Friday, 11 April 2014

Guest blogger 'Nic Newey writes: Will Paym make fraping look like a childish game?

Many of us will have done it: it’s your round at the pub and you’re all out of cash! Surreptitiously, you have a quiet chat with your closest, or richest, buddy and ask for a loan. Embarrassed and in debt, you then have to fix the problem. Tomorrow, the day after, Monday, when?
No longer will you have to worry. Paym will let you pay your buddy right then and there! All you will need is his phone number. Oh, and you both must have registered with this new bank-to-bank service.
Once you have registered with Paym, linking your mobile phone number with your bank account, you can send and receive cash from similarly registered people. But how?
Take care though. Be very aware!

Peter and Jane

Peter and Jane, on a date, have gone out to a really nice restaurant. After a lovely evening, here comes the bill. They decide to ‘go Dutch’, but… Jane is out of cash! Fortunately though, they are both early adopters and have registered with Paym. Peter, ever the knight, pays the bill and Jane gets out of her predicament by transferring her cash to Peter using Paym. Result!
The operation and security of this service rely on clever customers really understanding the terms & conditions along with the supporting technologies. And (as I’ve corroborated with UK financial services insiders), there are real security issues:
  • How can Paym ensure that the registrant is actually the owner of the phone and not a ‘fraper’, for example?
  • Unlike sort codes and account numbers and card numbers, phone numbers offer no validation opportunities. You could easily pay the wrong person.
  • To counter that, the service shows the name of the person when you try to pay them! So when Jane tries to pay Peter and accidentally uses my number, why should she see my name? I may not know her from Adam. All we have in common is a Paym registration, but this potential DPA incident is apparently covered by the Ts & Cs of my Paym registration.
  • Fred Bloggs, a PayG ‘burn phone’ owner, decides to randomly select mobile numbers and eventually gets my name. Why?
  • What if you change your phone and, like many, fail to ‘port’ the number. Your mates may be paying landfill sites! They’ve ‘paid’ their debt. You’ve not received the payment. A very embarrassing conversation, for both parties, ensues.
  • (Peter and Jane break up!)
Who recovers these situations, and how?

Some time later

Time has passed and Peter and Jane are out on another date. After another lovely evening, they decide to ‘go Dutch’ again, but Peter is out of cash! Jane is happy to pay the bill with Peter paying her via Paym. Result? Uh oh!
After a few years, ‘dead’ mobile numbers get recycled. Jane has changed her phone, but has failed to ‘port’ her old number. No worries! Peter knows her new (recycled) number, so he sends his share to that number. Now it gets complicated…
Did Bill Smith, the previous owner of the number, register with Paym?
  • Yes: Will Peter see that Bill is named? Will Bill care? If Peter’s concentrating on Jane, how will the mess be cleared up?
  • No: Is this an unadvertised failure case. We’ll see!
Has Jane registered her ‘new’ number with Paym?
  • Yes: How does Paym cope with the potential conflict?
  • No: More failure cases.
Will I register with Paym? You know the answer. There is a better solution out there and, I think, all we need to do is wait for the, already interested, operators of the sector on the other side of the Paym registration process.

Copyright (c) 'Nic Newey.
This site does not represent the views of  the authors' employers or clients

No comments:

Post a Comment