22 September 2014

Security worries could hamper take-up of Paym P2P m-payments

28 April 2014  |  6839 views  |  21 Woman sitting in mall texting

Nearly half of Brits have no intention of using the bank-backed Paym person-to-person mobile payments service, which launches tomorrow, according to a survey from Consumer Intelligence.

Built under the Payments Council umbrella, Paym - pronounced pay-em - will allow registered users to make person-to-person and person-to-business payments from within their bank's app by simply using a mobile phone number as a proxy, without the need to disclose their sort code and account number.

The service will go live tomorrow for customers of Bank of Scotland, Barclays, Cumberland Building Society, Halifax, HSBC, Lloyds Bank, Santander and TSB. More banks will follow later in the year.

Consumer Intelligence's survey of 2051 current account holders shows that 25% intend to use the service, rising to 39% among 18 to 34 year olds. Another 28% are undecided.

But 47% say they will definitely not use Paym. Of these, 71% cite security concerns as the reason for their reluctance. More than a third are worried about what would happen if they lost their mobile phone and 32% are concerned about paying the wrong person or the wrong amount. Forty-two percent simply prefer traditional payment methods.

David Black, Consumer Intelligence, says: "Consumers can take a while to warm to new banking developments but it's clear that the banking industry has a job to do educate many of them that mobile payments are a safe and consumer-friendly development."

Comments: (21)

Alexander Peschkoff - TEDIPAY - London | 28 April, 2014, 12:21

That's funny. There is no Paym as such, it's a "red herring" -consumers will still be paying in exactly the same way as before. Hence, nothing changes, in a material way, from the security point of view. All Paym does (for now) is simplifies the payments process: use a mobile number instead of sort code and bank a/c.

On the practical note, there is a small inconvenience factor there: one can link his/her mobile phone number to just one bank account. Other than that, it's "business as usual" and (consumer confusion as usual too...)


Richard Sanders - ACI Worldwide - Watford | 28 April, 2014, 13:56

Interesting. I wonder how many of those surveyed were users on Barclays Pingit which has been very successful but stalled a little for non-Barclays customers because of the KYC requirements to join.

Gordon Young - www.promon.no - Camberley | 28 April, 2014, 17:05

I wonder how many of these Apps has been verified as having strong security against on device malware ... indications to date show many have weak security in this area

David Griffiths - gryffle - Hertford | 29 April, 2014, 05:30 I think I would be happy for friends and relatives to send money to my mobile number, as they already have it, but I would rather a stranger had my sort code and account number.
A Finextra member | 29 April, 2014, 07:53

If a stranger has your sort code and account number they can defraud you. Remember what happened to Jeremy Clarkson when he published his details in the SUN and challenged anyone to nick his cash. On the other hand, if someone steals your phone and uses it to send cash to themselves, the whole transaction can be traced immediately - there is no way you'd not be able to get your money back, and the thief would in all probability would be caught, since their own bank details are part of the chain.

I'll definitely use this service - when NatWest pull their finger out and join it!  

Alexander Peschkoff - TEDIPAY - London | 29 April, 2014, 08:17 Knowing bank details, one can set up fraudulent DD. With Paym, as anon pointed out, both parties are known (KYCed). The (slight) problem with Paym is different: if I know your phone number, I can get your name... It's a reverse lookup directory...
A Finextra member | 29 April, 2014, 09:05

This is getting a lot of press today, including TV.  Its all about the Banks. It is completely OTT for the Telco SPs and nothing new or anything to do with mobile wallets or 'pay by mobile'.  Adoption will be a problem (per PingIt) and the reactions show that people dont trust banks/banking, still.  Paying by intermediate (like Paypal) by emailid (can be anon) seems simpler and more ubiquitous.

Alexander Peschkoff - TEDIPAY - London | 29 April, 2014, 09:13

BBC confirmed the confusion I referred to: they talk about Paym... APP. There is (at present, at least) no such thing!

Zapp is aiming to become such an app for online payments, but that (a) has nothing to do with Paym direct (well, the company behind Zapp does run Paym...) and (b) still requires the use of an individual bank's mobile app.

David Griffiths - gryffle - Hertford | 29 April, 2014, 09:28

Dear Finextra Member.  Clearly you do not (or care not to take the trouble to) understand Direct Debits and the DD rules ... and weren't JC's account details published in his column in the Sunday Times, not the Sun?

Alexander, you cannot set up a "fraudulent" DD, as DDs can only be set up by organisations who are in the DD club, and one of the rules they must follow is that any disputed payment will be returned IMMEDIATELY, and PRIOR to any investigation being carried out.  One phone call would have seen Jeremy's money back in his own account!  He chose not to because it was a payment to a deserving charity and he is a solid Gentleman from Doncaster. 

My fear would be that if I provide my phone number as a means of receiving payment, that phone number forms part of the relationship with the third party and is then outside of the Telephone Preference Service rules.  Can they then call me any time they like?

Alexander Peschkoff - TEDIPAY - London | 29 April, 2014, 09:50

David, DD fraud is not about whether the legitimate a/c owner gets refunded. It's about the immediate gain for an attacker. I am not sure how scaleable that angle is, but Pingit forgoes DD as a funding mechanism not without a reason... As for "DD Club", have a look at GoCardless...

