How contactless cards are still vulnerable to relay attack

From The Conversation.

Contactless card payments are fast and convenient, but convenience comes at a price: they are vulnerable to fraud. Some of these vulnerabilities are unique to contactless payment cards, and others are shared with the Chip and PIN cards – those that must be plugged into a card reader – upon which they’re based. Both are vulnerable to what’s called a relay attack. The risk for contactless cards, however, is far higher because no PIN number is required to complete the transaction. Consequently, the card payments industry has been working on ways to solve this problem.

The relay attack is also known as the “chess grandmaster attack”, by analogy to the ruse in which someone who doesn’t know how to play chess can beat an expert: the player simultaneously challenges two grandmasters to an online game of chess, and uses the moves chosen by the first grandmaster in the game against the second grandmaster, and vice versa. By relaying the opponents’ moves between the games, the player appears to be a formidable opponent to both grandmasters, and will win (or at least force a draw) in one match.

Similarly, in a relay attack the fraudster’s fake card doesn’t know how to respond properly to the payment terminal because, unlike a genuine card, it doesn’t contain the cryptographic key known only to the card and the bank that verifies the card is genuine. But like the fake chess grandmaster, the fraudster can relay the communication of the genuine card in place of the fake card.

For example, the victim’s card (Alice, in the diagram below) would be in a fake or hacked card payment terminal (Bob) and the criminal would use the fake card (Carol) to attempt a purchase in a genuine terminal (Dave). The bank would challenge the fake card to prove its identity, this challenge is then relayed to the genuine card in the hacked terminal, and the genuine card’s response is relayed back on behalf of the fake card to the bank for verification. The end result is that the terminal used for the real purchase sees the fake card as genuine, and the victim later finds an unexpected and expensive purchase on their statement.

The relay attack, where the cards and terminals can be at any distance from each other. Author provided

Demonstrating the grandmaster attack

I first demonstrated that this vulnerability was real with my colleague Saar Drimer at Cambridge, showing on television how the attack could work in Britain in 2007 and in the Netherlands in 2009.

In our scenario, the victim put their card in a fake terminal thinking they were buying a coffee when in fact their card details were relayed by a radio link to another shop, where the criminal used a fake card to buy something far more expensive. The fake terminal showed the victim only the price of a cup of coffee, but when the bank statement arrives later the victim has an unpleasant surprise.

At the time, the banking industry agreed that the vulnerability was real, but argued that as it was difficult to carry out in practice it was not a serious risk. It’s true that, to avoid suspicion, the fraudulent purchase must take place within a few tens of seconds of the victim putting their card into the fake terminal. But this restriction only applies to the Chip and PIN contact cards available at the time. The same vulnerability applies to today’s contactless cards, only now the fraudster need only be physically near the victim at the time – contactless cards can communicate at a distance, even while the card is in the victim’s pocket or bag.

While we had to build hardware ourselves (from off-the-shelf components) to demonstrate the relay attack, today it can be carried out with any modern smartphone equipped with near-field communication chips, which can read or imitate contactless cards. All a criminal needs is two cheap smartphones and some software – which could be sold on the black market, if it is not already available. This change is likely the reason why, years after our demonstration, the industry has developed a defence against the relay attack, but only for contactless cards.

A rigged payment terminal capable of performing the relay attack can be made from off-the-shelf components. Author provided

Closing the loophole

The industry’s defence is based on a design that Saar and I developed at the same time that we demonstrated the vulnerability, called distance bounding. When the terminal challenges the card to prove its identity, it measures how long the card takes to respond. During a genuine transaction there should be very little delay, but a fake card will take longer to respond because it is relaying the response of the genuine card, located much further away. The terminal will notice this delay, and cancel the transaction.

We set the maximum delay to 20 nanoseconds – the time it takes a radio signal to travel six metres; this would guarantee the genuine card is no further away than this from the terminal. However, the contactless card designers made some compromises in order to be compatible with the hundreds of thousands of terminals already in use, which allows far less precise timing. The new, updated card specification sets the maximum delay the terminal allows at two milliseconds: that’s two million nanoseconds, during which a radio signal could travel 600 kilometres.

Clearly this doesn’t offer the same guarantees as our design, but it would still represent a substantial obstacle to criminals. While it’s enough time for the radio signal to travel far, it’s still a very short window for the software to process the transaction. When we demonstrated the relay attack it regularly introduced delays of hundreds or even thousands of milliseconds.

