I have an open letter to all of the EV charging networks, on how to stop marginalizing a growing market segment before they've simply chased it back to petrol. Knock it off with the "app only" garbage. . http://techno-fandom.org/~hobbit/cars/ev/dcfc/app-problem.html The immediate solutions are certainly not insurmountable, and the longer-term ones are already in place in some networks [albeit poorly implemented in known cases]. Failure to deal with this in an effective manner sooner rather than later will jeopardize EV market advancement and/or lead to more regulation and mandates. Looking squarely at you, Tesla. _H*
Just read the link. Couldn't agree more. While I have downloaded some apps I hate using them for all the reasons described. My preference is to use a rfid card even when I have the app. They just seem to work better.
Anyone in touch with charging-industry leaders should be bringing this up at every opportunity they can. Apps basically make the same API calls as a browser-based client would, it's not a stretch to suggest that most of the same functionality could be coded into a website as well. I have working browsers at my disposal, I shouldn't need any excess software. Autocharge with web-based enrollment should be mandated. It's harder to steal and then spoof than cloning an RFID card, and yet people whine about how MAC-based Autocharge is such a "security problem". Newsflash: trying to hack it for free electrons in real-world situations would basically have negative value, i.e. not worth the effort. The bad guys want your credit cards. Hopefully the NEVI requirements will add some incentive to make things more accessible. Yeah, that's "regulation", the word every service provider hates. But if they're not going to do it on their own ... _H*
Can't speak to the technical security risks, but for sure tapping a card is a lot more convenient than fiddling with your phone. I don't know if it can come to this, but best (most convenient) would be just plug in your car, and let the charge station recognize your car to authorize and bill your CC or account.
I think history has shown web interfaces tend to be one of the least secure means of doing anything. And using a web browser on a phone truly would be much less convenient than tapping a card. Not to mention how would one charge if there's no cell service in an area for whatever reason? If session authentication is done through the EVSE (such as an NFC card tap) there's a greater chance of success.
An RFID card is a passive, unchanging number that can be trivially read with a suitable antenna. The same problem as CC magstripes. Even Autocharge is better than that, going over a hardwired connection that is significantly harder to tap/skim and is not worth the hardware investment. Phone/web interaction at least uses standard TLS which is deemed "acceptably" secure under most real-life conditions. Bad guys are more likely to attack the backend, since that's where the gold is stored. I've been trying to get EVgo to manually enroll me for Autocharge, in addition to the tap-card I already have for them, on principle and somewhat of an experiment. It may push them toward fixing their web portal so customers can self-enroll in various ways. A broad view across the market tells me that a lot of people don't like apps, and having one per network is idiotic. It's not just me, and I'm seeing support in a couple of other places I posted the same thing. Everybody wants it all to work like Tesla, there's just this bootstrapping problem which is more political than technological. _H*
I'd rather use a card than an app. Card readers are pretty reliable at gas pumps, why are they trying to reinvent the wheel?
Having the cards in the Apple Watch wallet is the way to do it, nothing is more convenient than activating chargers like EA and ChargePoint with a flick of the wrist.