eReceipts - Why don't we have them yet?

, posted: 12-Jan-2012 10:01

An offhand comment yesterday to an owner of a Cafe about digital (or electronic) receipts got me thinking, why don't we have these already?

We've probably all seen the emailed receipts that some retailers seem to send out.  Apple sends your receipt as an email.  Some retailer send PDF files with an invoice/receipt for online purchases.

But I was thinking about what can we do to rid ourselves of all this paper you collect in your wallet.

A quick browse around the internet last night brought me to this page:

I really liked the idea of a iCalendar/vCard type implementation rather than a formatted email/PDF file.  The reasons are as follows:
  • It's data, can be loaded to a smart phone app, finance program, or just saved somewhere as a file.
  • It could be generated as a QR code - you can create a vCard QR Code that contains contact information - why not a receipt.  The QR code could be printed on the bottom of a paper receipt - meaning those that want electronic and possess a smart phone can scan it (rather than the current standard of taking a photo and OCR or manually entering the data)
  • It could be transmitted via NFC/Email/SMS or presented as a QR code on an LCD screen (this might be a bit slow though at a POS terminal).
So the next bit to look at is a standard.  Guess what, someone has already thought of one.... The Association for Retail Technology Standards (ARTS) already has an xml specification for a Digital Receipt: Here

Next I thought quickly about implementation.  It would be hard, and very unlikely, for every retailer to set up LCD screens/email gateways etc to send these receipts I thought why not think a bit higher up the food chain...what do all the retailers have (well most of them here in NZ) - EFT POS terminals.  All leased or bought through one or two companies. 

With a bit of modification, the EFT POS receipts that are currently printed could include a QR code of a Digital receipt, or on authorisation the EFT POS merchants could send out receipts via email/sms (obviously this last idea would be a subscription based system), or include NFC technology (terminals which include this technology are already being implemented with the likes of snapper, Visa's PayWave or Mastercards PayPass).

It seems like we have most of the pieces they just need to be connected...

Do you like the idea of digital receipts?  Do you keep your paper ones?  Do you throw everything away?

How do we deal with the fact that a receipt is proof or purchase, and is used for your warranty claim?  Those that scan receipts, have you used one of those to validate your purchase?  Did the store accept it?

Sure there are some kinks to work out, but I don't think they're insurmountable.




Contactless Payments - part 2

, posted: 21-Sep-2011 15:12

Yesterday I blogged about feeling uneasy with the no-authentication-for-under-$80-transactions on MasterCards PayPass implementation for ASB Bank.  See here

A number of the comments I received said "any fraud will be reimbursed", "its the bank or merchants taking the risk, not you", "they have insurance to cover that".  Yes they probably do.  I've been rung by ASB as a current customer to notify me of transaction found on a credit card I do use for internet transactions, and the process was remarkably simple and painless.  So I know it works.

But the issue is, why should something be implemented, that requires insurance and fraud protection.  Why not design it to lessen this risk.

I'm going to pull out of context some of the PCI DSS (link) requirements that service providers, merchants and banks have to adhere to:

8.2 Employ at least one of these to authenticate all users: something you know, such as a password or
passphrase; something you have, such as a token device or smart card; or something you are, such
as a biometric.

8.5 Ensure proper user identification and authentication management for non-consumer users and
administrators on all system components.

Ok, so these requirements really relate to the handling of card holder data, but why not apply this to your card.  The main piece of card holder data is your Card number, your PAN (Primary Account Number). To use the PayPass system you only have to supply one piece of card holder data - the physical card with the PAN embossed on it, why shouldn't requirement 8.2 also be applied, and a 2nd authentication criteria be used.

Pin numbers work, but can be slow when people miskey - but the really slow factor for these on EFT POS terminals is the time it takes to authenticate to the Auth Center - why not move the PIN authentication onto the chip, much faster (does potentially bring up the issue of cards being brute forced for pins).

Use biometrics - a thumbprint reader as part of the card, only a person with an authorised thumbprint can use the card - probably a little expensive, but hey it's my blog and I'm just spit balling here.

My point is, why implement something that needs some kind of fraud insurance to cover the banks and ultimately the consumer.  As the consumer you're paying for this in your bank fees and card fees.

