Barclays Pingit ushers in mobile-to-mobile payments
Sooner than I expected (see January Bulletin 296) the first UK bank has launched an attractive looking payments service on top of Faster Payments. Barclays Pingit allows any Barclays customer to send up to £300 to any other UK bank account holder using just their mobile phone number as identification. This strikes me as a much more realistic and useful application of mobile phone technology than the much-hyped mobile NFC.
I haven’t used Pingit but I’ve watched the videos and read the reviews and it looks pretty good to me. Essentially there is a registration process for both payer and payee in order to download an app and link their mobile phone numbers to account details. Then the actual payment is made using a Faster Payments direct credit transaction from one account to the other, authenticated with a new 5 digit passcode, distinct from the payer’s normal PIN. An SMS alert confirms the payment to both parties.
To their credit, Barclays appear to have implemented a robust security system for the registration process, which, I’m delighted to say, leverages chip and PIN in the form of a card transaction at either an ATM or using PINSentry (Remote Chip Authentication). This has already elicited some indignation in popular blogs, which I take to be reassuring! Nevertheless, as also touched on in the January Opinion article, I feel we are entering uncharted waters here, with a risk that if or when this type of mobile service becomes mainstream, it will attract the attentions of professional fraudsters who will undoubtedly exploit any weakness if one is there. I have little technical expertise when it comes to mobile phones, and those who do have such expertise assure me that my fears are unfounded, but I can’t help having an uneasy feeling that typing any kind of PIN or password into a mobile phone is a bad idea. Even if our phones are not yet as riddled with malware and subject to repeated phishing attacks as our PCs appear to be, it must surely only be a matter of time. But let’s hope I’m being unduly pessimistic.
The other interesting feature of Pingit is that it appears to be completely free for both payer and payee. This gives it a distinct advantage relative to other mobile-to-mobile payment services from PayPal or the two main card schemes. Of course Pingit is restricted to the UK while the other services are global, but for most of the sort of scenarios at which it is directed – settling bills in restaurants and so on – that’s probably not a problem. And of course there is always the spectre for the card schemes that ACHs in different countries will hook up to enable this sort of service across borders.
Meanwhile, a few days after the Barclays announcement, it was announced that Vocalink is to build a database allowing any UK bank customer to link their phone number to their account details for mobile-to-mobile payments. This is part of a long-running Payments Council project involving all major UK banks, including Barclays. Has Barclays jumped the gun? Those with long memories who were involved in the EftPos UK project will recall that Barclays has form in this respect, having at the eleventh hour broken ranks by launching Visa Connect instead of going along with a Unified Debit Card Scheme (UDCS) shared by all the banks. In that case the other banks responded with the Switch card and the rest is history. It will be very interesting to see if history is repeating itself in this case!
Banking Automation Bulletin Opinion Article, February 2012, by Nick Collin