It will be years before the new secure cards reach customers, and even then only some: there is only one Chip and PIN specification, but there are seven specifications for contactless cards, and only the MasterCard variant includes this defence. It’s not perfect, but it makes pragmatic compromises that should prevent smartphones being used by fraudsters as tools for the relay attack. The sort of custom-designed hardware that could still defeat this protection would require expertise and expense to build – and the banks will hope that they can stay ahead of the criminals until the arrival of whatever replaces contactless cards in the future.

Author: Steven J. Murdoch, Royal Society University Research Fellow, UCL

Under Pressure, US Banks Vie for Instant Payment Market

From NY Times.

In this digital age when almost anything can be had in an instant, the movement of money can seem glaringly slow.

Most people paying a housekeeper or collecting money for an office pool still use cash or a check, which can take days to go through — a relative eternity that banking regulators worry is impeding commerce and economic growth.

MobilePay

The slowness has led many Americans to new mobile services, like PayPal’s Venmo or Square Cash, which make it possible to pay a friend instantly with just a phone.

Venmo processed nearly $4 billion in P2P payments last quarter, which represented 141% growth from the prior-year quarter. By comparison, mobile payments processed at PayPal’s core app rose 56% annually to $24 billion.

PayPal’s total processed payments — which include its website, third-party sites, retail stores, and Xoom — rose 29% on a constant-currency basis to $86 billion during the quarter. Venmo might seem small when compared to PayPal’s entire business, but it’s also its fastest-growing platform. However, Venmo is already facing lots of competition in the P2P payments space.

Now, the banks are catching up. On Monday, Wells Fargo joined JPMorgan Chase, Bank of America and US Bank in allowing customers to send money in seconds to one another’s bank accounts using just a phone number or email address. Customers of the biggest banks can now use their mobile phones, say, to send money instantly to a child in college who needs cash.

“We pay attention to what customers are asking for, and we are doing all the things we need to stay competitive,’’ said Brett Pitts, who leads digital initiatives at Wells Fargo.

The stakes are high: Banks are under broad pressure both from the Federal Reserve, which has a “faster payments committee” aimed at requiring immediate improvements, and from tech companies like PayPal and Apple, whose Apple Pay service was a bright spot in its recent earnings report.

All these companies, and Visa and MasterCard, are competing to build and control the payment network of the future.

Banks are promoting their new services as cool and convenient: One Chase advertisement shows the basketball star Stephen Curry dribbling a basketball while making an instant payment on his phone.

American bank executives fear that they could lose ground to plucky payment companies like Venmo, a popular choice among millennials who want to pay each other — and send emoji-filled messages to their friends.

The banks worry that if they do not respond with their own instant payment offerings, they will be relegated to performing less-profitable back-office functions for hip new payment companies, which make their money primarily by charging small fees to customers who pay by credit card rather than directly from a bank account.

The person-to-person payment market is valuable because it allows financial companies to gain the first point of contact with a consumer and then try to sell them other products like loans.

Analysts predict that eventually the new payments network could be extended to connect consumers with merchants, providing a potentially lucrative source of fees for banks.

“It’s like owning a toll road: You are going to get paid by everybody that uses it,” said Gareth Lodge, a payments analyst at Celent, a financial consulting firm.

Mastercard and Visa, which have a tight grip on payments made with credit and debit cards, are also trying to gain a foothold in these new networks.

Late last month, Mastercard acquired a majority stake in VocaLink, the company that operates a mobile and internet payment network in the United Kingdom and is helping to develop an even broader system in the United States. Also, Visa recently announced a broad partnership with PayPal that will make both of their offerings more instantaneous.

Instant person-to-person payment is something that people in many other countries have been able to do for years, and the absence of the service in the United States has been a marker of the relative backwardness of American banks.

The banks began developing the system being introduced this year in 2011, when Bank of America, JPMorgan and Wells Fargo created a network called clearXchange. That system has already allowed bank customers to send each other money using just an email address or cellphone number, but transactions were not instant until this year.

In addition to payments technology that the nation’s largest banks are rolling out this summer, banks that belong to an industry group called the Clearing House are developing a broader network that will allow businesses and even governments to make large instant payments.

A fast and efficient payment network also has implications for the economy. Federal officials and analysts say the current lag time between when a payment is sent and when the money is cleared to spend can hinder businesses from balancing their books and managing their supplies. The lag also puts the United States at a disadvantage compared with, say, Europe, where banks are far ahead in making payments instantaneous.