Free $80 - come and get ur moneyz!!

, posted: 20-Sep-2011 13:11

Recently I received a letter from ASB Bank about a replacement credit card with an embedded chip.

"Great" I thought. I'd been wondering when they would come out, as chip cards are supposed to be more secure.

Part of the letter explained about a new contactless payment system incorporated as part of the cards called PayPlus. This is MasterCards implementation of Near Field Communication based payments (see ).  The Visa equivalent I understand is called PayWave.

The letter explained that for transactions of less than $80 no pin was required.  Now of course you do have to find a retailer that would support this, but I would assume these would start appearing, and the concept is similar to my Snapper card I use occasionally for the bus.

But the idea of no pin, no signature linked to my credit card had me a bit worried. 

As snapper is effectively a cash replacement - and in some ways it is more secure than your wallet (where your cash normally resides)* Because of this, the balance kept on my snapper card is akin to what I'd hold in my wallet, not much more than $20.

But the idea of up to $80 payments possible off a household credit card gave me shivers down my spine.  How many people do not check their statements?  Or if they do, only when it's sent to you?  Ok sure, the card has to be out of your possession, and generally you'd cancel the card as soon as you realise it's gone, but it still left me feeling uneasy.  With a regular credit card loss, apart from McDonalds**, there was a modicum of security, someone would have to forge your signature (probably fairly easy to do) or gain access to your pin.

But the thought of someone just having to tap the stolen, or misplaced card on a terminal to have access to your funds seemed to be a lowering security.  I like to think of this contactless technology as a cash replacement...and therefore the value of cash transactions - generally fairly low....not being linked to an account with enough money to cover the household spending for a month.

I saw another user ask @ASBBank on twitter if the limit could be (I assumed) lowered...this was something I'd been thinking of, and I asked if it could it be disabled entirely, the answer was no to both questions.

I'm all for new features, and quite like the idea of contactless payments, don't get me wrong.  But I don't particularly want it attached to a credit card that I've purposely never put on the internet, because it's used for the household, and so it's limit is appropriate for household spending.  I have another card with a $500 limit that I use for internet based transactions.  A separate, opt in, card would have been, in my opinion, the preferable way of implementing this.

BTW this probably isn't so much a dig at ASB Bank, and I think this would be part of their membership to the card schemes, and I'd imagine all the NZ banks would be doing similar.  And all have the same sort of implementation.

* if you lose your snapper and it's registered, it can be stopped and/or refunded.  If you lose your wallet, you've probaby lost your money.

** McDonalds (and maybe others) has allowed no pin or signature on transactions valuing less than $15  Correction, apparently it's $35 - which I think is worse.

davidcole's profile

davidcole Cole
Lower Hutt
New Zealand

Been thinking it would be nice to have a blog but not sure if I have enough to say.

I'm an I.T worker from Wellington New Zealand.

I like my toys so this will probably have posts about my dealings with those.

My Cellphone is an iPhone 5s

I run a NextPVR based PVR at home to replace my video recorder, DVD player and to host all my music. I'm also really big on Plex, for centralising all my music, videos and I've written a plugin or two for it for accessing live TV and for storing recordings with metadata.

Wemos D1 Mini Door Contact (pl...
(16-Nov-2017 07:58, 13019 views)
TVNZ Ondemand App behind Unblo...
(27-Feb-2013 19:39, 12741 views)
OpenHAB and Bluetooth beacons ...
(19-Dec-2016 21:39, 11171 views)
Controlling a 12v fan from a r...
(17-Jan-2017 07:49, 10287 views)
eReceipts - Why don't we have ...
(12-Jan-2012 10:01, 10112 views)
PDF Forms - why you no boxes?...
(26-Jun-2012 09:04, 8550 views)
Free $80 - come and get ur mon...
(20-Sep-2011 13:11, 8313 views)
RM3's also - but this time wit...
(16-Jul-2017 20:16, 7686 views)
Paradox IP150 and Home Automat...
(6-Mar-2019 21:57, 7522 views)
Contactless Payments - part 2...
(21-Sep-2011 15:12, 5869 views)