Feeds

El Reg pays by phone – mmmm, free cookies!

Slow tap dance for UK's first contactless payments

3 Big data security analytics techniques

The UK's first pay-by-phone retail service launched last week, but based on our experience we won't be dumping our coins and notes any day soon.

Orange kindly sent us a Samsung Tocco Quick Tap – a spin-off of the feature-phone Tocco with added NFC to handle the payments. But before we could use Quick Tap to pay for something we needed a Barclaycard, and we also needed to create half a dozen passwords, PIN numbers and security prompts to ensure no one else could top up our balance for us.

To be fair, the first part of the process was registering our Barclaycard on line, which some customers might have already done, but even then there are various hoops through which one has to jump to get the service working. Once it is working then the payment itself was flawless, and we successfully bought chocolate cookies by waving a mobile phone – rather to the surprise of the shop staff.

To register a Barclaycard online one identifies oneself with an account number and credit limit, then one has to come up with a username (eight to 16 digits, at least one number) and a password (six numbers, no repetition, no date of birth and no sequences). The card then has to be registered with the Quick Tap payment service, which requires a security word (six to eight characters, no keyboard patterns and no repetition), and another security word (five to 16 characters, as before) followed by a four-number PIN.

Once you've managed that – and made copious notes to be eaten once memorised – you'll get a screen asking you for the number of the phone and the SIM identity, which the Quick Tap application on the phone will helpfully display.

Within the next couple of hours the phone is sent an activation code; ours arrived after about 20 minutes. That has to be entered into the website, and finally one can start charging up the account.

The Quick Tap application, which runs on the phone, is a J2ME app and that shows in the slow boot time. Enter the application and then click to add a Barclaycard Payment Service and it will trigger another J2ME app, with associated lag as the virtual machine instantiates again. Both applications also suffer from the Tocco's unresponsive touch screen, but one can get used to it.

The Barclaycard app asks for a PIN on launch. If the user tries to add some credit then the same PIN has to be entered again, which seems redundant – there is clearly a focus on security, or the appearance of security at least. That might allay the fears of the new user, but the process is painful and clunky in stark contrast to the process of spending the uploaded credit.

Due to a misunderstanding over shipping, we were left in Inverness to try the system, but Barclaycard advised us that at least two locations in the city would accept payments with a wave of the phone. One was a chemist, but as we weren't yet feeling ill we dropped into Inverness Subway to buy a cookie or two.

The staff at Subway were slightly bewildered by our request, but agreed that their terminal was emblazoned with the word "contactless". With the staff repeatedly pressing buttons and us waving the phone in the vicinity of the terminal we were able to complete the transaction within a minute or two.

3 Big data security analytics techniques

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE & Vodafone will let you BONK on the TUBE – with Boris' blessing
Transport for London: You can pay, but don't touch
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
Google eyes business service in latest Fiber trials
Lucky Kansas City buggers to host yet another pilot program
Huawei exec: 'Word of mouth' will beat Apple and Samsung in Europe
World Mobile Telephone Factory No.3 won't fling the big bucks around just yet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.