dslreports logo
site
spacer

spacer
 
   
spc
story category
AT&T, Verizon & T-Mobile Mobile Payment Service Isis Hits a Wall
by Karl Bode 06:40PM Thursday Mar 20 2014
In late 2012 T-Mobile, Verizon and AT&T started trials of Isis, their NFC-based mobile payment platform that turns your smartphone into a debit card. Isis has seen mixed reviews, with many of the vendors supposedly participating in the limited trial never having heard of the service. Isis was officially launched last fall; interested users needing to obtain a secure element SIM card from their wireless carrier, a Near Field Communications (NFC) capable phone, and the Isis mobile app.

But things haven't been all peaches and cream in the telco attempt to get into the banking business. The latest hurdle is the fact that a large coalition of companies, including Best Buy and 7-Eleven, are working together on their own mobile payment platform, and have been turning off Isis NFC sensors, a move that has obviously annoyed the telcos.

To hear Isis CTO Scott Mulloy tell it, if you don't use Isis, you're helping the world perpetuate the type of credit-card fraud that plagued Target:
quote:
"A handful of retailers are moving counter to the broader industry movement towards more secure payment technologies," Mulloy charged. "This affects millions of contactless [smartcards] already in circulation as well as new mobile wallet innovations. It's a massive step backwards.

"When a merchant with thousands or even hundreds of locations turns off contactless [NFC payments] and chooses a less secure option, it's significant for consumers and the broader payments industry, as we have seen with recent high profile data breaches" at Target and Neiman Marcus, he added via email.
Granted the industry is moving away from magnetic stripe credit and debit cards toward chip and pin technologies (including Target), making it appear that Mulloy is just hoping to scare people into adopting their preferred mobile payment standard. Isis was already facing adoption hurdles, and more fractured payment options clearly won't be helping.

view:
topics flat nest 

humanfilth

join:2013-02-14
cyber gutter

wireless security?

Chip and pin is very close to secure. Push card in and enter a PIN that the machine has to accept for purchase.
Some PIN machines, for some reason, you can enter a random number and still have the card accepted.

A wireless RFID card (or unencrypted NFC with push phone button to pay) card is not very secure, especially when the supplier of that card does not bother with even basic encryption to guard all that data from being scanned by people passing by you.

They call it 'digital pickpocket'. Article from May 2013:
»www.komonews.com/news/local/Digi···001.html

Man in the middle attacks can also be done if the payment terminals also don't bother with encryption.

--
When peasants own the government, there is freedom. When the government owns the peasants, there is tyranny
Knowledge and curiosity are not crimes and those who are curious should not be treated like criminals.. »www.eff.org/https-everywhere
meowmeow

join:2003-07-26
Helena, MT

Re: wireless security?

It's far more secure than the swipe cards common in the US. Chip & PIN isn't going to happen in the US, only one bank (USAA) is behind it so far. Chip & Signature will. The security provided is similar to contactless - both far more secure than swipe transactions. Also, worth noting that Best Buy hasn't supported contactless for years - long before ISIS. The reason is that Visa charges extra for contactless transactions. Best Buy has said they WILL support EMV (contact chips) by October 2015. The fact they don't yet (when every store has the readers) is a shame though.

mackey
Premium
join:2007-08-20
kudos:12
Even without encryption contactless is still more secure then swipe. This is because each time you use/read it the security codes changes. The banks know what order the security code sequence should be and if a code is repeated or out of sequence they know the card has been compromised.

/M

dvd536
as Mr. Pink as they come
Premium
join:2001-04-27
Phoenix, AZ
kudos:4

get your phone nicked. . . . .

get your account drained. NO THANKS!
--
Despises any post with strings.
meowmeow

join:2003-07-26
Helena, MT

Re: get your phone nicked. . . . .

MUCH more secure than the physical cards in your wallet...

PhoenixAZ
Get A Mac
Premium
join:2004-01-04
Phoenix, AZ
kudos:1

This isn't going to work

Because the right partnerships aren't there but most of all the problem is the EMPLOYEES!

I tapped my card on the PayPass reader and the cashier didn't even know what button to push! She just said just swipe it.

Training is something Best Buy obviously doesn't have.
pkorx8

join:2003-06-19
San Francisco, CA

Re: This isn't going to work

MCD is one of the few places that take Paypass. I tend to surprise the hell out of their employees whenever I pay with google wallet on the terminal.
Luckily, the employee does not need to do anything in order for the Paypass terminal to work!

PhoenixAZ
Get A Mac
Premium
join:2004-01-04
Phoenix, AZ
kudos:1

Re: This isn't going to work

said by pkorx8:

MCD is one of the few places that take Paypass. I tend to surprise the hell out of their employees whenever I pay with google wallet on the terminal.
Luckily, the employee does not need to do anything in order for the Paypass terminal to work!

And you're right, PayPass always seems to work at McD's mainly because they run all types of cards as credit. So there's only one button to push no matter what kind of card you've used (or in your case, phone)
meowmeow

join:2003-07-26
Helena, MT
Best Buy has contactless disabled, due to a dispute with Visa over the fees.

GlennAllen
Sunny with highs in the 80s
Premium
join:2002-11-17
Richmond, VA

Whom do you trust more?

Your wireless provider? or your credit card company (often, your bank)?

It's close ...but I'll go with my "bank" (credit union, actually). Chips ahoy!

IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1

Re: Whom do you trust more?

And not just any bank but a smaller regional bank like Berkshire Bank. They are more consumer friendly than the big banks like Bank of America or Chase.

IowaCowboy
Iowa native
Premium
join:2010-10-16
Springfield, MA
kudos:1

Visa and MasterCard

I think Visa and MasterCard should be in charge of the mobile payment platform as they are two well known and respected names in the payment processing industry.

