's improving rapidly.
It's about a decade later than when the industry thought it would be but contactless smart card / NFC payment is in full rollout mode now.
Square is wise to drop their custom, proprietary solution to a problem that has an industry-standard solution in deployment.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Who the hell is Dan Rowinski and how does he know anything about mobile wallets and payments? He cites no references in his article other than other articles HE wrote and some anecdotal story about a coffee house he stops at in the morning. He provided a link to their website so I guess we could stop by and ask them if he's full of it or not.
Since we're on a roll, I declare balding middle aged men the new fashion trend that 20 something women just can't resist. For example, at lunch this cute redhead smiled at me while I was at the local Arbys. Citation: http://arbys.com/
Ladies that want to be hip and cool can PM me.
E-wallets have been popular in Japan for years. They are extremely convenient, especially if you use public transport a lot (and Japan has good public transport). No more messing about with change at the convenience store either. Vending machines take them too. As an added bonus there is no receipt to throw away, that gets stored on your phone/online account automatically as well.
Business users love them because they can easily import the receipts into Excel and file an expenses claim. Everyone else just finds it easier to pay for stuff at the end of the month via their mobile bill, instead of loading up a stored value card or fishing for change every time.
I hate coming back to the UK and having to deal with all this crap just to buy stuff. Some places can just about cope with contactless debit cards now, but if you have more than one in your wallet you have to get it out or a random one will be charged. My phone is nice and separate.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Write "Check Identification" on the signature line and have a photo ID; no more flaw. Something you have then becomes your credit card, your photo ID and your face, which is a bit harder to get than just your card and pin. And who cares if someone uses your credit card you aren't using, anyway? Deny the charges, cancel the card, get a new one.
Q. When is Fiat currency not fiat currency?
A. When it's pegged to the price of an automobile.
Actual Fiat currency would be an interesting concept, sort of like taking Canadian Tire money one step further. People could exchange goods and services for gift certificates denominated in micro-Fiats, and any licensed driver could turn in a million micro-Fiats for (imitates The Price Is Right announcer) A NEW CAR!!!!11
Do you really think they're going to switch off of that for something even less secure than a standard CC?
Sorry but I bought a 2800 dollar laptop with my CC that has no signature on the back and no PIN without the blink of an eye while I can't "charge" $5.56 worth of coffee and pastry to my Starbucks app without my PIN.
Which one is less secure again?
A few facts that aren't going away any time soon:
1. There are 1000 different e-wallet based solutions which are swiss cheese of compatibility with the few number of retailers that have even bothered to look into them (These have fees as well mind you, just possibly less than CC transactions)
2. There are many loyalty reward cards / apps that do what you want quite well but only for specific customer/retailer relationships
3. Easy solutions that are both ubiquitous/cheap/secure would basically require the entire industry to jump onto a single standard who's fee schedule is really low / non-profit and who's infrastructure services / equipment are interchangable
If its not easy, customers will just use Credit Cards or cash
If its not ubiquitous, you may as well just use a rewards/points card program
If its not cheap, retailers may was well use credit cards because at least its a system well understood and comfortable with
If its not secure, retailers are on the hook for fraud and it will likely not be ubiquitous because which retailer would want to carry large purchase liability
All in all, its a 'solution' that on a green field may work. The articles frankly a utopian paradise where the slightly cheaper solution would require the entire infrastructure of our retail commerce system to be ripped out and replaced overnight in order to be feasible.
Lastly, by far the most important facet of any of these schemes is TRUST. If you don't have consumer trust in your transaction products, you won't have consumer buy-in. Loyalty cards have the maximum loss of whatever you've refilled them. CC/Bank cards generally have historically adequite means of limiting liability of holders (at the expense of retailers). What does this new system have to verify that my cash is safe with them?
Bye!
E-wallets have been popular in Japan for years. They are extremely convenient, especially if you use public transport a lot (and Japan has good public transport). No more messing about with change at the convenience store either. Vending machines take them too.
If I could get here what you can get from a vending machine in Japan, I might want one too!
