I insist on ALL my credit and debit cards being NON-CONTACTLESS. The fact that you are advised to keep contactless cards in a faraday cage wallet or crisp packet, says it all.
What I do use is Apple pay through the Apple watch. Why ? Because you have to physically press a button twice to enable a payment, whereas any other method can just scam you over NFC.
Haven't tried Google Pay.. I am hardly in the UK nowadays, so the preferred method for paying by phone is often sonething else but..Originally Posted by watercooled
1. If you need to use a password, then isn't chip and pin a bit quicker and easier (or at the very least the same)? I imagine that if you are paying a phone, you need to first unlock the screen, which takes roughly the same amount of time to type a pin, and perhaps have other steps to authorise the transaction via the app?
2. Having tried two digital wallets / digital prepay CC, I found that they work on my rooted phones. And while I recognise that a Windows PC is more likely to be targeted by malware etc. I do fiddle more with my personal phone (as opposed to my workphone which is very barebone, unrooted etc.) nowadays.
I prefer card to cash, but also chip & pin vs touch and go. The later is very convenient, but I can live with the slight inconvenience of a layer of security.
On a side note.. I am now in a place where pay are still often given / received in cash. And at the end of the month, banks often run out of the largest denomination because many companies withdraw them to pay their employees. Both last month and this month, I ended up having to pay my employees largely in bills worth under 5 quid.
That means that over the next few days I am going to have to count thousands of (hazardous looking) notes. Not very thrilled.
(I have requested a bill counter and still waiting for one, but I question how well they will cope with half rotten notes)
I do have a slight problem with contactless cards - having gone to the trouble of developing chip and pin, the next stage to undermine it with completely insecure contactless (apart from the £30 limit and whatever algorithm the banks use to detect suspicious activity).
However I have less problem using a phone for contactless payments as it is authenticated at the minimum by a passcode, if not some form of biometric method (although some of those have a dubious reputation.)
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Personally I love trying to pay for that £4.49 widget with the change in my back pocket only to find after some scrabbling around that I only have £4.45 so I have to pay for the item with a £10 note as that is all I have, to get an apology from the shop keeper as he is out of £5 notes and has to give me the change in £1 coins and coppers. Always makes my day.
If I do have to use cash, I take the irritating shrapnel out of my pocket before it wears yet another hole in a decent pair of jeans and dump it in a bag in my bedroom. Occasionally I get a few items from the supermarket like bread and milk that only add up to a few quid and use the opportunity to go to a self checkout where you can pour all the stupid change into a hopper where the machine counts it and makes it go away.
We have a local chippy that is cash only, I think that is my main reason for carrying cash these days.
That, unfortunately, is very likely to be true, and we're on the cusp of it now. There are currently a number of fairly substantial trials underway, not least by some major urban areas (like Kings Cross) and, of course, the police.
To my mind, most of the issues around this centre on, in tne case of the state, quite how it's implemented, and in tne case of retailers, genuine informed consent .... which currently is utterly lacking.
By "how it's implenented" by the state, I mostly mean what data they are using, where they get it, and how long they retain 'non-hits' for. For example :-
1) Running facial-rec at large public events, like concerts, footy matches, publuc meetings, and matching against known offenders = fair use, IMHO.
2) But, after doing 1) above, if everybody's records are then retained indefinitely and used for future facial matches, and location-tracking, well that is grossly intrusive.
There are times when the state has good justification for logging, and retaining, who does what, and when. A good example would be entering and leaving the country. We (UK) are generally pretty lousy at that, and need to buck our ideas up, big-time. Facial-rec could be, and no doubt will be, a big part of that. The US, on the other hand, are experts at it as evidenced by the transaction levels going into and out of the FBI-managed NCIC in, where?? West Virginia, IIRC. And access to that NCIC datacentre is available to varying extents, to poluce and federal agencies all over the country. It already includes digital fingerprints and mug-shots (of offenders) though even managing current transaction kevels is ..... ummm .... challenging. It's not hard to see that extending to facial-rec data .... if it hasn't already.
But the justification for retailers to track customers, and the privacy implications, of that are far less clear-cut, and the wails of the privacy lobby are finally starting to get serious echoes among parliamentarians and legislators. This is one area where Brexit might end up biting fans like me in delicate places, thereby making sitting down uncomfortable.
As for what we can do about it? Dunno. Employ personal shoppers. A kind a facial-rec anonymous VPN?
I remember reading about facial recognition boarding passes for aircraft. Now that *could* be done in a totally non invasive way using biometrics stored in your passport and nowhere else, but details were utterly lacking so I suspect it wasn't.
Hmm.... so plastic bank notes embedded with biometric thumbprint scanners, so they can follow the note out the door, down the street, around the country, into your hand, through the hands of that pimp to the hands of his drug dealer, up the chain of supply to the regional Kingpin, then into the hands of his mum (Mrs Miggins at No. 14) when he pays her his rent, and via the milkman all the way back to the government offices again....
Well, we'll know to watch out, when banknotes become plasticised...
_______________________________________________________________________
Strawb77 (28-08-2019)
Fingerprint works too. Arguably there's little advantage if you already have a card with you though. The popularity of contactless card payments shows people are happy to save a few seconds typing a PIN, so I guess having your phone unlocked and ready to go could be more time efficient than typing a PIN on a card terminal. Down to personal preference I guess.
For me though, it's more an alternative to a card rather than a replacement - I rarely, if ever, use my phone to pay when I have my wallet with me.
Interesting, I wonder what their security architecture is like. Having a phone rooted (depending on configuration, permissions, etc, but root tends to be more of a bodge than a well thought-through security system, pretty much universally to the point I think it's generally ill-advised unless you really, really need something to have root access, and even then I'd suggest doing it on another phone, but that's another topic) theoretically allows unprivileged applications to access sensitive information, depending on how the application is implemented. There are ways around it but it's troublesome to the point that many first-party banking applications and DRM platforms simply will not run on rooted phones, it's just not worth the risk.
