Community

The oportunity is there now with the on-line banking 'readers' being distributed (see thread https://www.finextra.com/blogs/fullblog.aspx?blogid=2439). Many have a challenge and response function: Insert card, key in challenge from call centre, tell them the response, they key the response in an verify who you are - job done.

One word - MARKETING. Yes you could have one reader and that would work for a number of cards (the banks agreed a standard method so they would). But each bank wants to publicise it's doing something about security and wants their brand to be 'front of wallet' when it comes to using on-line security.

Rodger,

Receipts - the scheme rules say you have to have one if you ask for it. A contactless transaction will not 'normally' from a standalone terminal give a reciept but all yo have to do is ask and you may even still have the EPoS system reciept as well. So if you want a receipt per transaction you're covered.

Statements - A contactless transaction is like any other Debit or Credit card transaction and will result in an entry on your statement. The number of entries will depend on how often you chose to use your card instead of cash - just like today really. Yes this may mean that there may be more entries in the future because you have chosen to use a card instead of cash and the industry is looking at transaction aggrigation so that the news agent you buy your week day paper from can submit one transaction for the week and report it on the statement as 5 transactions at 45 pence £4.05.

Remote 'Stealing' from cards - this is not an electronic wallet so there is no 'value' on the card. The only option for the fraudster with his back pack of batteries an big aerial to generate enough RF power to activate the card from a distance will have to launder the transaction through a colusive merchant - the business case for the fraudster (effort vs return) is not good. If the paranoia sets in [just because you are paranoid doesn't mean they aren't out to get you] you can always buy one of the mini Faraday cages to put your card in that stop them working contactlessly. When the 'card' can be 'loaded' into your mobile phone there will be the added advantage that the 'contactless application' can be switched of until you decided to turn it on to make a payment.

Getting rid of cash - it will be a long time before cash disappears [if ever] but this allows the card payment process to move into lower value transactions and to make them faster, being able to always have the right money for the 'pay and display' and to get a Starbucks [other coffee shops are available] without first having to go to the ATM.

Nick

Stephen,

I'm glad someone has said it and you put it so much better than I could.

Dean,

You must accept that there is no silver bullet for combating fraud you can only take a layered approach. Mobile technology may have a part to play but it is not THE answer. The usability of your product is where it will succeed or fail and like Stephen I have no idea what the process is [you don't say or even give a clue on your website] but a large UK retailer has a simple formula for testing a new technology "every second it adds to the checkout time costs £1 million per annum". Chip and PIN actually saves them time [don't have to count money or make change] and as far as they were concerned it paid for itself – fighting fraud and saving money a retailers dream. If your product adds time to the point of sale it won't meet with retailers' needs because they don't see card fraud as their problem to solve.

Perhaps you should hook up with Marite Ferrero because she also [from her posts] has THE answer to faud and it doesn't involve mobile phones. You can't both be right or is it that neither of you are.

Nick Green

Marite, I think one of the things you have missed is that by using either the Gemalto device or the IBM USB device and an IC payment card you can access more than one online service i.e. several credit card issuers and or several on-line banking services. With an RSA securid you can only access one.

I think perhaps you should think about changing your card issuer. A good issuer closes a card number but keeps the account open. You may loose some transaction history but that is because it should have gone to the fraud department to manage and track back on fraud activity. A good implementation of Verified by Visa or MasterCard Secure Code should only ask for parts of your password.

Show your displeasure by moving your business elsewhere or ring and use the 'magic word' - "I wish to complain".

Stephen, It's good to see someone talking sense for once. So often when these items of news appear the systems is always "doomed to failure because it is fatally broken" and technology solutions are punted forward as the answer to everything fraud related. As you correctly state the current model still works and combating fraud has always been an ongoing battle and what is needed is a layered approach there is no silver bullet. The reason for Chip and PIN card was to combat Lost, Stolen and Intecept fraud - and it has. The industry knew the fraud would move elsewhere, it always has, and also recognises errors of judgment were made in some elements of implementation but these are being closed down. It is difficult to reap all the benefits of locking the front door when the backdoor of the US magstripe environment is still wide open. We have to tackle these frauds as they arrive and burdening the consumer with additional technology, like SMS per transaction, isn't the way.

Paul,

The magic words are "I would like to complain" this forces the caller to invoke the complaints proceedure. It's only when enough people register compalints that anything will change, Don't get angry - get even!