Public transit would be a very useful application for an e-wallet, especially in Tokyo with all those incompatible rail lines where you have to pay to transfer trains. But that could be solved by a dedicated transit pass which auto-recharges from a credit card account, sort of like the EZPass does in the U.S.
... is a time-tested Slashdot commenting strategy!
But seriously, I don't always carry my wallet with me, but I almost always carry my phone with me. Last year I found myself in the perfect position to benefit tremendously from a mobile wallet on my phone.
I was on mile 4 of a long bike ride when my rear tire failed. Not the tube (I carry a spare), the actual tire. I had decided not to bring my wallet with me, but I did have my phone. Anyway, I needed a replacement tire, but I had no money on me, and I realized that despite having my credit card number memorized, I didn't actually have any direct way to pay a bicycle shop for a tire, so I walked home.
But it felt silly - that I was carrying around a smartphone that has access to multiple bank accounts and payment services, and that I even knew my credit card number, yet without a little piece of plastic, I couldn't pay for anything.
Since then I don't go on bike rides without my wallet, but that's not really the point. Sometimes I take walks and don't want to bring my wallet. Occasionally I change my mind on the way home and decide it would be a good idea to stop at the grocery store. But no wallet, no way to purchase anything, despite having my phone.
In other words, there do exist situations in which one might reasonably have a phone but not a wallet. You may argue they are edge cases, but I am just one person. Other people mentioned check splitting, which is especially a headache in recent years since no one seems to carry cash anymore.
"Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
When exercising, I have a wallet pull-out that holds my driver's license and a credit card. It is extremely thin, I can swim with it, get it dirty, drop it, run it over with a bike, while never having to worry about it's power level. Yet I can use it for almost any financial transaction short of buying a house. If stolen, I am not responsible for the unauthorized purchases.
Top that and we can talk.
And about the malicious entities, this really isn't as big a problem as what your picturing. A wallet app is really just a UI. All the meat goes into your Secure Element. Your card info gets put in remotely by a trusted authority, and is read directly off the chip by a POS. Apps on your phone don't have access to it.
... it never once ran out of battery.
The only phone that never run out of battery in that period was the one bolted to my wall or standing on my desk.
No one benefits from a third-party corporation doing transactions. From day one, I never could figure out why a person would want a corporation to track their purchases and build a profile of their shopping, nor why a company would want a corporation to track their sales data.
Frankly, no one has all the data needed to truly track someone's purchases and online habits. Some parties have the online part, and some have the financial part, but no one has it all. That's the last goldmine left in exploiting personal information for profit, and it's attracted the most greedy, venal, and awful type of people to try to get the money, but no one is going along with it. I hope they all die. Otherwise we'll live in a world where every purchase is tied to online habits, and every second of every day will be a marketing and advertising blitz like the world has never before seen. Humanity will stop being human, and be only "consumers".
"it's natural to consider loading payment information onto that secure device"
Is there any such thing as a "secure device"? I'm aware of several types of devices that were initially proclaimed to be secure, and subsequently hacked.
That that is is that that that that is not is not.
Here in the US I started seeing the ability to use debit cards at the cash register circa 1999.
I can't find any information online about a debit card system operating in any country before 1982.
Where are you?
Now that any Android 4.4+ device can use Google Wallet
The rest of the problem becomes getting manufacturers and carriers to push out Android 4.4 images.
its brown and leathery and contains a whole lot of money and other useful stuff :)
You could manage the same thing with a prepaid card with contactless payment. This is what is used in London (Oyster), at least for public transport. No change required, but no issue with battery life.
Contactless debit has got very common this year.
I think there are two main reasons why it does not work
1) because there's a duopoly on payments, Visa and Mastercard; add to that that everybody else wanted to control the mobile wallets, the operators, Google, the manufacturers, etc. so nobody did because they did not cooperate, they were greedy.
2) because it adds very little compared to what we have now, in other words, the added value is not enough to break the Visa/Mastercard duopoly.
If there were hundreds of payment processors and card issuers, the system would not be entrenched as each POS would need flexibility to handle all that diversity. In the current situation, the POS only handle Visa and/or Mastercard, so only them can push for changes, like they are doing with the "tracker cards", the RFID insecure cards they force everybody to use now.