WRT malware, it's not that Windows is more likely to be targeted, in fact Android's user base is larger and arguably more attractive now, but aside from unpatched exploits, it should theoretically be much harder for simple user-installed malware to access secure information from other applications, capture keyboard strokes, etc. Windows does have some strong safeguards provided it's used correctly, but it allows the user the ability to make poor security decisions by presenting UAC prompts for dodgy applications which really shouldn't be requiring such permissions. Elevated permissions are simply not possible on an unrooted Android phone, exploits aside. The pros and cons of both approaches are open to debate, of course.
Banks and content providers seem to think so anyway, given they'll allow persistent app logins on mobile but not on PC/browser, and some streaming providers allow higher-resolution content on mobile vs PC web browsers.
That's because, in effect, Windows is already rooted! It also takes quite a lot of effort to control what goes into and out of a Windows machine, to the point that very, very few people have that sort of control, even those who believe they do. MS gather data, keystrokes, searches etc. in much the same way as the others. Sure they may have more options to control but few people change from defaults, and for the most part there still isn't an *off* button on standard versions.
Also security != privacy. They often go hand-in-hand but are separate concerns. Google might be interested in your shopping habits for marketing purposes, but I doubt they're interested in stealing your banking details. I think what people are really describing here, for the most part, are privacy concerns rather than security ones. At least, it's a little hard to make the security argument when one already does online banking on a PC.
I'm no expert when it comes to security architectures (in fairness very few people are) but I'd be interested if anyone could chime in with more detail!
yes i use contactless most days. i cant wait for fingerprint activated contactless.
Even then you have to consider the massive false-positive rate.
Yes. I use contactless nearly all the time (within limit of course). So much so that when in Tesco a few weeks ago and my spend was over 30 i couldn't for life of me remember my chip and pin no. embarrassing but cashier was kind enough to split shopping. I am still uncertain of usins NFC but thats because i'm an old fart.
Well, if you borrow a page from East Asia, you -could- wear a surgical mask in public (not usually done to throw off facial recognition.. though protesters in HK do use it partly as such in recent protests). Until cameras get so good at locking into more specific features (e.g. iris, though that can be solved with a pair of sunglasses) you are good for the forseeable future.
Unless they outlaw or ban any kind of face covers in shops..
Truth to be said, when I am in the UK, I do use contactless since it is available. I haven't gone in any length to ask for a non-contactless card t even ask if my bank even provides one. BUT, if the bank hadn't provided me with one, I wouldn't go out of my way to ask for one either. Could it be that people are using the feature because it's just there (pretty much pushed by the banks in the UK) and more indeed convenient, rather than really preferring the convenience over the security of chip and pin?The popularity of contactless card payments shows people are happy to save a few seconds typing a PIN, so I guess having your phone unlocked and ready to go could be more time efficient than typing a PIN on a card terminal. Down to personal preference I guess.
The conveniency is great.. as long as you never have your card lost or stolen. Which -should- ideally never happen. But in the off chance that it happens even once, and the person go a micro-transaction shopping spree.. the cost in lost time and stress alone (let alone the financial cost) may well offset a lifetime of typing a pin each time.
Last edited by TooNice; 27-08-2019 at 08:57 PM.
Only safe payment through a machine that's online. Small Payments that contactless are made are still not safe.
Privacy is one aspect of a security arcitecture.
The others are
Non-repudiation (if you make (for example) a transaction, you cannot subsequently deny it was you.)
Integrity of data (for example when you make a payment of (say) £5, that is the transaction that is processed)
Authenticity of a transaction - that it was you )and only you) that could make it.
These pilkars are interdependent (Athenticity and non-repudiation overlap) and the emphasison each depends on the use case, but generally speaking, those 4 items go into a secure system.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Only carry a debit card and rarely ever use it.
CASH IS KING for budgeting - you can actually physically see how little you have left to spend!
Banks want you to move away from cash because they make more money and they get data on people's spending.
Governments want you to not use cash for a couple of reasons.
!/ no more cash discounts by people like tradesmen how then pocket it and don't pay tax.
2/ they can get more data on people's spending which can be used not only by the tax department, but by other departments as well.
And you put it well in your first sentence - "just how easy it had become to spend smaller amounts of money for everyday items." That is exactly what they want you to do, find it easy.
Budgeting is hard and with marketing the way it is now (buy it now, be the first, don't be left behind - common marketing phrases), too many people are impulse buying or buying to keep up with trends and fashion.
As I am a disabled pensioner on a meagre allowance, I have to budget carefully. I only put the cash in my wallet that I can afford and save up for things I cannot). I have not been in debt for over 30 years!
I still do things the old fashioned way - resist impulse buying, do without when I cannot afford it now, and save up for things I want or need. Ok, I have problems at times like when I was burgled a little while ago. Fortunately, I have good friends and relatives who loaned or gave me a few things to get by until I can afford to replace them. Two things I still miss most are my big screen TV and my gaming setup - using a borrowed old 32" TV (and as a PC monitor) and a borrowed NUC still. One day I will have enough to replace these.
Using a debit card is the most common here (Netherlands). About 250 million out of the 6 billion of these 'pin' (= debit card) transactions a month are done contactless. I personally hardly use cash anymore and I do most transactions contactless. Mainly because it's so fast and easy. There's no real risk to using contactless either, as misuse will be reimbursed by the bank. Besides I don't even own a creditcard, which is only a problem when ordering from certain Amazon sites (looking at you Amazon UK).
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote