Chase and MasterCard Jump Into Mobile Payments (itworld.com) 56
itwbennett writes: JP Morgan Chase said Monday that it plans to launch its own smartphone payment platform in mid-2016. 'Chase Pay will be based on CurrentC, a retailer-led mobile payment system that has largely been written off by Silicon Valley techies for its reliance on barcodes rather than the more sophisticated NFC (near-field communications) technology adopted by its competitors,' writes Martyn Williams. CurrentC, and therefore Chase Pay, is compatible with a much larger number of smartphones than the rival services from Apple, Google and Samsung.
Meanwhile, MasterCard announced a program that aims to turn any type of gadget into a payment device, from car keys to fitness trackers.
Re:I don't get this (Score:5, Funny)
Ah. So not looking to make any big purchases, then?
Re: (Score:2)
Re: (Score:3)
Why would anyone want to pay with a phone? How is it any more convenient than paying by card or cash?
Not to mention the enormous invasion of privacy which gives them all the info about your finances.
Well, if you are using the app directly from the credit card company / bank, I imagine the privacy factor is about the same whether using a card or a phone. I'd much rather carry my phone around and leave my credit cards at home. It's easier for me to keep track of my phone and I notice if it is missing much faster than if a card (or wallet) is missing.
Hopefully the apps from the bank work with rooted phones. I haven't had a chance to use this tech yet (even though I have a Note 5) since I rooted my phon
Re: (Score:2)
Hopefully the apps from the bank work with rooted phones. I haven't had a chance to use this tech yet (even though I have a Note 5) since I rooted my phone - which stops Samsung and Android Pay from working.
This is not entirely true. To add a credit card to Android Pay it was necessary to unroot my phone. Once the card was added, I re-rooted my phone. Android Pay still works.
Re: (Score:2)
It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?
Re: (Score:3)
It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?
Or forgot your wallet? That happens to me more often than not having a charged phone. Granted, everyone's mileage will vary with this as with anything else.
Re: (Score:2)
In my case, and probably the case of a lot of other people, my driver's license is IN my wallet. I never leave home without it.
Re: (Score:2)
In my case....my driver's license is IN my wallet.
Mine too. I'm just amazingly unorganized.... I don't know why I don't just leave it in my car.
Re: (Score:2)
It will be so nice standing in a busy supermarket about to pay only to realize you forgot to charge your phone, won't it?
Or forgot your wallet? That happens to me more often than not having a charged phone. Granted, everyone's mileage will vary with this as with anything else.
Forgot your wallet? How did you get wherever you were going without your wallet? Hopefully you didn't drive, because that would be illegal. I have literally NEVER forgotten my wallet. I used to forget my phone maybe once a year back when carrying a phone first became a thing. Now I never forget my phone. I have had my phone go dead on me though. Either the battery ran out or there was no service. I have never had that happen with my wallet or my credit cards.
Re: (Score:2)
Most banking apps seem to work on rooted devices, but Lloyds bank's does not. It tells you to use their web site via your mobile browser instead. That's why I left Lloyds bank.
Re:I don't get this (Score:5, Informative)
"Why would anyone want to pay with a phone?"
Whenever you hand your credit card to a clerk, there is a possibility that it could be scammed. Your card information could go into the retailer's database, which can eventually be hacked, compromising millions of people at once.
Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.
Re: (Score:2, Informative)
Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.
EMV provides a similar one-time code. No phone required.
Re: (Score:3)
While this is true, the problem is that it's still often normal to hand your card to a clerk rather than inserting it for a chip transaction. Even where that's not the case, it wouldn't take much for someone to use cameras to gather the information necessary to use EMV cards fraudulently online.
Re: (Score:3)
So far everywhere I've used the chip in my new EMV card, I first handed it to the cashier and they tried to swipe, and it denied it saying I had to use the chip, which every single time has been facing downward and towards me, somewhat out of view of anybody (or anything) besides myself.
Everywhere I've done this, this has been the case at any rate, which includes every walmart, every restaurant, etc. I don't know if that's the standard, but it wouldn't surprise me if the terms of the merchant agreement requ
Re: (Score:2)
Good points. I'd add these:
Re: (Score:2)
Phone payment systems, on the other hand, can be set up so that only a one-time code gets transmitted to the retailer. It can't be used for anything after the one transaction, and there is nothing to store in a vulnerable database.