They want everybody to use them not because they are better, but because they will be able to monetize them better by selling costumer tracking (those cards are beacons and you only need to slightly modify the "thief detectors" to track who enters and leaves a place, even if they pay with cash). They already sell your buying habits! Now they will also sell where you go and not buy!.
My wallet is mobile and it works even days without recharging. Also most payment systems do not work that well at the local market or flee market. It is not free of charge. It is also unable to work between normal people everywhere. The latter could be fixed with a standard which works with different payment systems. The free of charge thing is most likely not fixable if the whole thing is not state or central bank driven. The biggest problem is, however, the limited battery power. With no electricity the thing is worthless. If it is used for train/plane tickets, no electricity means no ticket. For payment apps, it means no money.
In addition, present solution work good enough and the benefit of app based payment is not that big.
Germany. And, OK, technically it was a "Cheque Guarantee Card" for the Euro-cheque back then, that also was usable as an ATM card when they stared to put up the first more widely adopted ATMs around 1981/1982.
"If everybody is always carrying around a powerful computer in their pockets, it's natural to consider loading payment information onto that secure device as an alternative to cash or plastic cards."
Sounds very interesting. When are people going to be able to buy these "secure, powerful computers" to carry around in their pockets? Wait... they aren't saying current phones are secure... are they?
Do you really think they're going to switch off of that for something even less secure than a standard CC? Sorry but I bought a 2800 dollar laptop with my CC that has no signature on the back and no PIN without the blink of an eye while I can't "charge" $5.56 worth of coffee and pastry to my Starbucks app without my PIN. Which one is less secure again?
The one that's not wifi or cellular connected. Duh.
No, no, you're not thinking; you're just being logical. --Niels Bohr
I agree that it's a solution in search of a problem. But the CC companies don't need to switch off of chip-and-pin to support mobile wallets. Have you noticed that you can tap a chipped credit card against the new generation of POS devices to pay? If you can do that, you can tap an NFC phone as well. Ever noticed how the chip in your credit card looks a lot like a SIM? Not a coincidence, it's the same underlying Smart Card tech.
And about the malicious entities, this really isn't as big a problem as what your picturing. A wallet app is really just a UI. All the meat goes into your Secure Element. Your card info gets put in remotely by a trusted authority, and is read directly off the chip by a POS. Apps on your phone don't have access to it.
Very good. And when my phone is remotely hacked, all my info is in the hands of thieves and I won't even know it. If you want my cash, you'll have to take it out of my pocket. Also, when I want to purchase things anonymously, how exactly do I do that with my phone?
No, no, you're not thinking; you're just being logical. --Niels Bohr
It is no surpise that google wallet is not popular, it is just another one of their half-baked attempts that they might abandon at any time. A solution that would inspire trust would have to come from existing processors (VISA, MC, etc). As the USA will now be transitioning to chip+pin, it is the perfect time to standardize these "new" methods.
I liked the suggestion given above by bberens. Well thought out, simple, and logical. The payee does not have to trust the merchants equipment. But, smartphones have the ability to implement several different methods. A merchant could allow different ones as they wish. A users mobile could run many different payment apps, so the user can choose what they and the merchant agree on. Really all that has to happen, is VISA make an app and call it eVISA. Within 2 years the "payment problem" will be fixed.
Rapid Price Changes are part of a infantile system. As the system matures, and becomes wider spread, pricing will stabilize.
IF it matures
AND IF it becomes wide spread.
Although almost half (48%) of American adults now know what Bitcoin is, just 13% say they would choose to invest in it over gold, according to a new Harris Interactive poll on behalf of Yodlee, a financial software firm.
The poll was conducted in December 2013 among 2,039 adults ages 18 and older.
Support for the digital currency was strongest among younger respondents:
20% of 18-34 year-olds who know what Bitcoin is said they would choose to invest in Bitcoin over gold.
Thirty-nine percent were not in favor of any government being able to regulate Bitcoin, compared with 28% among 45-54 and 24% among 55-year-olds and older.
