Security worries could hamper take-up of Paym P2P m-payments

That's funny. There is no Paym as such, it's a "red herring" -consumers will still be paying in exactly the same way as before. Hence, nothing changes, in a material way, from the security point of view. All Paym does (for now) is simplifies the payments process: use a mobile number instead of sort code and bank a/c.

On the practical note, there is a small inconvenience factor there: one can link his/her mobile phone number to just one bank account. Other than that, it's "business as usual" and (consumer confusion as usual too...)

Interesting. I wonder how many of those surveyed were users on Barclays Pingit which has been very successful but stalled a little for non-Barclays customers because of the KYC requirements to join.

I wonder how many of these Apps has been verified as having strong security against on device malware ... indications to date show many have weak security in this area

I think I would be happy for friends and relatives to send money to my mobile number, as they already have it, but I would rather a stranger had my sort code and account number.

If a stranger has your sort code and account number they can defraud you. Remember what happened to Jeremy Clarkson when he published his details in the SUN and challenged anyone to nick his cash. On the other hand, if someone steals your phone and uses it to send cash to themselves, the whole transaction can be traced immediately - there is no way you'd not be able to get your money back, and the thief would in all probability would be caught, since their own bank details are part of the chain.

I'll definitely use this service - when NatWest pull their finger out and join it!  

Knowing bank details, one can set up fraudulent DD. With Paym, as anon pointed out, both parties are known (KYCed). The (slight) problem with Paym is different: if I know your phone number, I can get your name... It's a reverse lookup directory...

This is getting a lot of press today, including TV.  Its all about the Banks. It is completely OTT for the Telco SPs and nothing new or anything to do with mobile wallets or 'pay by mobile'.  Adoption will be a problem (per PingIt) and the reactions show that people dont trust banks/banking, still.  Paying by intermediate (like Paypal) by emailid (can be anon) seems simpler and more ubiquitous.

BBC confirmed the confusion I referred to: they talk about Paym... APP. There is (at present, at least) no such thing!

Zapp is aiming to become such an app for online payments, but that (a) has nothing to do with Paym direct (well, the company behind Zapp does run Paym...) and (b) still requires the use of an individual bank's mobile app.

Dear Finextra Member.  Clearly you do not (or care not to take the trouble to) understand Direct Debits and the DD rules ... and weren't JC's account details published in his column in the Sunday Times, not the Sun?

Alexander, you cannot set up a "fraudulent" DD, as DDs can only be set up by organisations who are in the DD club, and one of the rules they must follow is that any disputed payment will be returned IMMEDIATELY, and PRIOR to any investigation being carried out.  One phone call would have seen Jeremy's money back in his own account!  He chose not to because it was a payment to a deserving charity and he is a solid Gentleman from Doncaster. 

My fear would be that if I provide my phone number as a means of receiving payment, that phone number forms part of the relationship with the third party and is then outside of the Telephone Preference Service rules.  Can they then call me any time they like?

David, DD fraud is not about whether the legitimate a/c owner gets refunded. It's about the immediate gain for an attacker. I am not sure how scaleable that angle is, but Pingit forgoes DD as a funding mechanism not without a reason... As for "DD Club", have a look at GoCardless...

Alexander.

Pingit forgoes DD as a funding mechanism because there is unlimited liabilty on any DD claimed (it's in the rules).  That means that if I use a DD to fund my own PINGIT account, I can, at ANY time, tell my bank that the transaction is fraudulent and they will refund all the cash back (that is the Direct Debit Guarentee) to me IMMEDIATELY.  Good for me, not so good for the bank, especially if I have legged it and left no forwarding address.  Barclays know that!  Because of this they don't allow DD, and therefore an attacker cannot use my account details to fund his account, so no immediate gain.

Also, as you know, you can only raise a DD request if you are a memeber of the DD Club, so it is unlikely that Johny Criminal is going to have an originators ID (or whatever they call it now), unless the bank's security checks are weak, which they claim isn't the case! 

Had a look at GoCardless.  Looks to me like a standard DD service provider - merchant and / or GoCardless take the risk.

"An attacker cannot use my account details to fund his account" - 97,000 of Brits would have disagreed...

Correct link: http://www.experian.co.uk/payments/quick-links/direct-debit-fraud.html

Bored now.  It is true that 97,000 Brits had their accounts used for DD fraud.  What is also true is that 97,000 Brits had their cash refunded (I accept they may have been pissed off, but that's looking at it from a different perspective).  However, the "fraudsters" were clearly not bright as they were paying for insurance services that would also have included them providing their names and addresses, and their insurance would have been invalidated as soon as the DD bounced.  The instigators didn't benefit from the deception - it isn't really what you could call fraud - and were actually worse off than before.

I accept that there is a perception of fraud here, but the reality tells a different story.  The link you provided shows that there are facilities available to DD originators to allow them to validate accounts sooner rather than later. 

You really need to show us an example of a private individual using the DD system to move value out of my account and into his account (directly or indirecty).  That would be fraud.  Paying for his electricity or insurance doesn't count.

I like the neatness of the ability to send money using my contact list, but my little girl can log in to here Halifax account and send me a tenner in less than 20 seconds, using my sort code and account number.  PayM is neat, and if it makes people feel more secure bobbing around in a sea of misinformation, then it's a good thing. 

Despite all the fanfare about Paym, a quick straw poll around our office shows that there will be a very slow take up at best.

Reasons range from non-availability, worries about risk to general apathy.

This really does not seem to have been communicated very well outside of the payments community.

Not sure if the Payments Council wanted a "soft launch", but they certainly seem to have achieved it.

Cash is pretty effective isn't it?

This is very interesting. However, while take-up in general may be slow, this new system is likely to be a hit with young people. According to Intelligent Environments’ recent research, even more young people intend to use the service, with over four million 18-30 year olds already interested in transferring money to friends and family via a mobile number. It’s clear that younger customers
continue to embrace any technology that makes managing their finances easier.

"But 47% say they will definitely not use Paym". One day before its launch, I doubt if anywhere near 47% of people even knew about FPS / SCT / SDD, let alone offer concrete reasons for not wishing to use the new payment methods. By that token, PayM has done a great job of spreading awareness about itself. Assuming that PayM is gated by a password or two, security concerns should diminish rapidly.

Alexander, you are right, we helped build one of these systems into a tier 1 bank, and it was just tinkering with existing systems/flows. Its just a new layer using the existing infrastructure to create a modern day market product - succeed or fail you have got to agree its smarter than creating a complete new infrastructure to do what the old could do already :) 

I agree with Simon Cadbury that Paym is likely to be popular with younger people. Barclays have said the peak day for Pingit transactions was Friday as people split bar and meal bills. I can see this being the case for Paym too as the customer base builds and more banks offer the service. The key is how well they promote it (and that it does not have a glitch as young people have less patience than us old guys - one strike of it not working and it will be out).

Sounds like sour grapes to me boys!