David Griffiths - gryffle - Hertford | 29 April, 2014, 10:09


Pingit forgoes DD as a funding mechanism because there is unlimited liabilty on any DD claimed (it's in the rules).  That means that if I use a DD to fund my own PINGIT account, I can, at ANY time, tell my bank that the transaction is fraudulent and they will refund all the cash back (that is the Direct Debit Guarentee) to me IMMEDIATELY.  Good for me, not so good for the bank, especially if I have legged it and left no forwarding address.  Barclays know that!  Because of this they don't allow DD, and therefore an attacker cannot use my account details to fund his account, so no immediate gain.

Also, as you know, you can only raise a DD request if you are a memeber of the DD Club, so it is unlikely that Johny Criminal is going to have an originators ID (or whatever they call it now), unless the bank's security checks are weak, which they claim isn't the case! 

Had a look at GoCardless.  Looks to me like a standard DD service provider - merchant and / or GoCardless take the risk.

Alexander Peschkoff - TEDIPAY - London | 29 April, 2014, 10:14

"An attacker cannot use my account details to fund his account" - 97,000 of Brits would have disagreed...

Alexander Peschkoff - TEDIPAY - London | 29 April, 2014, 10:15

Correct link: http://www.experian.co.uk/payments/quick-links/direct-debit-fraud.html

David Griffiths - gryffle - Hertford | 29 April, 2014, 10:34

Bored now.  It is true that 97,000 Brits had their accounts used for DD fraud.  What is also true is that 97,000 Brits had their cash refunded (I accept they may have been pissed off, but that's looking at it from a different perspective).  However, the "fraudsters" were clearly not bright as they were paying for insurance services that would also have included them providing their names and addresses, and their insurance would have been invalidated as soon as the DD bounced.  The instigators didn't benefit from the deception - it isn't really what you could call fraud - and were actually worse off than before.

I accept that there is a perception of fraud here, but the reality tells a different story.  The link you provided shows that there are facilities available to DD originators to allow them to validate accounts sooner rather than later. 

You really need to show us an example of a private individual using the DD system to move value out of my account and into his account (directly or indirecty).  That would be fraud.  Paying for his electricity or insurance doesn't count.

I like the neatness of the ability to send money using my contact list, but my little girl can log in to here Halifax account and send me a tenner in less than 20 seconds, using my sort code and account number.  PayM is neat, and if it makes people feel more secure bobbing around in a sea of misinformation, then it's a good thing. 

Paul Love - Compass Plus - Nottingham | 29 April, 2014, 12:00

Despite all the fanfare about Paym, a quick straw poll around our office shows that there will be a very slow take up at best.

Reasons range from non-availability, worries about risk to general apathy.

This really does not seem to have been communicated very well outside of the payments community.

Not sure if the Payments Council wanted a "soft launch", but they certainly seem to have achieved it.

Dan Barnes - Information Corporation - London | 29 April, 2014, 13:27

Cash is pretty effective isn't it?

Simon Cadbury - Intelligent Environments - London | 30 April, 2014, 13:35

This is very interesting. However, while take-up in general may be slow, this new system is likely to be a hit with young people. According to Intelligent Environments’ recent research, even more young people intend to use the service, with over four million 18-30 year olds already interested in transferring money to friends and family via a mobile number. It’s clear that younger customers
continue to embrace any technology that makes managing their finances easier.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 30 April, 2014, 15:22

"But 47% say they will definitely not use Paym". One day before its launch, I doubt if anywhere near 47% of people even knew about FPS / SCT / SDD, let alone offer concrete reasons for not wishing to use the new payment methods. By that token, PayM has done a great job of spreading awareness about itself. Assuming that PayM is gated by a password or two, security concerns should diminish rapidly.

Adrian Hausser - PayX International Ltd - unspecified | 02 May, 2014, 17:16

Alexander, you are right, we helped build one of these systems into a tier 1 bank, and it was just tinkering with existing systems/flows. Its just a new layer using the existing infrastructure to create a modern day market product - succeed or fail you have got to agree its smarter than creating a complete new infrastructure to do what the old could do already :) 

Richard Sanders - ACI Worldwide - Watford | 02 May, 2014, 17:28

I agree with Simon Cadbury that Paym is likely to be popular with younger people. Barclays have said the peak day for Pingit transactions was Friday as people split bar and meal bills. I can see this being the case for Paym too as the customer base builds and more banks offer the service. The key is how well they promote it (and that it does not have a glitch as young people have less patience than us old guys - one strike of it not working and it will be out).

Chris Meggs - Chasm management ltd - Ipswich | 06 May, 2014, 21:31 Sounds like sour grapes to me boys!
Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related blogs

Create a blog about this story (membership required)

Related stories

02 April, 2014
20 March, 2014
10 March, 2014
19 November, 2013
16 September, 2013
19 August, 2013
21 February, 2012

Related company news


Featured job

Competitive base, bonus, full benefits
London / Anywhere, UK

Find your next job