Other findings:
55% of Westerners said they'd heard of Bitcoin, but just 7% said they'd choose it over gold, the lowest in any region.
Only 35% of women across the country have heard of Bitcoin, compared with 63% of men. Only 10% of women said they'd choose Bitcoin over gold.
The Northeast is America's most pro-Bitcoin region, with 19% saying they'd choose the digital currency over gold. 51% said they'd heard of it.
13% Of Americans Would Choose Bitcoin Over Gold
The gender gap in the states --- more like a chasm, really --- is the one big surprise here. Not that it exists. But that it is so large.
um, so you think NFC with pin is somehow less secure than... NFC with pin?
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
"Oh sorry you'll have to send me more money, the value of this cryptocurrency dropped 20% in the 5 seconds it took to process the transaction."
That is a solved problem, some exchanges offer merchant services where the exchange does the conversion and bitcoin transfer and pays the merchant after coin transfer confirmation. The amount credited to the merchant is exactly the amount the merchant specified at the start of the process. At the end of the day the total credited to the merchant is transferred to the merchant's bank account. The merchant never touches a bitcoin, it bills, receives and does all of its accounting in dollars.
I get sick of joining a checkout queue with my purchase in one hand and the correct change in the other, then having to wait forever while people ahead of me shuffle stacks of credit cards, wait for a pathetically slow electronic transaction, then fumble their cards back into their wallets. Cash is best, and NFC is probably the best alternative, as the women and kids would only have to pull their phones from their ears, which is much quicker than fumbling stacks of plastic.
paleoflatus
This is what is used in London (Oyster), at least for public transport. No change required, but no issue with battery life.
I'm pretty sure oyster is only for public transport.
Contactless debit has got very common this year.
Which brings us to one of the problems with contactless cards. When you are carrying exactly one contactless card that will work for a given system it's great, you can just slam your wallet on the reader and go.
But if you are carrying more than one that doesn't work so well. Sometimes it sees both and refuses to continue, sometimes it sees the wrong one first resulting in unexpected charges.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
um, so you think NFC with pin is somehow less secure than... NFC with pin?
Yes. When NFC with PIN isn't on a device connected to cellular and/or WiFi networks. Or did you forget about that?
No, no, you're not thinking; you're just being logical. --Niels Bohr
I think the problem is the USA has a fairly cheap and good credit card system. In the USA merchants, with a few exceptions pay 1.4-4% with most in the 1.8-2.5% range. The customer generally gets about 1% of that or more in incentives. Which means there is only about 1% to play with for the merchant to cut costs or raise services. That probably isn't enough of a margin. There are areas where credit card fees are very high (adult services, gambling) but the reason fees are high is that these are impulse purchases which people often regret buying after the fact. There are also areas where untraceability is desired (i.e. in place of cash), but most merchants just take cash for those customers.
I'm not sure how you make a wildly used system with margins so thin on credit cards. Something about the USA system has to get worse. I suspect if there is ever going to be a mobile pay system it is going to be brought out by AMEX, VISA, MasterCard, Discover... as a adjunct form of card and nothing more. Just a fast or secure way to use your card. Other than that I just don't see a niche that justifies it.
I guess we are stuck with immobile wallets then.
If Square is going away, what else exists that allows a person to easily accept credit card transactions, anywhere, for all major types of cards?
File under 'M' for 'Manic ranting'
Also: TFA verbed 'onboard'.
Caveat Emptor is not a business model.
I trust the security of my phone over my card. So fuck you, bitch.
Assuming this is to "replace" my cards and/or cash, why would I want something where, if the batteries are dead, I can't buy anything?
A woman is usually carrying a purse, if it's a man he's typically carrying a wallet for other things anyway, so not much of a win there.
Why give hackers yet another way to steal my money?
Why give the feds/megacorps yet another way to track me and my spending?
WTF is wrong with cash? These days I'm a lot more likely to have my credit cards/bank account hacked than to be mugged for my bills, and money just doesn't weigh that much.
Risk management, cost benefit analysis means no way in hell would I sign up for this. I can't think of any possible improvements that would change this, short of a bona fide, anonymous, non-battery-powered credstick.