That seems like it would only be possible if your phone is able to communicate with the card carrier, which it is not always able to do.
Re: (Score:2)
No it doesn't need a live connection with the card carrier, except when tou set up each card in the phone's payment app. It snaps a picture of the front-side number and expiration, and encodes that in its onboad tokenization chip. At transaction time, the tokenization chip computes the one-time code that gets sent to the retailer's NFC reader.
Re:I don't get this (Score:5, Informative)
When I looked into it, the advantages to something like Apple Pay (but not any of these CurrentC-based initiatives) seemed pretty evident:
1) It's significantly more secure than carrying a card in the US. For instance, Apple Pay generates single-use tokens that take the place of credit card numbers. Had consumers been using it when the Home Depot and Target hacks happened last year against the point of sale systems, the hackers would have just gotten a list of consumed tokens that were utterly useless. Likewise, were my phone/card stolen, I'm less likely to notice a missing card than a missing phone, but both of them can be deactivated remotely. On the plus side for the iPhone*, even if I don't deactivate it, it'll fully lock itself and require my lengthy password after 48 hours, meaning that any would-be thieves would have a very narrow window during which to use Apple Pay, and it would be complicated by the fact that they'd have to first reproduce my fingerprints. That alone negates a lot of common thievery. And if we're getting into the sort of state-sponsored thievery that would be good enough to crack into the hardware encrypted Secure Enclave in an iPhone where the credit card info is stored, then Apple Pay is, frankly, the least of my worries.
2) It's more convenient. No more pulling cards out of my wallet, then having to put them back in the right place. No having to navigate to and through apps. No having to manually generate QR code sand the like. No having to count out cash. Less things to carry. I'd love to eliminate the cards I carry from my EDC. I already have my health and car insurance "cards" on my phone. Some US states are permitting digital driver's licenses. And I stopped carrying cash on a regular basis years ago for a variety of reasons. My credit cards are one of the bulkiest things I still carry.
3) It's more private than credit cards. Again, speaking of Apple Pay and the like as opposed to CurrentC-based programs, they're specifically designed to protect your privacy against intrusion by the retailers. Credit card numbers can be captured by retailers and are routinely compiled into large databases that track you and your purchases across all of their chains and subsidiaries, both in-store and online. In contrast, the one-use tokens that Apple Pay uses aren't linked back to your identity or any of your identifying information in any way (though I think I heard that they were about to allow users to opt-in to providing info to specific retailers in exchange for discounts/rewards/customer loyalty type stuff), and because they're single-use, they can't be tracked from one purchase to the next. It strips retailers of their ability to track you via your payment method, though, obviously, cash shares that same advantage.
In contrast, CurrentC-based systems like Chase's are designed by retailers (headed by Wal-Mart) for retailers, since it tracks your location both inside and outside of the stores, requests access to as much information as it can get on your phone (including any health information you store on the phone), and provides identifying information in its QR codes so retailers can easily recognize you.
All of which is to say, paying by phone has some major advantages, but, as with many topics we discuss here on /., the devil is in the details.
* Hypothetically speaking, since I don't actually have an iPhone with Apple Pay.
Re: (Score:1)
Forgot to mention that CurrenC does ACH transactions (free for the retailer) to access your money directly. This means that like your debit card, if the CurrenC phone or payment processor (terminal or backend) is compromised, any money lost is unrecoverable.
Re: (Score:3)
Yup, I forgot about that one, since it's been awhile since I last looked into CurrentC. That's definitely one of the worse things about it, but the whole thing is really just a bad system from the consumer side of things. It places complete trust in retailers (who have shown they're not trustworthy), gives them more access to your data (e.g. health, birthdate, photos), enables them to track you more easily (e.g. location tracking, tracking purchases across multiple cards you have in the app, tracking you be
Re: (Score:3)
Re: (Score:2)
1. Security of credit cards is a non-issue for consumers. You are insured against losses over $50 and most banks will cover the entire loss.
Nonsense. That argument only addresses a single one of the issues people deal with when a card is lost or stolen.
For instance, I lost my credit card last year (misplaced it, called it in as lost, later found it), and I was finding all sorts of new headaches for at least two months afterwards, even though it wasn't even stolen (e.g. I discovered that my ISP's autopay locks in its payment method a week before the bill goes out, so even though I had updated my autopay settings to reflect the new card, my old c
Re: (Score:1)
Re: (Score:2)
You must not have shopped in a retail store lately, or you would have noticed that every cashier is quite familiar with barcode readers, and in busy stores, they are used thousands of times a day.