The banks now face a challenge to make their real-time technology easy enough to lure customers away from start-ups like Venmo.

With Venmo, a user can send money to anyone simply by tapping into the app and entering a phone number or email address. By contrast, customers of JPMorgan Chase, for example, must log into their Chase app using their password, then navigate through a series of somewhat clunky tabs to initiate a transaction with QuickPay. The banks also lack the social networking capabilities that have helped make Venmo a hit.

Talie Baker, a payments analyst at the Aite Group, a banking consultancy, said that even her friends who have Chase’s service often do not think it is worth using. “I can’t get anybody to accept a Chase QuickPay payment from me,” she said. “Banks are probably going to start losing market share if they don’t make their applications as easy to use as Venmo is.”

Chase and the other banks say the additional steps they ask of customers provide more security. The banks also say they are already handling significantly more personal payments than Venmo and other competitors like Square Cash.

Chase said that last year it processed about $20 billion in so-called peer-to-peer payments, while Venmo handled about $10 billion. PayPal as a whole made about $40 billion in such payments, the company said.

The banks should have a significant advantage over technology companies, given the sheer number of customers they already have, payment industry analysts say.

PayPal and the banks say the most immediate opportunity is not taking business from one another, but cannibalizing the enormous number of payments that are still made by cash and check, which represent more than three-quarters of all peer-to-peer transactions.

Bill Ready, who oversees Venmo at PayPal, said he was happy that American banks were finally catching up with the progress that has been made in most other developed countries.

“The rest of the world has already been here a long time,” he said. “To see an industry move is a great thing.”

ANZ and Amex the winners in Australia’s banks’ fight with Apple over payment apps

From The Conversation.

Australia’s banks have always enjoyed a lucrative income from credit card “interchange fees”, the charges that the banks levy on merchants’ sales. These fees amount to AU $2.5 billion a year which are ultimately passed on to consumers.

MobilePay

Unwilling to share any of this revenue with Apple, all but ANZ and American Express have refused to adopt Apple Pay. Instead, four of the largest banks, NAB, Westpac, Commonwealth and Bendigo and Adelaide have asked Australia’s competition regulator, the ACCC, for permission to act collectively to negotiate with Apple over access for their own digital wallet products on its phones, tablets and watches.

The banks, along with their industry representatives are claiming that they are taking this action in the interest of providing “Australians with real choice and better outcomes”. They are also allegedly concerned about security and standards surrounding the way in which customers add their cards to Apple Pay.

Even if granted, the likelihood of Apple negotiating access to the underlying payment mechanisms in the phone to the Australian banks is zero. Ceding on this would not only require Apple to create the mechanisms by which third parties could integrate with the hardware and software in their devices but it would essentially be giving up on the substantial global revenue derived from Apple Pay that is only set to grow.

Giving in to Australian banks, which in total represent a small fraction of their overall Apple Pay earnings, would mean opening up access to Apple Pay to every bank globally. Something that Apple would never do. Apple would be more likely to forego Australia altogether before taking that radical a step.

If anyone had an anti-competitive complaint to make, it would be Google and Samsung whose Apple Pay alternatives, Android Pay and Samsung Pay are also not compatible with the iPhone platform. The fact that they haven’t complained about this as such is because it wouldn’t be worth their while competing with Apple Pay which is integrated into the underlying operating system.

The banks would like to claim that their own technology somehow would be better than using Apple Pay. The banks’ tap and pay apps however require opening them up and entering a PIN, logging in or using a fingerprint login, rather than simply holding the phone against the tap and pay terminal with your thumb on the home button. The banks’ apps have also been historically beset with issues and delays in supporting new versions of Android in particular.

Perhaps Apple should not feel particularly victimised however. The Commonwealth Bank, Westpac and NAB have rejected any support for Android Pay or Samsung Pay as well.

ANZ is the only Australian bank to have taken on Apple Pay after originally being part of the other banks’ initiative to collectively bargain with Apple. The move by ANZ CEO Shayne Elliott to be the bank to adopt the latest mobile digital technology is a smart one because it has clearly differentiated ANZ as a technological leader in this space. Elliott claims that the support of Apple Pay has attracted new customers to the bank.