Love, Squeedle
Understood, I'm dealing with a non-competent-thinker/emotional-reactionist.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
So it has nothing to do with me not wanting to trust one lick of financial data to a device which is repeatedly proven to have massive and fundamental security holes? And nothing to do with the fact that 90% of the population would just as soon leave money in a nicely-ordered pile outside their door rather than give up their wallet in favor of something - anything - mobile.
The wallet isn't "ripe for disruption." That term refers to something which doesn't work, and can be done better with new technology. A digital wallet gives me zero net advantages.
No, but keep telling yourself your business failed because of "entrenched interests". I'm sure that feels better.
I trust the security of my phone over my card. So fuck you, bitch.
How sweet you are. Did your mother teach you that? Or hasn't she gotten to that part yet? What are you, 14?
No, no, you're not thinking; you're just being logical. --Niels Bohr
ah, so you don't know how it works so your first response is to bury your head in the sand.
Understood, I'm dealing with a non-competent-thinker/emotional-reactionist.
I understand the difference between Near-Field Communications (NFC), cellular and IEEE 802.11 protocols. I guess you're being deliberately obtuse here? Whatever. You can disagree with me if you like. It's no skin off my nose. Good luck with that.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Why can't you just admit you don't know how it's implemented and that the wifi in this case is inconsequential?
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
I salute you! It's eccentric and impractical, but truly you are a singular and unique creature! Practicality be damned!
Dogecoin.
And what do protocols have to do with implementations???
Why can't you just admit you don't know how it's implemented and that the wifi in this case is inconsequential?
Specifics as to the software implementation of one or more minimally used or tested e-wallet apps? You're right, I don't know the specifics, nor have I reviewed any code.
However, any network connectivity opens vectors to hack the device. Regardless of any secure storage (on the SIM or elsewhere) or OS restrictions on access, network connectivity opens the possibility that the phone can be pwned. Once the phone is compromised, all bets are off and it's possible that an e-wallet can be compromised.
I know. Smartphones have no vulnerabilities. Nor will there ever be any vulnerabilities. Please. You keep telling yourself that.
Since you know so much about this (clearly much more than someone you've never met and whose knowledge and experience you have no information about), please explain how you *know* that there are no vulnerabilities or malware on *any* smartphones that might compromise the data in one of many different e-wallet apps. Also, please explain how you *know* that there will *never* be such vulnerabilities or malware. I'm an empiricist. I have an open mind. Convince me. Better yet, show me where, when and by whom all e-wallet app code, APIs, and general security of smartphones have been evaluated and certified.
If you want my money, you'll have to reach into my pocket to take it. If you want my CC info, you could, presumably, use a device to read the NFC chip on a card in my pocket, but you'd need to be in close proximity to do so. That negates any remote exploit.
So. I'll say it again. I guess you're being deliberately obtuse.
Or perhaps I'm overly paranoid. Then again, I know there are folks out there that want to steal my (and anyone else's they can) financial information. Sigh.
No, no, you're not thinking; you're just being logical. --Niels Bohr
And I'm not kidding, either.
Look, Android 4.3 and later and Windows Phone 7 and later support NFC, and many Android and Windows Phone-based cellphones built since 2011 have NFC built in.
The lone--but significant--holdout is Apple. Apple thinks it has a better solution using Bluetooth 4.0 (LE), but there are two problems: 1) nobody has built a point-of-sale terminal that uses Bluetooth 4.0 for mobile payment systems, and 2) the range of Bluetooth 4.0 makes it a potential security risk compared to the circa 30 to 40 mm range of NFC.
I believe at the prodding of NTT DoCoMo and South Korean cellphone carriers, there is a chance we may see the iPhone 6 models finally offer NFC, since NFC point-of-sale terminals are common in Japan and South Korea. If Apple were to include NFC for the first time on the iPhone 6, it would clean up the Japanese and South Korean markets literally in a blink of an eye.
And what do protocols have to do with implementations???
