Curve Product Update August 2019

Curve Product Update August 2019

This is a short recap of what we are working on, what we have planned, and challenges we might have encountered. We’ll post the update every second Tuesday of the month!

Click here all monthly updates.

Current projects:

  • Peer to Peer Payment
  • Onboarding process
  • App redesign
  • Open Beta

Peer to Peer Payment
We are almost towards the end of Phase 1.

  • Phase 1: Be able to send from Curve account to Curve account.
  • Phase 2: Request from Curve account to Curve account.

When Phase 2 is completed it we will do a Beta before the full launch. This will be the first feature to be tested in Beta

Onboarding
We are currently working on the ability to show the card details in the app. It will be rolled when we launch the new oboarding process. Seeing the details will require passcode/biometrics.

Outline:

  • We are creating a virtual version of the Curve card so you’ll have your Curve card on your app before it arrives in the post. We will explore other use cases for the virtual card later on in separate projects.
  • The signup will also be changed from using your email to sign up and using your phone number instead.
  • You will be able to see your full card details (PAN) in the app. This is separate from the virtual card that you can make NFC payments with.
  • New customers will be able to their own PIN as a part of the onboarding.
  • It will be possible to add shared payment cards onto other Curve accounts

App Redesign
The new profile has been implemented and we are testing it internally.

Curve Beta
Beta signup is live! The first feature that will be tested is Peer to Peer Payment.

Sign up to the Beta Programme

5 Likes

Hi! Thanks for the info.

Firstly, I have a few questions about P2P payments in general:

  • Are there any details about when can we expect P2P payments in Beta?
  • This feature needs at least two people to be tested. Should we encourage our own friends to join the Beta too or will it be solved in a different way?
  • How will Curve recognize our friends? Will it be via phone number (as the new onboarding might suggest)? If so, will Curve need an access to our phone list? Will our friends’ phone. numbers be stored by Curve? How about hashing and other privacy improvements?
  • Are there any plans to expand the P2P service to non-Curve customers? (similar to Monzo.me / paypal.me / rev.money)

As other things go:

Have you considered 2-factor authentication? I’m worried about my phone numer being compromised due to SIM swap attacks.

Yay! That’s great. I’m almost jealous of new users for their onboarding. Will you also try to develop an option to Change card PIN using Curve app for the rest of us?

Overall, I’m really looking forward to seeing all the improvements you mentioned. Thanks in advance for your reply and have a great day!

I also very dislike the idea of phone number rather than email address signup / login.

  • Phone numbers can easily be “stolen”, “sim swap”; see other cases where 3rd party distributors of Vodafone + o2 have stolen very appealing numbers (0176-5555555 etc.) from customers to resell them to new customers without any constent
  • Phone numbers can change quite often, very common in many countries to change to a new contract and NOT porting the old number to the new contract, since 99% of the time it costs money (roughly 30€ in Germany), in the U.S. not even possible to port the number to a different network.
    On the other hand, email addresses are there for a lifetime! They are more secure, many providers offer 2way AUTH, …
    Also keep in mind when the customer is traveling, its very likely he cannot access his sim card SMS he is receiving! Within Europe no problem, but keep in mind Curve wants to position itself for customers who are traveling a lot. And I’m very certain that the sim cards from most people from Europe will not work when they travel to a different continent!
    This will be very bad, when you can’t login your account anymore because you are in Africa, Asia, Australia, North / South America because you cannot receive sms there. However, receiving an email always works via wifi.

I really hope you give this another thought, since disadvantes for sms AUTH are much higher than any advantages (I can’t even think of any)

5 Likes

I don’t even remember giving Curve my phone number. Did I? Only signed up last week and have forgotten already. :flushed:

However, I don’t think it is a good idea either. As others have already said, SIMS can be cloned.

So at the moment if my Curve Card is stolen and my phone is stolen at the same time (locker in gym), I can get home, sign into my Curve account on my iPad and lock the card. Now when I have to sign in with my phone number on my iPad, presumably the SMS will be sent to my stolen iPhone and the only way to put a stop on the card will be to ring Curve. In fact, I take back what I said about it not being a good idea, I think it is a TERRIBLE idea, and it may make me reconsider if I even want to be a member at all. Please don’t change the sign-in method. Just leave well alone.

