Blog article
See all stories »

An article relating to this blog post on Finextra:

US Bank pilots NFC iPhone case

US Bank has chosen Salt Lake City and Portland as test sites for an iPhone case that turns the handset into a contactless payments device.


See article

Nonsense Innovation.

I am continually baffled by these people with fancy titles like Chief Innovations Officer who announce the deployment of "gimmicks" and say they are wonderful new technology breakthroughs, and oh yes... Secure.

Rubbish. NFC is not secure in it's present form. And tell me, what prevents someone else using my phone to "Pay and Run" ?

Just like what prevents someone else from taking my pay and go or wave and (all the same nonsense) and running rampant around town ?

Nothing...

The Banks preach security, however there is no consumer safety nor security in being able to wave a card or phone without any authentication mechanism. Encrypting a transaction is not security. It is just encrypting data that can come from anywhere and anyone. It is just a Banking rort. 

Mr Chief Innovations Officer, how about being innovative and doing something that actualy provides consumer security.

4034

Comments: (3)

Michael Kyritsis
Michael Kyritsis - ACI - London 15 January, 2013, 00:22Be the first to give this comment the thumbs up 0 likes

In the same way that there's no security on contactless transactions, there is no security on cash. If I leave my wallet lying around in order for someone to have a chance of taking one of my cards, I'm sure they would take any cash I have in my wallet too. There are limits on what can be spent - a per-transaction limit (in the UK it's £20) and also a limit on the number of consecutive contactless transactions the card will allow before it forces fall-forward (I think it's typically 5) but most consumers would never be forced to fall-forward because they use their cards for both contactless and contact- payments (which resets that counter).

A Finextra member
A Finextra member 15 January, 2013, 08:53Be the first to give this comment the thumbs up 0 likes

Hi Michael,

I agree with some of your comments, but shouldn't technology improve security rather than be as bad as a very old alternative?

Also, most customersdon't run up against the offline transaction limit, because they don't use contactless - the take up statistics prove this out.

The original blog is very true, there is a lot of hype around some very dubious technology much of which is poorly thought through from a security perspective. Take mobile banking and payments. How many organisations offering these facilities are actively pushing you to make  your mobile as secure as your PC?

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 16 January, 2013, 13:11Be the first to give this comment the thumbs up 0 likes

If a leading bank like US BANK chooses to introduce such an NFC solution, maybe it suggests that there's a strong consumer demand for mobile payments that the bank is trying to capitalize upon instead of missing the bus by waiting for Apple to include NFC on the iPhone. I've myself highlighted the clear and present danger with NFC in this Finextra post, so there's no denying that US BANK's solution is not so secure. But, the real question here is, does the average John / Jane Doe care about security when they get convenience? This question is especially relevant in the USA where the following predominantly American practices suggest that convenience trumps security in this market: (a) There are payment methods such as ACH TEL which permit one person to pull out money from another person's bank account without any written mandate from the latter (b) Millions of people have shared their Internet Banking credentials with BillGuard, Mint and other financial services startups (c) Few, if any, ecommerce companies have implemented 2FA for online payments, fearing - rightly, if I might add - that the resultant friction might result in shopping cart abandonment and loss of revenues.