You know, I just went back and read your post again. Are you serious? Do you even know what a protocol is? As I said, I'm not intimately familiar with payment systems technology, but I know enough to say that there are at least two protocols which must be adhered to by any implementation of a contactless payment processing system for the elements to communicate: some sort of communication protocol so that payment information can be transmitted/received, and the format of the payment information itself. It wouldn't surprise me if there were others that were required as well.
Sigh. I guess you took that plunge from remaining silent to removing all doubt, friend.
No, no, you're not thinking; you're just being logical. --Niels Bohr
btw, I know you don't know anything because of the stupidity you are spouting. It's the general way any knowledgable person can spot the ignorant. I don't like to hand out information because babies with silver spoons in their mouths...
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
And in the future, if you're going to link to a definition, link to a definition that is specific to what you're talking about.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
I gotta carry my regular wallet anyway.
This e-wallet stuff is not their main source of revenue.
Square is advertising on TV about how one pays with a credit card, using the plain old magnetic strip, using a card reader that plugs into the mic socket of a mobile phone.
Here is how it works.
Also, they are opening an office in Kitchener, Ontario, within the Kitchener Waterloo technology hub.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
sdfsdf
Yeah, you're just overly paranoid. Go take a look at how it works.
btw, I know you don't know anything because of the stupidity you are spouting. It's the general way any knowledgable person can spot the ignorant. I don't like to hand out information because babies with silver spoons in their mouths...
Really? Rather than engage, you resort to ad hominem and ad ignorantium attacks? Smooth. I'm so impressed.
Have a great day!
No, no, you're not thinking; you're just being logical. --Niels Bohr
Put your ego aside so you can realize your stupidity.
Don't complain about syntax, grammar, or spelling. There is no.hell like input on android.
That's how they started in Japan and are still available that way. The basic system is Sony's Felica
http://www.sony.net/Products/felica/
The chips were added to phones around 2006 so you could just swipe your phone instead of your card. The advantage to the phone version (1) no separate card needed (2) can add funds on the phone, no need to go to a machine. Now-a-days tyhey're integrated into Japanese made Android handsets but of course not the non-Japanese made ones nor the iPhone.
Many Japanese laptops have readers. My 2006 Vaio has a reader. I can also add funds through it.
Oh, and there is no issue with battery life. The chip in the phones in Japan is the same chip that's in the card. A dead battery doesn't affect your ability to use the phone to pay.
I've always been curious if they can reproduce the NFC style wallets in Japan (Asia?) in the USA.
Here in Japan the train companies have NFC cards. The cards act mostly as cash. You put money on the card itself. I don't know exactly how the accounting works but AFAIK there's no server being contacted when you make a purchase. The system some how instantly deducts the money from your card and updates your history on the card.
This makes them super convenient unlike stuff like Square Wallet or even Google Wallet. You tap the card/phone on the machine and you've paid in under 1 second. No need to press anything, type any passwords, nothing.
The chips were later added to feature cell phones around 2006 so you could tap your phone instead of a card. You can also add more cash on them from your phone. Some Japan only Android phones also have them. Of course iPhone does not.
Trains, busses, many taxis, vending machines, convenience stores, some restaurants have the readers next to their registers.
Transactions are stored on the card and many laptops in Japan have built-in readers. My 2006 Vaio did. Touch your card to some spot on the surface of the laptop and get instant expense report for work/taxes. You can add credit to the cards on your laptop as well.
I have no idea how they prevent fraud given they can be updated locally (filling them with money without going through the proper channels). As for theft, scanning people as they walk by, they do seem to need to be within 1cm or so to read/update. I haven't looked into it though. On the other hand they aren't tied to any other money meaning they're basically like carrying cash. If you lose it all you lost is your money on the card and your purchase history. There's no "account" and it's not connected to any bank or credit card so the damage is minimized.
I have no idea if those would go over anywhere in the USA except maybe NYC, Chicago, SF. They arguably work in Japan because so many people commute so even if you never purchase anything they're super convenient for commuting (no need to buy tickets). Once you have one they end up being convenient for other things.
At the same time, I don't see anything less ever taking off in the USA. Google Wallet etc aren't more convenient than credit cards. Felica cards are.
http://www.sony.net/Products/felica/
I realize I think in SF the Clipper card and in London the Oyster cards are the same tech? But I don't think either can be used for anything other than trains/busses.