Why not spend more time and energy into providing the things that have been asked for already, such as Apple Pay.

Yes, we ask you to verify it as a part of the onboarding process.

We are spending time on it… :face_with_monocle:

Will catch up with our Product Team regarding the other points and will write an update :slight_smile:

1 Like

OK. Fair enough, and thanks for letting me know you have my number (it’s an age thing!).

So what about the rest of my concerns? If I have to sign in with a phone number, will I easily be able to logon from an iPad (like I can now) if my card and phone both go missing at the same time?

Edit: You beat me to it. I look forward to hearing the Product Team’s observations to my concerns.

You can contact us (support@imaginecurve.com) at any time to check what information you have provided us :slight_smile:

I can see my phone number now in the app. Not very intuitive but I found it. Will be interesting to know if we have to enter the number exactly as shown including the international bit starting with a +. Also, as someone else has already stated above, if someone is travelling and unable to get a SMS to phone, they will be locked out of their account, so it would be handy if there is a cross-over period of say a month when either email or phone number is accepted to give customers the chance to migrate over in an orderly fashion.

Yes, that is a complete yikes and a complete oversight by Curve. Lose your phone and card, you’re basically screwed!

Thank you Marie for the monthly update.
Is 3DS also in the pipe? With DSP2 which takes effect in September, 3DS will be required on most of the EU websites. My curve card risks to be useless :sob:

It will leave us with a card we can use online

Hope not. The slogan will have to change from “The only card you need to carry” to “The only card you shouldn’t carry”. (Based on I do my online shopping at home and therefore have access to all my cards).

Hoping we’ve all got it wrong and the card will continue to work out and about without having to receive SMS messages left, right and centre to authorise the underlying card.

Edit: Ignore this post. Post below states that Septembers deadline for stronger verification has been delayed.

That’s been delayed (at least in the UK) for a further 18 months:

I would love to see 3DS in Curve though.

2 Likes

Thank you for the info. :+1::+1::slightly_smiling_face:
I’ll double check if it is the same in France…

1 Like

Wow quite surprised at that - all my various cards have been bombarding me to check/update mobile numbers so thought everything was on track!

1 Like

I can’t really see any advantage to the user from having the phone number instead of email being used. The main issue is probably when someone loses their wallet/cards quite often the phone/SIM card is also lost/stolen

One would get a new SIM card and probably a new number and have to update that info with curve immediately before being able to use the service again

What’s the advantage for curve by going with this? Preventing people from creating multiple accounts? If so, the bad news is that anyone can go to a store and grab a new free SIM card with a new number. Most people, at least here in Portugal also have at least two SIM cards to begin with, so there’s also that

Ugh, always the same. There was enough time for all banks and payment providers to be PSD2 ready but of course they start last minute and then complain that they dont have enough time. Same exact thing happened with GDPR.

2 Likes
  1. Not quite yet, but we might be able to let you know in the next update.
  2. It would be great if it’s possible to bring your friends into the Beta to test it out. We’ll also create a thread here on the community where you could find someone to test it out with.
  3. We are hashing the phone numbers, not storing them. They will be recognised from your contact list.
  4. Haven’t planned on it, but it’s not impossible.

Yes, there will be a 2-factor authentication :slight_smile: You’ll need both the SMS and your passcode. Android users can choose whether they would like to use SMS or Google authentication.

(Cc: @Lucas)


We will ensure that the solution is robust enough to access abroad.


There’s a 2-factor authentication in place :slight_smile:

If your phone is stolen/lost you will have to download the app on a different device and go through a recovery procedure (as most other services). Nobody can access your Curve app because you need your passcode and SIM card. The recovery procedure will also require your email access.

(Cc: @Dotunmo)


Yes, that is a requirement for Curve as well and 3DS will be provided :smile:

2 Likes

During the recovery process, does Curve send a SMS with code to verify? If so, then my point still stands.