NFC and contactless payments, round 2

I’ve talked before about the problems I have with NFC and contactless payments, either through smartphones or, more recently, through contactless payments through ‘wave enabled’ cards.

The thing is, people herald it as a sign of innovation. And it is, but the wrong kind.

Here’s the thing. People talk about these things as making transactions faster, easier and so on, and perhaps for some people and some places, such things are actually faster than using a card or cash – especially for small amounts, I can see that.

But what I want to draw attention to is that this is a real innovation not for users, but for the financial institutions that back them – after all, it’s the likes of VISA who is pushing it so hard, not the retailers.

So, let’s consider for a moment what their motive might be in investing in such a technology. Certainly, anything that makes it faster for you to pay money – bearing in mind they get a cut of the transaction – is going to benefit them, and I wouldn’t be surprised if they get an extra cut for the ‘convenience’ factor of swipe payments.

The real innovation here, though, isn’t that it’s done – but that it is one step further in transferral of liability. That’s the real problem that these cards and devices are attempting to solve, and why very often it’s solving the wrong problem – or at best a solution in search of a problem.

Initially we had cash. It was reasonably universal in that every shop would accept it. Then we had the concept of hire/purchase for larger items, and that evolved into credit cards. Note the importance here: we’ve changed from something that – however loosely – came from having physical denomination of wealth to a virtual one.

I’m not against credit cards, or my preferred type, debit cards – they allow you to carry around a concept of wealth that can be exchanged for goods, without carrying out physical money.

The problem is that invariably a sense of identity is attached. Cash has no identity, it is merely metal that represents a value. But a card is attached to a person.

We have cards that have a signature and a magnetic strip that carries details about us, a personally identifying number, theoretically speaking. And for a long time, the banks would be relying on the store clerk to validate that the person signing the receipt was the person who carried the card – and had the same signature as on the card.

The reality is that this didn’t always happen, and essentially meant that it was unreliable. Result: the bank is the one who loses out if it was demonstrated that the card was used without consent.

So to deal with this type of fraud, the banks introduced keypads pretty much everywhere that the user enters the personal identification number into. That must stop fraud, right? Only you know your PIN?

Well, it’s 4 digits of 0-9. Right there is 10,000 combinations, but the banks lock out certain combinations like too many repeated digits, your birthday and things like, and it soon becomes clear that there aren’t really that many unique combinations out there, plus people aren’t that secure about their PIN number when entering it, plus keypads and ATM kiosks can be doctored.

So, in order to combat all that, the banks introduced what they claimed would be more secure: contactless technology. No PIN to enter (or forget), no signature to forge. You just touch and go, just like the NFC chips in phones.

Which is fine all the time you have your card on you and guard it with your life, and you keep it in a wallet that is mesh lined to prevent skimming devices.

Here’s the thing though: if you don’t take those measures, in the event of your card being used without your consent, the burden of proof is on you, not the bank, to prove that you didn’t allow another to use your card without your consent, and guess what? How do you prove that with a card that can be read without being touched?

It’s the perfect innovation for banks: because if a card is abused, they’re not out of pocket (from transaction fees) unless you can prove beyond any doubt that you weren’t responsible and through your own inaction, failed to protect it adequately.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.