Also the chips don't need batteries so even if your phone battery dies you can still pay with the chip in your phone.
People don't like the concept of electronic cash because it's
1) traceable
b) eraseable
c) stealable.
In the case of SVC (Stored Value Cards) like those being used for transit, the fact that the transit network is controlling it and the value itself isn't really in the card but in the infrastructure supporting the card, doesn't help you if you leave the transit area. They're much akin to a gift card to your local grocery store that you can't use at Walmart.
However this fragmentation of SVC's may actually be beneficial in the short term, as it will weed out insecure and ineffective alternatives to cash.
But ultimately the problem comes back to how value is initially stored on the cards. Magstripe/NFC can't "store" anything since that makes it erasable and stealable. Chip cards are too slow to use for anything you would normally sign a contract for (eg electronics purchases like computers) this makes the only viable middle-ground to have the payment device be computer software.
But we've been trying this since the early 2000's and nothing has EVER taken off, and those that started to, were quickly overrun with scams (Text messaging/subscriptions was the closest thing we ever got to it, and the mobile phone companies were complicit with the premium text fraud, much like the 1-900 number fraud before it with landlines.)
Where I think there is a possibility of deflecting fraud is by using the transit system as -the- payment network, but it would require all the cards to support two-tiers. One being the "local" transit support tier which just tags access to charge against the stored value, and the second tier which directly accesses that stored value that works with existing PayPass NFC terminals. The final step in this is moving the "PIN" part of chip+pin to NFC+password to a computer device that the user has on them. So if I wave my NFC stored value card, or my NFC enabled cell phone over the NFC payment terminal, the device will receive a "verification" push notification to either "always allow, allow once, prohibit once, prohibit always", so that the Stored value card will always work unless prohibited.
Right now the problem is that NFC cards are equal to "always allow" while Chip+Pin cards are equal to "allow once", which makes using chip+pin super slow for things like transit, vending machines, and ATM's.
Like the reason mobile wallets have to fail is because the mobile carriers attempt at vertical integration with it, quite frankly was a cash grab and nobody should ever trust their mobile carrier (or their broadband provider) to provide any service other than internet access. Square had a bit of a lead while the US payment processors were dragging their heels on adopting chip+pin, but now they're going to lose that lead unless they come out with a combo swipe,NFC,chip+pin device. Magstripe readers are cheap because they send analog signals to the device's external microphone input. This only works in the US. The rest-of-the-world adopts NFC and Chip+pin.
It's quite funny really, because usually the innovations start in the US, but are adopted by Europe or Canada a decade before they ever gain any traction, if any, in the US. The US's lack of movement on the chip+pin is a lot like the inertia for switching to Metric.
heh, Even if you only have one, it will fail from time to time.
I have 3 chip cards in my wallet. Only one has NFC. When I renew my drivers license that will make 2 NFC cards.
The problem, really is that the NFC chip will "burn out" or fail to change the nonce once in a while. I use my NFC credit card for every transaction possible, so right now that means the transit system and some of the asian grocery stores don't have it, but they do have chip+pin.
I somehow managed to kill my first NFC card, I had the bank send me a new one a year before it expired, so they renewed it early. This is one current problem with chip/nfc cards, the fact that if it's damanged, the card is unusable except if you go somewhere that has the old "charge card" mechanical carbon paper system somewhere. The amount of times this has happened to me is like, exactly twice. Once with a taxi.
The EU is currently working on regulating payment systems, and there is still an option that they will force easy (well easier) access to new players to the market.
You'd lose all your money. Doge coins are going to win. So money. Much win.
As for purchasing anonymously, you can't do that with your credit card either. Yet credit cards remain pretty popular.
With the upcoming switch to chip+PIN credit cards we're finally going to have widespread deployment of NFC readers. That may give us the necessary critical mass for mobile wallets to take off.in the US - phone+PIN should be an appealing alternative to card+PIN since the phone is usually closer at hand.