Re: (Score:2)
Don't bank on your cellphone. (Score:3, Insightful)
Yes, the phone in your pocket is also a computer. No, it is not as secure as your desktop or laptop.
Never trade security for convenience.
Re: (Score:1, Insightful)
Severe paranoia and delusional thinking are signs of neural impairment. You should see a doctor.
A modern smartphone tends to be much more secure than the average PC. Unless you side-load Android apps from shady suppliers, you're rather unlikely to be running any software in a position to capture transaction details. This is not at all true on a PC.
Re: (Score:2)
Re: (Score:2)
She said to cut back on the internet-sourced advice, and advised keeping the healthy skepticism that everything is safe... especially in the face of contrarian evidence.
Thank you caring, though.
Re:Don't bank on your cellphone. (Score:4, Informative)
A phone is probably at least as secure as the average person's desktop. All three major phone operating systems offer a walled garden and by default run apps in a heavily restricted sandbox. Most users never break out of that. We don't see vast phone based botnets, suggesting that those operating systems compare quite well to the most common desktop OS, Windows.
Re: (Score:2)
A phone is probably at least as secure as the average person's desktop. All three major phone operating systems offer a walled garden and by default run apps in a heavily restricted sandbox. Most users never break out of that. We don't see vast phone based botnets, suggesting that those operating systems compare quite well to the most common desktop OS, Windows.
I've read the arguments for and against. I think the phone is still uniquely a security issue because of the ability it provides interested parties to track your location.
Also: We are probably not too many years away from widespread use of Stingray-like devices outside of law enforcement.
Re: (Score:3, Insightful)
You're using a general "less secure" instead of "less secure against". There's more risk for your location being tracked if you are compromised, but the walled garden is more secure against the device being compromised in the first place. If you're doing mobile banking, you're less worried about being tracked than you are of losing your money.
Re: (Score:2)
No, it is not as secure as your desktop or laptop.
That statement could not be more wrong. The typical mobile device is significantly more secure than the typical desktop or laptop. Desktops (and laptops; I'm going to stop distinguishing) aren't quite as bad in 2015 as they were a few years ago, but they're still hugely more likely to be infected with various sorts of malware, to be part of a botnet, etc.
Fundamentally, this is because desktop OSes were designed before security really became a significant concern, and mobile OSes were designed after. Mobil
Re: (Score:2)
Yes, the phone in your pocket is also a computer. No, it is not as secure as your desktop or laptop.
My desktop and laptop are still running Windows XP, you insensitive clod!
Re: (Score:1)
With NFC, you can approve the transaction without removing your phone from wherever it's currently stored (pocket, purse, etc.). That's the advantage.
Re: (Score:2)
"Remind me again why NFC is "better" than bar codes?"
Because it's shorter working range, ability to transfer more information and quicker, also eliminates differences introduced by different brightness/display sizes of phones.
"You can't remotely intercept a bar code very well or easily"
Interception device is called a camera.
"You can verify what you present to the register."
Majority of people doesn't decode barcodes quickly enough.
"You're phone can't be tricked, remotely, into thinking its paying for somethi
Only if they upgrade their website (Score:2)
The Mastercard CC 'online banking' website where you can check your withdrawals etc. is a pile of shit:
- lousy security (password A-Za-z0-9 only and with a maximum of 10 characters)
- the information reported on each purchase is often useless, with an entirely different company listed than the place you actually purchased from, with limited-length fields chopping off half the name etc.
- unnecessary jumping-through-hoops to download monthly statements (and no, you shouldn't name them all "download.pdf")
- no w
CurrentC needs to die in a fire. (Score:4, Informative)
The main problem with CurrentC is not the QR-codes, though that is kind of ridiculous and old-timey. The main problem is the direct line into your banking account with no credit card intermediary; which strips you of much fraud protections you enjoy with ApplePay, or even just by swiping plastic. That means instead of being on the hook for no more than $50 in the event of fraud (And many cards waive this these days.), your bank account can simply be emptied. Good luck getting that money back. And even if you succeed, it's still gone for the duration, when you may have needed it for other purchases and bills.
CurrentC needs to die. And the retailers trying to push it need to be made to suffer.