ANZ’s and American Express’s support for Apple Pay and Android Pay has actually given customers what they want. What they want is to be able to use what large numbers of other people in other countries can use. Being part of the “Apple” or “Samsung” or “Android” group forms part of a user’s self and social identities and fulfils a psychological need of relatedness. Being excluded from this group by banks whose predominant consideration is profits will only cause dissatisfaction and resentment amongst their customers.

ANZ’s acceptance of Apple Pay will presumably also weaken the case of the other banks that they are being disadvantaged by Apple’s closed payment system. The brinkmanship of the banks will come to a head next year when the NSW transport system starts trialling the use of tap-and-pay cards to pay for travel. If the experience in London is anything to go by, this will drive even greater use of mobile tap-and-pay which for iPhone or Apple Watch users benefits only ANZ, American Express and Apple.

Author:David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Android Pay arrives in Australia

From IT Wire.

Google’s Android Pay mobile payments system has arrived in Australia with American Express and Visa cards first off the rank, with MasterCard to be added “in a few days”.

Like Apple Pay, Android Pay uses the combination of NFC and tokenisation to allow a mobile phone to be used in place of a contactless payment card. And there’s a mechanism for in-app payments, again like Apple Pay.

MobilePayThe first round of Australian financial institutions backing Android Pay are American Express, ANZ, Bank Australia, Bank of Sydney, Beyond Bank, CAPE Credit Union, Central West Credit Union, EECU, First Option Credit Union, Goulburn Murray Credit Union, Holiday Coast Credit Union, Horizon Credit Union, Intech Credit Union, Laboratories Credit Union, Macquarie Bank, Mystate Bank, Northern Inland Credit Union, People’s Choice Credit Union, QT Mutual Bank, Queenslanders Credit Union, South West Slopes Credit Union, Sydney Credit Union, Teachers Mutual Bank, The Mac, The Rock, WAW Credit Union Co-Operative, Woolworths Employees’ Credit Union, and Wyong Shire Credit Union.

And “coming soon” are Bank of Melbourne, Bank SA, Bendigo Bank, RAMS, St George Bank, and Westpac.

NAB and Commonwealth are notable by their absence, but both have their own mobile payment apps already (NAB, CBA).

Google’s list of participating institutions will be kept updated.

Early adopters of in-app Google Pay include Catch of the Day, GoCatch, Jetstar, Kogan and Menulog.

The Google Pay app is supposed to work with any non-rooted NFC-enabled Android device running KitKat 4.4 or later. But there are some reports that it is not working with all phones meeting that specification.

ANZ becomes first major Australian bank to offer Android Pay

ANZ says today it became the first major bank to launch Android Pay in Australia. ANZ customers can now use Android Pay to make simple and secure purchases wherever contactless payments are accepted with either an ANZ Visa debit or credit card, or an ANZ American Express credit card.

ANZ Chief Executive Officer Shayne Elliott said:

Being the first major bank in Australia able to offer Android Pay is another important milestone for ANZ as we work to build the best digital bank for our customers. Given Android is the most popular smart phone operating system in Australia, we know today’s announcement will be well received by both our retail and merchant customers.

Google Senior Director Product Management Pali Bhat said:

We’re excited to bring the simplicity and security of mobile payments to ANZ customers with Android Pay. “Using Android Pay is more secure – and much faster – than rummaging through your wallet for a plastic card. Starting today, people will be able to use their Android device to pay at almost 800,000 contactless payment terminals in Australia.

ANZ customers with an eligible Android device can now choose Android Pay or ANZ Mobile Pay at retailers that accept contactless payments anywhere in Australia. Android devices with the KitKat operating system or later can use Android Pay through the Near Field Communication chip in the phone or tablet to make purchases. Android Pay uses tokenisation security to generate a unique number for each purchase so customer card details are never actually shared with the retailer directly.

Apple Pay in Play With More Banks

From Business Insider.

ANZ Banking Group says its recent deal with Apple to provide Apple Pay in Australia has sparked a surge in applications for credit cards and deposit accounts, which has forced the other major banks to re-enter negotiations with the technology giant.

The main sticking point continues to be how to divide up the billions of dollars of fee income banks earn from processing payments.

ANZ chief executive Shayne Elliott said at the bank’s interim results last week that online credit card applications were up 20 per cent since the deal with Apple was announced on April 28.

On that day, online deposit applications were the highest on record – more than double the average – Mr Elliott said and “that higher level [is] continuing”.

