Feeds

Barclays heralds new wave of wallet-waving

Contactless tech going in cards - data-gathering to follow

Beginner's guide to SSL certificates

Barclays Bank is to embed contactless technology into every debit card issued from this day forward, allowing punters to pay for coffee with a wave of the wallet - providing they can find somewhere that accepts the new technology.

Barclays has had a contactless card for a while now; the OnePulse, which also has an Oyster card embedded for use on the London underground. But that was only available to Londoners for obvious reasons. Now everyone with a debit card is going to be wirelessly enabled, next time their card is replaced, which the companies involved hope will kickstart the wireless-payments industry.

The system is based on Visa's payWave system, which is compatible with Mastercard's PayPass, and processes transactions of up to a tenner by waving the card near the reader. Every now and then, at random or in response to unusual behaviour, the user will have to put the card in a normal reader and enter their PIN in the existing manner.

The security mechanisms employed are challenge/response, and subject to the usual concerns about interception and transaction replication. The communication protocol used by both Visa and Mastercard conforms to the EMV specification, though the kernel and encryption systems are kept secret - a strategy which rarely works out for the best, though given the £10 transaction cap and the ability to fall back on the PIN the security issues would seem minimal.

However, while most debit-card transactions are performed online, so the customer's bank balance is checked before the transaction is authorised, PayWave transactions always take place offline, which will no doubt delight students everywhere - especially as the pubs start accepting them.

More concerning is the ability of the banks to collect usage information about all those cash transactions; they'll know where you drink coffee, what paper you read and how much you spend on cigarettes. It will make for almost as much data as the supermarkets are already collecting through your loyalty card.

Merchants apparently gain from faster transaction times, and thus shorter queues, though given that debit cards normally charge a minimum fee for each transaction they would seem ill-suited to a large number of small transactions. We put that point to Barclays, who pointed us to Barclaycard as they are handling negotiations with merchants, and we are still awaiting comment on the matter from them. ®

Intelligent flash storage arrays

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.