Since you know so much about this (clearly much more than someone you've never met and whose knowledge and experience you have no information about), please explain how you *know* that there are no vulnerabilities or malware on *any* smartphones that might compromise the data in one of many different e-wallet apps. Also, please explain how you *know* that there will *never* be such vulnerabilities or malware. I'm an empiricist. I have an open mind. Convince me. Better yet, show me where, when and by whom all e-wallet app code, APIs, and general security of smartphones have been evaluated and certified [wikipedia.org].
In principle, I agree with you, but I would probably agree with you a lot more if you were weighing a secure system against a semi-secure system. As we have seen, however, the CC system is -extremely- insecure, and it is very, very easy for your credit card info to find its ways into the wrong hand. Unscrupulous store employees who install skimmers on CC swipers, online retailers who store CC information in an insecure manner (and you'll never know if they do until they get hacked). Maybe you just used your credit card at Target last year. I just got a free year's worth of credit card monitoring because of all the hacks and exploited flaws last year.
I don't see how the phone wallet would be worse.
Since you know so much about this (clearly much more than someone you've never met and whose knowledge and experience you have no information about), please explain how you *know* that there are no vulnerabilities or malware on *any* smartphones that might compromise the data in one of many different e-wallet apps. Also, please explain how you *know* that there will *never* be such vulnerabilities or malware. I'm an empiricist. I have an open mind. Convince me. Better yet, show me where, when and by whom all e-wallet app code, APIs, and general security of smartphones have been evaluated and certified [wikipedia.org].
In principle, I agree with you, but I would probably agree with you a lot more if you were weighing a secure system against a semi-secure system. As we have seen, however, the CC system is -extremely- insecure, and it is very, very easy for your credit card info to find its ways into the wrong hand. Unscrupulous store employees who install skimmers on CC swipers, online retailers who store CC information in an insecure manner (and you'll never know if they do until they get hacked). Maybe you just used your credit card at Target last year. I just got a free year's worth of credit card monitoring because of all the hacks and exploited flaws last year.
I don't see how the phone wallet would be worse.
You're absolutely correct. I never said that the current CC system was secure.
I was merely pointing out that, as is good infosec practice, if you expose something to the internet (as most smartphones are), you should expect it to get hacked at some point (e.g., the probability is non-zero). One poster pointed out that secure certificates protect your data, which is stored in a "secure" storage area on your phone. That may well be true. And since no certificate authority has ever been hacked (Oh wait, that's happened multiple times), there's nothing to worry about.
Also, it's interesting to me that some folks might think and assert that something is secure, without any objective analysis -- especially since there are well-defined and standardized mechanisms for such analysis. IMHO, claims that something is secure, if unsupported by independent analysis, are ill-informed opinions.
I don't question the potential convenience, or even the (relative) security offered by e-wallets, I'm just skeptical of the security claims and the (unstated) motives of those who champion e-wallets.
No, no, you're not thinking; you're just being logical. --Niels Bohr
In Tokyo, I use my Suica card, which is nominally issued for use on JR (Japan Railways) public transportation. But because so many people have that card and other similar cards, their use has been extended to convenience stores, coffee shops etc. I kind of like the idea that it isn't a credit card, and the fact that it is separate from my phone. People in the U.S. (even tech people) forget that public transportation is such an important aspect of people's lives that methods have organically evolved.
The US population has resisted electronic wallets. I think there's a few reasons: Loosing the damn phone, or having it stolen. Getting hacked. (Shall we have another interesting Win XP SP2 era about passwords?) And a reason I haven't heard mentioned, but applies to any credit transaction: It's too damn easy to spend your way into debt. Especially at 28% interest, I think more and more people have learned (the hard way) to cut it off, or scale it back. Even debit transactions (and cryptocurrencies would fall in this category) are something people have found are a way of blowing money way to easily. Paper checks are on the way out...or are they? (Haven't seen any numbers on this.) But writing a paper check is more involved (writing involves muscles and takes longer), especially if you enter the amount into a register where you have your balance staring at you. None of the mobile payment methods I've seen instantly shows you how much your assets have decreased, or your liabilities have increased. I probably just gave someone the beginnings of a billion-dollar idea. Remember me when the IPO comes time. :)