It is understood that under strict confidentiality agreements imposed on ANZ by Apple, the bank is not able to disclose how many of its Visa debit and credit cards have been loaded up onto Apple Pay.

But ANZ’s Apple Pay microsite had 61,000 unique visitors over four days, and traffic to the bank’s main anz.com website has been 6 per cent higher than average since the launch.

Mr Elliott said “the vast bulk of this increased activity comes almost purely from social media engagement.”

Of the ANZ customers using goMoney internet banking, 69 per cent have an Apple iPhone, providing “a rich source of existing customers who want Apple Pay,” Mr Elliott said.

“Plus [there is] a vast number of new customers. Whilst it is early days the results have been outstanding.”

ANZ is ramping up its marketing of the deal, using its Apple Pay capability in a television advertising campaign while advertisements are adorning bus shelters around Sydney.

In interviews last week, the chief executives of Westpac Banking Corp, Brian Hartzer, and National Australia Bank, Andrew Thorburn, said negotiations with Apple will continue.

Westpac had struck a deal with Samsung two years ago to offer tap and go on Samsung phones “which is essentially the identical experience” as Apple Pay, Mr Hartzer said.

“It would be nice for us to offer [Apple Pay] in the context of what we are doing but in the end it has to be commercially sustainable. We will continue to talk to [Apple] and other wallet providers and see where we get to.”

Mr Thorburn pointed to NAB Pay, which was launched in January for Android phones and has been enabled by 25,000 customers and processed 100,000 transactions, according to a slide in NAB’s investor pack last week.

“We are going to look at ways to deploy NAB Pay,” Mr Thorburn said.

“We would like to deploy it with Apple. But obviously that is an important conversation that we will have to have with them. We think NAB pay is strong and easily deployable on any device, we just need to work with the providers to get that to be the case.”

Dividing the pie

Apple’s deal with ANZ was reached after the bank agreed to give up some of its interchange fees to Apple, and Apple was willing to compromise and reduce the level of fees it demanded from US banks, but confidentiality agreements imposed prevent discussion of the details.

Australian banks earn around $2 billion a year in interchange fees, which are paid by merchants for use of payments infrastructure.

But the fees are being pushed down by caps that have been imposed by the Reserve Bank of Australia. The major banks reported lower interchange fee income as a result of these measures last week.

The RBA is pushing to lower interchange fees to 30¢ for $100 of transactions, down from 50¢ for $100 of transactions.

In the United States, Apple is believed to earn about US15¢ on every $US100 of transactions. But in the US, the bank interchange fee is $1 for $100 of transactions.

However, given that ANZ debit cards are part of the deal, ANZ may have negotiated a flat fee for each transaction rather than one based on the volume of transactions because debit card interchange fees are flat, in contrast with credit card fees based on transaction volume.

Australians quick to adopt mobile payments technology – NAB

National Australia Bank (NAB) says customers have rapidly adopted mobile payments technology with the bank’s new NAB Pay service downloaded more than 18,000 times in just the first month.

The convenience of being able to pay for everyday items like fast food, fuel and groceries using your mobile phone has seen customers make more than 60,000 purchase transactions since the service launched earlier this year.

In just over a month:
· More than 18,000 customers are using NAB Pay to make purchases using their mobile phone.
· More than 150 customers are activating NAB Pay, every day.
· More than 300,000 customers have downloaded the latest version of NAB’s Mobile Internet Banking App, enabling access to NAB Pay.

Compared to Paywave transactions:
· NAB Pay is used more for lunch, coffee and snacks with a higher proportion of transactions at cafes, restaurants fast food and supermarkets (60% of NAB Pay transactions vs 52% of Paywave)
· NAB Pay is used more for lower ticket items ($13 for NAB Pay vs $19 for Paywave)

Top NAB Pay Merchant categories:
Category                       NAB Pay transactions                Paywave transactions                Difference
Supermarket                                29%                                               26%                                      3%
Fast Food                                     18%                                                15%                                     3%
Restaurant                                   13%                                                11%                                     2%
Service Station                            10%                                               11%                                     -1%
Retail                                              7%                                                  9%                                     -2%
Other                                              23%                                               28%                                   -5%

NAB Executive General Manager for Consumer Lending, Angus Gilfillan, said the number of customers using NAB Pay had significantly exceeded expectations.

