Industry split over security of new PayPal 'Check In' scheme - PC Retail

Industry split over security of new PayPal 'Check In' scheme

Some security experts warn the payment system is risky and could be subject to human error
Author:
Publish date:
1-paypal_app-web.jpg

Industry watchers are divided over the PayPal service that lets shoppers pay in stores using a smartphone app.

The ‘Check In’ payment system is being trialled on Richmond High Street in London, and while some warn it may be unreliable, others have welcomed it.

Consumers can download the PayPal app for iOS, Android or Windows Phone and set up an account with a photograph of themselves. When paying for goods, users ‘check in’ via the app, the shop assistant then looks at the account on their own device, and if the picture that appears matches the face in front of them, payment can be confirmed.

Gareth Jordan, commercial director for Retail Advantage told PCR: “It is good to see new innovations that make the High Street more accessible for consumers. The ‘Check In’ service from PayPal sounds like it might really offer a boost to bricks and mortar retail.”

Ian Kirk, computer engineer at Forum Computers, added: “It could encourage more customers to shop on the High Street and it seems so easy, you can have one centralised account to manage your shopping both online and in person."

“However, working in a shop myself, I am concerned about the supposed lack of security enforced on payments. I imagine it could be extremely easy to log into a PayPal account of a stolen phone and change the account picture.”

Two-step authentication specialist firm SecurEnvoy has slammed the system.

The company’s co-founder, Andy Kemshall, said he has “serious doubts” about the security of the system’s face recognition authentication. “It’s a risky method that could easily be subject to human error.”

But Panda Security’s Neil Martin told PCR that a thief would still find it incredibly difficult to use someone else’s account.

“The security applied to the app includes the normal PayPal credentials and the app times-out if not in use. So a theft would potentially need to bypass any phone unlock security and then the PayPal app security in order to purchase something.”

Brian Trevaskiss, head of marketing at More Computers, said the system should only be used for small purchases, due to security risks.

“The PayPal check in service seems a good idea, but I’d say the retailer would need to issue clear guidelines to staff on how to handle the transactions,” he told PCR. “At the top of my list would be to only use it for low value sales."

Related