Bank turns London man into RFID-enabled guinea pig
Halifax customer bites back
The Halifax bank is enrolling unsuspecting customers in trials of a new generation of RFID-enabled bank cards, and trying to keep them in the program even if they have mis-givings about the wave and pay technology.
PayWave allows punters to debit their account without having to enter a PIN or sign for goods valued at less than £10.
The RFID-based technology, backed by Visa, is being rolled out by UK banks Barclays and Halifax, as well as others on the continent. Mastercard is backing a similar technology called PayPass.
Halifax is introducing the technology in London to a number of punters, including Reg reader Pete.
Pete, a current account holder at Halifax, was among those issued with a new card. He didn't want to use the unsolicited technology and his attempts to receive an alternative card, though ultimately successful, proved frustrating.
"I have to input my PIN the very first time I use this 'Paywave' card, but after that it is automatically authorised to work for all transactions under £10," Pete explained. "I put the new card straight in the bin - in fact, I shredded it and put it in several different bins. I don't want this highly insecure-sounding facility, and I never use a debit card for retail transactions anyway."
Pete thought no more of the card assuming his old plastic, which had months left to run, would continue to be useable. But when he went to his local bank in early December to get some cash the ATM refused the transaction and retained his card.
Bank staff, having verified Pete's identity, were not immediately able to work out why the card had been retained. They gave him back his card but, after other attempts to use his card failed, he was faced with the chore of getting his card replaced. After calling Halifax's helpline, Pete was told that the (unsolicited) issue of the contactless card had automatically cancelled his original card, something not mentioned in the paperwork that came with the old card, according to Pete.
"Halifax are cancelling peoples' bank cards without permission and without even telling them, and forcing them to use these new cards, which as far as I know nobody has asked for," Pete told El Reg
"Who wants these things? Not me. And is there no limit to the level of insecurity they want to introduce to their cards? I guess not, so long as the cardholder can be stuck with the liability," he added.
A replacement card also came with the unwanted contactless card technology. Curiously, Pete's wife didn't get a contactless card even though she is joint holder of the same Halifax account.
Ultimately, after complaining long and loud, Pete has now received a non-Paywave bank card from Halifax. The incident has left him far from satisfied. Halifax turned down Pete's request for compensation.
Halifax declined to speak about individual cases, but confirmed it was conducting a trial of the technology across London, prior to a nationwide rollout.
A spokesman for banking association APACS said whether customers had the ability to refuse new technologies was "card issuer dependent".
Barclays is also introducing the technology in the UK. A developer familiar with Barclays plans said it, like Halifax, is rolling out the technology in London in advance of the rest of the country, both as a test-bed for the technology and because Londoners are more used to using RFID-enabled technology in the form of Oyster travel cards.
Barclays has created a triple-function card (called OnePulse) that combines a traditional credit card with PayWave and also with Oyster on-board as a separate application.
"Barclays and a couple of other banks were bidding to effectively take over Oyster and subsume it into a larger payment scheme using the less-proprietary Visa and Mastercard technology, but these negotiations fell apart," he added.
Our source noted that the maximum transaction value for contactless purchases is typically £10, which mitigates the increased risk of using the cards.
"Major customer education issues still need to be overcome before everyone is happy to use this as a cash-replacement technology, which is what the banks and retailers want," he said. "It's certainly a very interesting privacy issue if banks are including the contactless chips in 'standard' credit cards without asking, especially since the transactions are effectively unsecured because no PIN is needed.
"On the privacy issue, there is likely to be a growing number of stories and attempts at hacking and skimming contactless cards, once they are out in the wild, and whether or not the risks to consumers are real, they need to understand the issues and risks."
Our source added that the situation created a market for niche security firms to develop products that protect contactless-enabled cards from "uninvited attempts to communicate with them", in response to security concerns about the possible misuse of the technology to perpetrate fraud.
Whether the likes of Pete will be reassured by extra security controls on a type of card they have had forced on them in the fist place remains to be seen. ®
Big brothers first name is - Halifax
So, contactless paying
scam artists swiping a tenner everytime your trousers goes past a waist height scanner.
This is not permission to board a tube train (Oyster), this is raw cash; of course its different -what was the fools name who said that? take him to the stocks now.
Records of exactly when and where you have been - its a doddle to register the card ID's location as you walk past, not even bothering to tell the punters or go to the hassle of asking them................
....................................................hhhmmmmmm is big brother's first name Halifax?
I'm not : paranoid but they are coming to get me...
> 1.) The merchant gets their money after a period - not instantaneously - holding a gun to their head won't get you any cash from the proposed fraud at a tube station - it'll just be a good-old plain armed robbery of cash on the premises. The period is there for stopping fraud/chargebacks, and for 'clearing' purposes.
It's still worth bopping someone one the head & using the card. The merchant might to get the cash, but the thief has the goods.
>You're suggesting that scum will mug you for your card, so they can get a tenner off of it for White Lightning or something?
Yes. I've known people mugged for a fiver - and 3 trips to different offies & it adds up to a lot of White Lightning
The problem with things like the Oyster card is that to obtain the discount you can't top it up anonymously, you must submit your bank details. The discount is because "cashless payments are more efficient - odd you don't get a discount on credit card or debit card payments. Also to get the discount you must swipe at both ends of your journey, not just on boarding.
So, it's sod all about efficiency - it's about tracking where you gen on and off the transport system.
And cashless payments are a wet dream for a fascist government such as in power in Britain. I'm not surprised to find out they are already in use in Singapore for the same reasons - a government obsessed with control over its citizens.
"Due to the way readers work, they don't work with 2 readers/cards in the field."
You'll need to use each card separately. More than 1 card visible to the reader and it won't use either.