“Customers love how simple and easy the service is to use, which is why we’re seeing more people using NAB Pay at the register,” Mr Gilfillan said.

“As expected, transactions have mostly been below the $100 mark, with customers using NAB Pay for coffee, lunches, general grocery shopping and petrol.

“Notably, we’ve also seen customers use NAB Pay for larger transactions at electronic retailers, where they purchased the likes of televisions and whitegoods for their homes.”

During the working week, NAB Pay transactions spike at lunchtime, mainly at fast food restaurants, and between 6pm and 7pm, where most spending is done at the supermarket on the way home from work.

Mr Gilfillan said customers were continuing to drive the agenda and we could expect to see more Australians using their mobile phone to make purchases.

“Australians have been fast adopters of contactless payments, with more than 70 per cent of transactions now done in this way,” he said.

“If NAB Pay is anything to go by, it won’t be long before mobile payments become the common payment method for our customers.”

Last week, NAB introduced all consumer Visa Qantas and Velocity Rewards credit cards to the NAB Pay service.

“We’re delighted to bring our most popular credit cards to NAB Pay and will continue acting quickl to make other cards products available as soon as possible,” Mr Gilfillan said.

“We’re focused on delivering the number one cards experience in Australia and look forward to extending our digital wallet offering in the coming months.”

To use NAB Pay, customers will need a compatible Android device, have downloaded the latest NAB Mobile Internet Banking App and have a NAB Visa Debit card and/or eligible Visa Qantas and or Velocity Rewards credit card. NAB Pay is available wherever contactless payments are accepted.

US Mobile Banking Trends Updated

Mobile banking use continued to rise last year as smartphone adoption grew and consumers were increasingly drawn to the convenience of mobile financial services, according to a US Federal Reserve Board report, Consumers and Mobile Financial Services 2016, released on Wednesday.

The report documents consumers’ use of mobile phones–Internet-enabled smartphones as well as more basic phones with limited features–as they bank and carry out financial activities. It is the Board’s fifth annual look at how consumers use mobile phones to access banking services (“mobile banking”), make payments, transfer money, or pay for goods and services (“mobile payments”), and inform financial decisions, as well as their reasons for using these services.

As of November 2015, 43 percent of adults with mobile phones and bank accounts reported using mobile banking–an increase of 4 percentage points from the prior year’s survey. The most common way that consumers use mobile banking is checking their account balances or recent transactions, followed by transferring money between accounts. More than half of mobile banking users received an alert from their financial institution through a text message, push notification, or e-mail–making this the third most common use of mobile banking.

For those who have adopted mobile banking, use of a mobile phone appears to complement their use of other banking channels. Among mobile banking users with smartphones, 54 percent cited the mobile channel as one of the three most important ways they interact with their bank. This share is below those that cited online (65 percent) and ATM (62 percent) as most important, but slightly above the share that cited a teller at a branch (51 percent).

Use of mobile payments continues to be less common than use of mobile banking. Twenty-four percent of all mobile phone users, and 28 percent of smartphone users, made a mobile payment in the 12 months prior to the survey. For smartphone owners who reported making payments with their phones, the most common types of mobile payments were paying bills, purchasing a physical item or digital content remotely, and paying for something in a store.

Use of mobile financial services varies across demographic groups. For particular groups of respondents to the 2015 survey–such as younger adults, Hispanics and non-Hispanic blacks–the shares who reported using mobile banking and mobile payments were higher than the overall survey averages. Smartphone ownership among those with mobile phones is higher for Hispanics than for non-Hispanic whites in this survey.

Consistent with findings from prior years, a majority of consumers using mobile banking and mobile payments cite convenience or getting a smartphone as their main reason for adoption. The main impediments to the adoption of mobile financial services continue to be a stated preference for other methods of banking and making payments, as well as concerns about security.

Concerns about the security and privacy of personal information continue to be expressed by mobile phone users, and the majority of smartphone users reported taking actions that can reduce harm in case of a security incident. The most common actions were installing updates, password-protecting the phone, and customizing privacy settings.

The survey was conducted on behalf of the Board by GfK, an online consumer research firm. The 2015 survey was conducted from November 4-23, 2015. More than 2,500 respondents completed the survey.

Previous surveys have informed the Federal Reserve and other parts of the government on consumer banking and payment behavior and have supported basic research and public discussion.

The 2016 report and a video summarizing the survey’s mobile financial services findings may be found at: http://www.federalreserve.gov/communitydev/mobile_finance.htm.

