Flutterby™! : How come nobody's done a take a

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

How come nobody's done a take a

2013-03-01 17:21:09.253359+00 by Dan Lyke 9 comments

How come nobody's done a "take a picture of this QR code to pay for your purchase" system yet? We don't need NFC for that. #freebusinessidea

[ related topics: Consumerism and advertising ]

comments in descending chronological order (reverse):

#Comment Re: made: 2013-03-05 00:21:20.973674+00 by: meuon

"Of course if "payment processor with integrity" didn't make you break down in hysterics, you've never actually had a credit card..."

If most people have seen the things I have, they would never ever use one. I'm actually impressed that fraud and abuse it as low as it is.

I was recently emailed a spreadsheet with thousands of transaction records and asked to make the system (for a utility) use that data for recurring payment transactions.

#Comment Re: made: 2013-03-03 18:22:22.876812+00 by: Dan Lyke

Yeah, SSL should take care of most of the MItM attack issues, so that portion could just be PayPal (if they haven't scared everyone off yet), but the malicious QR code issue is a point. You'd still want people to have to acknowledge the purchase, and any payment processor with integrity would want single tokens per transaction with some relatively short lifespan to avoid the "print a 'transfer a whole bunch of money to my account' sticker and plaster it everywhere" problem.

Of course if "payment processor with integrity" didn't make you break down in hysterics, you've never actually had a credit card...

#Comment Re: made: 2013-03-03 18:06:18.033416+00 by: TheSHAD0W

Okay, that solves one end of the security issue. It doesn't solve the other end, where for instance, someone overlays a malicious QR code on a public display somewhere that can drain your account. If the service is entirely browser-based, IMO someone could always sit in the middle and approve the transfer without you noticing. Only an app on the phone end, which would specifically pop up a warning with the transaction details, would sufficiently protect you. Such an app shouldn't be too difficult to write, but it would still need to be there.

#Comment Re: made: 2013-03-03 17:15:32.118169+00 by: Dan Lyke

Yeah, I see it as a "encode a transaction ID in a URL, send your phone to a URL that serves up a mime-type that launches your payment app" thing. Of course I also just realized that network coverage in my local OSH, where I'd love to use this, kinda sucks.


#Comment Re: made: 2013-03-02 22:58:58.974078+00 by: meuon

I think it could be a display on a cash register (or smart phone) that simply displays a QR Code URL to the chosen method of payment for the customer with the total and order number encoded. Like a "click this link" to order an item via PayPal or some other common system. The "service" could just be something that generates these QR Codes for merchants easily, it wouldn't be the ecommerce platform initially, it's be a service to create qrcodes with a merchant ID, amount and transaction number in the URL to existing payment platforms.

#Comment Re: made: 2013-03-02 18:38:51.974444+00 by: TheSHAD0W

I think there are some potential security issues without specialized software on your phone to prevent them from happening. I don't think it can be done solely using a web-based system without having miscellaneous QR codes able to access that same system. NFC has the same issues, but it's more expensive to implement than slapping a sticker with a different QR code on a cash register.

#Comment Re: made: 2013-03-02 02:56:55.014248+00 by: Larry Burton

I think Worm is doing some PoS stuff.

#Comment Re: made: 2013-03-01 23:29:31.364986+00 by: Dan Lyke

Know anyone doing point-of-sale systems? Seems like that's the critical bridge...

#Comment Re: made: 2013-03-01 23:15:25.413922+00 by: meuon

Wanna do it?