Feeds

El Reg pays by phone – mmmm, free cookies!

Slow tap dance for UK's first contactless payments

Remote control for virtualized desktops

The UK's first pay-by-phone retail service launched last week, but based on our experience we won't be dumping our coins and notes any day soon.

Orange kindly sent us a Samsung Tocco Quick Tap – a spin-off of the feature-phone Tocco with added NFC to handle the payments. But before we could use Quick Tap to pay for something we needed a Barclaycard, and we also needed to create half a dozen passwords, PIN numbers and security prompts to ensure no one else could top up our balance for us.

To be fair, the first part of the process was registering our Barclaycard on line, which some customers might have already done, but even then there are various hoops through which one has to jump to get the service working. Once it is working then the payment itself was flawless, and we successfully bought chocolate cookies by waving a mobile phone – rather to the surprise of the shop staff.

To register a Barclaycard online one identifies oneself with an account number and credit limit, then one has to come up with a username (eight to 16 digits, at least one number) and a password (six numbers, no repetition, no date of birth and no sequences). The card then has to be registered with the Quick Tap payment service, which requires a security word (six to eight characters, no keyboard patterns and no repetition), and another security word (five to 16 characters, as before) followed by a four-number PIN.

Once you've managed that – and made copious notes to be eaten once memorised – you'll get a screen asking you for the number of the phone and the SIM identity, which the Quick Tap application on the phone will helpfully display.

Within the next couple of hours the phone is sent an activation code; ours arrived after about 20 minutes. That has to be entered into the website, and finally one can start charging up the account.

The Quick Tap application, which runs on the phone, is a J2ME app and that shows in the slow boot time. Enter the application and then click to add a Barclaycard Payment Service and it will trigger another J2ME app, with associated lag as the virtual machine instantiates again. Both applications also suffer from the Tocco's unresponsive touch screen, but one can get used to it.

The Barclaycard app asks for a PIN on launch. If the user tries to add some credit then the same PIN has to be entered again, which seems redundant – there is clearly a focus on security, or the appearance of security at least. That might allay the fears of the new user, but the process is painful and clunky in stark contrast to the process of spending the uploaded credit.

Due to a misunderstanding over shipping, we were left in Inverness to try the system, but Barclaycard advised us that at least two locations in the city would accept payments with a wave of the phone. One was a chemist, but as we weren't yet feeling ill we dropped into Inverness Subway to buy a cookie or two.

The staff at Subway were slightly bewildered by our request, but agreed that their terminal was emblazoned with the word "contactless". With the staff repeatedly pressing buttons and us waving the phone in the vicinity of the terminal we were able to complete the transaction within a minute or two.

Choosing a cloud hosting partner with confidence

Whitepapers

Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.