Digital payment providers yet to win war on cash

From The Conversation.

There is mounting evidence from many countries around the world that the use of cash is declining.

In Sweden, around 80% of all transactions in the retail industry are made by cards.

In the United Kingdom, Transport for London (TfL) enables people to pay for their tube, train or tram journeys with a tap of their bank cards and this contactless payment now represents 25% of all (TfL) pay-as-you-go transactions. From 2018 New York subway and bus travellers are expected to be able to pay with their contactless bank cards or mobile phones.

And in Australia both the volume and value of cash withdrawals from the ATM network continue to fall from their peak in 2008, despite an ever-increasing number (now over 31,000) of available ATMs. Indeed figures released in February 2016 by the Reserve Bank of Australia (RBA) show consumers withdrew an average of A$11.7 billion a month from ATMs in 2015, down 1.7% from 2014.

Cash not done yet

And yet in other countries, cash is still king. Japan is still heavily reliant on cash for everyday purchases in retail outlets and restaurants. According to the Bank for International Settlements’ statistics on payments for 2014, there is US$6,429 of banknotes and coins in circulation per person in Japan, compared to US$2,459 for Australians and US$1,588 for the British.

Of further interest is that in Australia by 2014, the total volume of notes on issue was A$60.8 billion, with 92% of this total being in the high denomination A$50 and A$100 notes. According to data from Retail Banking Research, global ATM cash withdrawal volumes grew by 7% in 2014 and the upsurge in usage was most evident in the Asia-Pacific, Middle East and Africa regions.

So how to explain this seeming dichotomy between the holding and use of cash and the use of cards or mobile phones to make payments? Well as human beings we seem to have a psychological relationship with cash, that gives it an enduring appeal.

Cash is widely accepted; it is easy to carry; it is untraceable and it is reliable in times of crisis. People may be particularly attracted to notes because of the way they look and feel and because they want to store their wealth in physical objects, as the world around them becomes more unstable. This trust in “real currency” could explain the large increase in demand for cash during the global financial crisis, as people sought the “comfort” of a wad of banknotes.

Cash can also be used to avoid paying taxes; who amongst us has never used the words “Would that be cheaper for cash?”. The use of cash supports the “black” or “grey” economy, where tax evasion requires untraceable transactions. It is also more than useful where illegal activities produce wealth that needs to be kept secret from the authorities. Perhaps this helps to explain the proliferation of A$100 notes in circulation, but often rarely actually seen in circulation?

Despite the growth of card payments; the arrival of Android Pay, Apple Pay and Samsung Pay and the cryptocurrencies such as Bitcoin, cash is still here and here to stay.

Author: Steve Worthington, Adjunct Professor, Swinburne University of Technology

ANZ Mobile Pay helps customers tap and pay

ANZ today launched its own mobile payments app giving customers the freedom to tap their phone for purchases and cash withdrawals in a quick and secure format. Customers with an Android smartphone can download ANZ Mobile Pay from today and turn their phone into a virtual credit or debit card with the broadest range of cards on offer.

ANZ Managing Director Products and Marketing Matt Boss said: “This new app is another demonstration of ANZ’s commitment to providing customers with innovative solutions to make their lives easier.

“ANZ Mobile Pay delivers a payments solution for our customers to help them take full advantage of the rapidly changing digital environment we live in, including the ability to withdraw cash from contactless-enabled ANZ ATMs with a tap of their phone.

“Customers using ANZ Mobile Pay will be able to add their existing credit or debit card, and then simply tap their mobile phone for purchases at contactless retail locations anywhere in the world with the security we provide for all online and digital transactions,” he said.

“Given Australians are already the most prolific users of contactless payments in the world and the fact that Android is a major player in the local smartphone market, we believe ANZ Mobile Pay will be a popular addition for many of our customers.”

ANZ Mobile Pay allows customers to:

  • Add a range of ANZ Visa and American Express® credit cards, as well as ANZ Visa Debit cards
  • Choose the way you pay with three payment options: Wake to Pay, Launch to Pay and Passcode to Pay
  • Enter your PIN for all payments over $100
  • Withdraw money at supported contactless-enabled ANZ ATMs

ANZ Mobile Pay is available for download from the Google Play store from today. Once installed, customers just need to tap their card against the phone, then enter their date of birth and mobile number, and finally choose their preferred payment option