Payment dongles

[robgul]

I've been using a Bpay from Barclays "fob" which works like a contactless card - it's a small fob containing a SIM type card that attaches to a keyring (you can get wristbands as well) - it's briliant - all I want to do is pay for stuff with a tap on the machine.  It's fed from one of my bank accounts (not Barclays) with a minimum balance that I set and auto top-ups.

Well, they're shutting it down and replacing it with Pingit which has all sorts of crap features and doesn't seem to be able to work as a simple payment fob (why would I want to buy a lottery ticket with it??)

Anyone had any experience with Pingit - or is it just me?   AND does anyone know of any alternatives.

Rob
(currently frustrated/bloody angry of Stratford-upon-Avon having spent an hour with a brainless call-centre that couldn't interpret the numbered error messages I was getting)

[FifeingEejit]

Bpay appears to be similar to the early proof of concepts for mobile payments where the RFID tag was stuck to objects (such as Nokia 3330s) rather than the current model in phones where the RFID is actually a transmitter in the phone that is activated by an application to feed the appropriate data when in the field of a receiver (Which is what Pingit appears to be doing).

I'm afraid it's likely the closest you'll get to bpay that isn't shutting down in the near future is likely to be a provider of pre-paid cards; using the transmitter in a phone rather than issuing tags cuts out a bit of work for the service provider.  You could in theory cut down the card in order to put the rfid tag onto things, but cards allow for the system to do an online check through the EMV chip so you'd be buggered if the contactless transaction was rejected for an online EMV check.

[fuaran]

There are some smartwatches that support contactless payments. Maybe more convenient than using a phone.

eg most Android watches will support Google Pay. Seems Google Pay is supported by most UK banks, except Barclays. Could be worth opening another account just to use it?
Or some of the Garmin Forerunner or Vivoactive models. Though Garmin are rather limited in what banks they support.

[robgul]

There are some smartwatches that support contactless payments. Maybe more convenient than using a phone.

eg most Android watches will support Google Pay. Seems Google Pay is supported by most UK banks, except Barclays. Could be worth opening another account just to use it?
Or some of the Garmin Forerunner or Vivoactive models. Though Garmin are rather limited in what banks they support.

Watch? - what's that? - I haven't worn one since 2013 when I went on holiday and the battery packed up on the second day!!   

I have a smartphone but it's just for the odd phone call and to carry various bit of information like my diary and address book - it's not "attached" to me in that I wander round clutching the thing and updating my status every 2 minutes - oh, and I took a picture with about 4 weeks ago 

The amazing convenience of th Bpay key fob was what attracted me to it (think the old Tesco Clubcard tags with the barcode that attached to a keyring - that's the concept)

Rob

[Polar Bear]

I feel your pain Rob.

Having worked in the banking industry in IT for Barclays for 16 years, specifically on fraud prevention and detection, I neither like nor trust the current tech route and still resist online banking.   Contactless payment itself is a recipe for low level fraud and payment by gadget connected to the internet directly or otherwise is a level of risk I choose not to take.   

There is a new fingerprint bank card in the offing to improve contactless security so a fingerprint bpay equivalent would in my view be rather excellent.  Unfortunately it looks like your choice will be fingerprint contactless or gadget contactless.  The small advantage an up-to-date smartphone has over any watch in this regard is that the app is accessed by first potentially activating the phone by pin or fingerprint.  It is though still connected to the fraudsternet.

[ian]

I pay by watch all the time. It's one of the few times MLIsn'tR and very convenient, saves fishing out a wallet or phone.

The watch won't work unless it's on my wrist and the PIN has been entered. The moment it comes off the wrist, it locks.  The watch doesn't need to be connected to anything for contactless payment to work.

[Valiant]

I'm gonna miss my bpay wristband, it was light, didn't have to worry about battery life and could go out with near empty pockets.

[robgul]

I'm gonna miss my bpay wristband, it was light, didn't have to worry about battery life and could go out with near empty pockets.

The replacement Pingit does the same thing (I already have mine) and has various device formats   - the ANNOYANCE to me is that with Pingit you can only have one device per mobile phone number .... I had two Bpays on key fobs attached to two separate bank accounts but just one mobile.  Retrograde progress.

Rob

[mrcharly-YHT]

Authentication by fingerprint is a retrograde step, in my view.

The fingerprint has to be stored (in theory that can be hashed and encrypted, but recent events prove you Shouldn't Trust Storage Companies (one of the major players in this market was storing fingerprint unhashed in unencrypted databases). If your fingerprint is stolen, you can't change it (unlike a password). Your security is now compromised for life. You are screwed.

The two-step offline authentication involving a card reader + chip and pin is very secure. It is just isn't convenient. It is a pain in the ass. It is very secure.

Sadly, the lack of convenience means that companies will switch over to something more convenient, like fingerprint and facial recognition.

[Polar Bear]

With the new fingerprint card the fingerprint is stored on the card itself and verified before the card is then verified by the contactless terminal.  This is about as secure as you can get with fingerprint tech.  This tech could also be used on key fobs and wrist bands.  Easy to simply press a finger on the device as you wave it at the terminal.

[mrcharly-YHT]

With the new fingerprint card the fingerprint is stored on the card itself and verified before the card is then verified by the contactless terminal.  This is about as secure as you can get with fingerprint tech.  This tech could also be used on key fobs and wrist bands.  Easy to simply press a finger on the device as you wave it at the terminal.

And then when the card is cloned, all that is needed is your fingerprint . . .

I still think relying on something that cannot be changed as the verification is a Bad Idea.

It is about as sensible as issuing a password at birth and saying that each person needs to use that password for life.

[Greenbank]

Biometrics should be usernames, not passwords.

[FifeingEejit]

Some method of confirming that the fingerprint data is coming from a device, on which is placed a finger with blood flow would help the system.

[mrcharly-YHT]

Biometrics should be usernames, not passwords.

Agreed