Isis is a no-name company in the merchant world.
meowmeow

join:2003-07-26
Helena, MT

Re: Visa and MasterCard

Isis has nothing to do with acceptance. It just presents itself as a contactless credit card. Contactless acceptance in the US is dismal.
pkorx8

join:2003-06-19
San Francisco, CA

the industry needs to get a clue....

As an example of how fragmented contact payment systems are:

I once purchased a Tmo phone & contract at a Tmo store with their Paypass terminal, using my sprint Optimus G with google wallet.
Then the Tmo guy tells me Isis will be coming and it will be better.

Funny how contact payment systems has been working for more than 5+ years in other countries.

Tits_Mcgee

@comcast.net

Payback is a bitch !

I recall not too long ago, Verizon and the bunch disabling Google wallet on Android devices because they had Isis in the works. As a matter of fact, Galaxy users still cant access the app because it coughs of some incompatibility despite it being specifically engineered to work with NFC and the app.

So really, all I see is a bunch of greedy corporate idiots who think they can dictate every single thing that a consumer can do with their phones despite the obvious. With T-mobile pushing uncarrier initiative and the rest of the wireless industry rushing to play catchup, I'd be surprised to see people tying themselves down further by signing up for these services vs say Google Wallet, where you aren't restricted by the phone, carrier and so forth. There's going to be European style revolution when it comes to wireless phone service. Just buy the phone and shop for your carrier.

All this being said, I'm not placing an ounce of fault on Best Buy or 7 Eleven. These very fools set the president back in 2011, Yes its been that long since Google wallet launched. You want our NFC contacts turned back on? Sorry we have a competing service were building, besides you just have the wireless service while we have the stores with goods that people want, the contactless pay counters and soon an app to complete the cycle. Bitch !

SrsBsns

join:2001-08-30
Oklahoma City, OK

Not enough room for multiple players

What makes this service any better than Google Wallet? I use it and its quite secure and easy without a special SIM. Also right now I don't think there is any room for anyone else besides Google due to limited demand in this area.
meowmeow

join:2003-07-26
Helena, MT

Re: Not enough room for multiple players

It's profitable, because it only works with partner issuers, whereas Google has to eat a certain amount of spread. Google Wallet isn't a viable business model, it's a way to get marketing data on a lot of their users.
QLR

join:2009-06-23
Tallahassee, FL
Reviews:
·Comcast

Lack of payment choices

I hate that I can't use a card of my choice. Or if I have the right brand card, I still cannot use it. WTF?!?!?! I had Serve on my account, but my use had dropped, I refuse to pay a fee. I ended up closing it.

As far as checkout goes, I've had success at CVS, a local seafood market, and some McDonalds locations. I never got it to work at Walgreens. When I cant get it to work at the few places I shop, and cant find it at the bulk of the places, and I cant use my financial accounts, I've got something I cannot use.
meowmeow

join:2003-07-26
Helena, MT

Re: Lack of payment choices

Walgreens has (here, at least) tripe mode entry readers, but only has swipe enabled.
JJV
Premium
join:2001-04-25
Seattle, WA

1 edit

No Root

It is designed to check for root access. It your phone is rooted it refuses to work.

Then there is the whole your broke if your battery is dead thing.
Imagine the line of people charging their phones at the grocery store.
rmdir

join:2003-03-13
Chicago, IL

Re: No Root

It's easy enough to work around the root restriction. Worked quite well on my Note 2, and I was able to buy 2 $500 prepaid Visas and got 20% back with the last promotion, so I got 1K worth of Visas for 800 after rebate.
»forum.xda-developers.com/showthr···=2425346
mikev
Premium
join:2002-05-04
Leesburg, VA
Reviews:
·Comcast
·Verizon FiOS
·Callcentric

Happy ISIS User

I've successfully used ISIS with my AmEx card. AmEx adds an additional layer of security in that they generate a secondary account number, rather than using the account number on my card, and give that number to ISIS instead. I also like the fact that ISIS is only active when I start the app, as opposed to other contactless cards that sit in a wallet.

I use it to pay regularly at the Coca-Cola machines in my place of work (which also lets me double-dip on Coke Rewards points - 3 points for the purchase, 3 points for the cap code!), I've used it at Toys-R-Us, and used it at the few other limited places I've found I can use it. I'll likely use it the next time I go to McD's.

If retailers are deliberately disabling the contactless payment sensors, they're not only affecting ISIS. They're also affecting Mastercard's PayPass cards, some AmEx Blue cards, and others that also have contactless chips built into them. Given that these are cards that in some cases have been in circulation for a few years now, it's unfortunate to see retailers turning away this technology just because there's a "competitor" of theirs that is using it now. So much for progress.
meowmeow

join:2003-07-26
Helena, MT

Re: Happy ISIS User

This is the norm in the US. Retailers have triple-method (contact, contactless, swipe) readers, but only have swipe enabled. It's really a shame, since swipe transactions are horrifically insecure as we learned with URM Stores and Target (URM Stores is regional, but suffered a similar breach just two weeks before Target).

IPPlanMan
Holy Cable Modem Batman

join:2000-09-20
Washington, DC
kudos:1

Apple was smart to wait...

What a mess. Apple was smart to wait for ISIS to fail.

Samsung's device bumping feature was "cool"... right until AirDrop came along and made it look ridiculous to have to touch a phone to transfer content.

Dr Demento
I Vant Blud

join:2002-01-02
Denville, NJ

Overall it won't matter until the legacy stuff ends.

As long as there are terminals for accepting both swipe and NFC you're still going to see plenty of places that choose not to turn on, don't out of ignorance or don't bother to maintain the NFC reader. There will need to be virtual NFC ubiquity before every store even pays attention to the technology.