Speak EV - Electric Car Forums banner

New Charging network launching with Q Park UK

29582 Views 219 Replies 53 Participants Last post by  Simon Wardle
I am pleased to announce that we have recently come to an agreement with Q Park to supply, install and operate fast (22KW) charging points across their 60 car parks. The new network will launch in February 2016, starting in Liverpool ONE and Manchester First st car parks. The network will be payable and users can access the network through our customer web portal, telephone and RFID cards (subscription only). The network will be the first in the UK to offer a one off payment at point service and this will be available through our web portal.

I look forward to receiving drivers comments and advice on the network. We anticipate initially installing 2 charging points per location.

Many thanks.
  • Like
Reactions: 3
1 - 7 of 220 Posts
I can't see this as being worthwhile for anybody. Nobody on here is thinking, "Gosh, I wish I had another RFID card to add to my collection". Nor is anybody thinking, "I wish I could have another app or web interface to play with when trying to get a charger to start". I certainly won't be fumbling around with a completely new system just for one chain of car parks.

Why not do something really impressive and get the chargers to talk to the parking systems? AFAIK Q-park just use standard SKIDATA kit, which is pretty flexible with regard to additional costs/discounts. APT already make a multi charger solution that can integrate with SKIDATA parking systems. So then why bother having a completely separate system, when I can just scan my parking ticket to start a charge and have the cost automatically added onto my parking? Then I'd use it.

As it is, I think you'll find that your chargers rarely get used - if even die-hard EVers on here are dissuaded then imagine what the average casual driver will think. The chargers will be unused, the spaces will get ICEd accordingly and everybody will be worse off. Back to the drawing board, please.
See less See more
  • Like
Reactions: 5
@Gonville - Is the website still my.franklinenergy.co.uk?

... That's not where you entered your IBAN and Account Number is it?

... The one with the invalid SSL certificate?

... That gets an F on securityheaders.io?
There's something not quite right about all of this. As an IT director, I can't imagine allowing a system like this anywhere near production use, let alone let loose on the public. It doesn't even say 'kid coding in his bedroom', because I'd expect to see basic PayPal integration rather than it asking for international bank details. On first impression it screams 'scam' to me, but I can't get my head around the fact that a charger has actually appeared in a reputable car park.
  • Like
Reactions: 2
Being critical of someone's IT systems or security is fair enough (half the chat on this site is about RFID cards and bad back ends!) but I don't think it's fair to call it a scam just because you'd do it differently.
It's not that I'd do it differently, it's that asking for bank details in clear sight without any encryption whatsoever is extremely poor practice. In fact I'd go beyond that and call it downright reckless. Anybody entering their data on that site could have it swiped without any effort whatsoever - especially if using a shared Wifi network, as promoted by the company itself when using their chargers!

EDIT: But yes, 'scam' probably was a bit strong. I wasn't suggesting the company is scamming its customers, more that the characteristics of the site are similar to what I've seen on phishing sites.
  • Like
Reactions: 2
I don't appreciate you accusing my business as scamming customers. We are far from a scamming organisation, we are transparent, hard working, honest and energetic people.
I didn't accuse you of scamming customers, I said that on first impression it screamed a scam. Not the same thing - please do not twist my words. But I suppose scam was a strong word for which I apologise - what I was getting at was that when looking at your site for the first time, with it asking for personal and bank details without any encryption, it seemed a bit 'off'. I don't doubt you are a genuine business acting without malice. The problem I have, is that as somebody with a [hopefully] decent technical knowledge, I'm asking myself, "why is there no encryption?", and "why is it asking for bank details?". They're common tactics on scam phishing sites.

We are waiting on our developers (based on the continent) to integrate a pay as you go payment gateway, i.e. Worldpay. Unfortunately, this has taken significantly longer than we expected and we are doing everything we can to expedite the process.PayPal integration will come in May and Worldpay integration will follow in June. We have had many happy customers so far and they have all been impressed by the level of our customer service.
I have no doubt that that's the case and I applaud you for trying to expand the charger network. The question is though, would your customers be impressed if they had their identities cloned after using your charger? Because at the moment you're expecting people to enter personal details in clear text without any encryption whatsoever. Worse still, if those customers are using a shared Wifi network (e.g. the one you encourage people to use at your charger), it could be as simple as somebody sitting with a laptop and a very widely available piece of network diagnostic software in a nearby car. If I were anywhere near Liverpool I'd be happy to demonstrate it.

Really, you shouldn't have launched the gateway if it wasn't ready. I appreciate deadlines have to be kept to, but you are endangering your customers with your poor IT systems.

There is no scam to this whatsoever, why on Earth would we do anything untoward when we are building a network of fast and rapid charging stations across the UK to take on the bigger players. We are helping to facilitate the transition from oil powered vehicles to fully electric vehicles and make the everyday lives of EV drivers easier by providing charging points in prime locations.
And I appreciate companies that are trying to do this. But your IT systems leave an awful lot to be desired and it's only a matter of time before something goes seriously wrong.

Clearly you have too much time on your hands.
Was that needed? Really? This is a forum, to engage in discussion on electric vehicles. I have an interest in electric vehicles, and IT is my profession, so this topic interested me. Believe me, I wish I had too much time on my hands!

Anyway, I do think you're a force for good, don't get me wrong, but there are drastic, urgent changes that need to be made to your web site to protect both your business and your customers.
See less See more
  • Like
Reactions: 2
As far as I can tell most of the site doesn't even use https unless you force it.

They're probably using IBAN because asking for anything else requires PCI compliance, and a dodgy SSL certificate would kill that stone dead.
Just using something like Sage Pay or PayPal would avoid the need for PCI compliance - I'm surprised that Franklin Energy didn't take this approach from the outset. I don't really have much to do with the development side of things, but one of my team's projects involved PayPal integration and I recall that the process was very straightforward indeed. There's no excuse for having to force SSL though, and then getting a dodgy certificate.
The site will be re-skinned by our digital agency based in London. We are currently waiting on the developers based on the continent to complete the functionality in terms of registration and payment. This is by no means the end product and I understand there is a lot of work to be done to bring it up to the standard we are after.
To be honest Robert, I'd start from scratch. I honestly don't think your developers have done a good job at all, and I think they're letting your business down. The site has been in development for a long time, with your charge point up and running waiting for business.

I worry for your business with the site set up as it is. I'd have a think about offering your charger for free without registration until the site is rejigged, as there is a real, substantial risk with your customers' data. Having been bo**ocked in data protection audits myself in the past, I see gaping holes in your setup. I'm not saying this to 'have a go', I'm genuinely concerned about something going seriously wrong.
  • Like
Reactions: 5
I took a look at the website and it's kind of scary - all of the data that is collected on a non-HTTPS web site is sent to a company in Germany that appears to be part of mobilityhouse.com.
Apart from the fact it is asking for a lot of information that it should NOT be asking for as it's irrelevant to charging/billing, the relationship between the company that I would be signing up for, and the recipient of all my personal information should be clear.

It might be a good charging system but the IT/Web Site/UI management does not inspire confidence.
Disappointing to see that none of the issues raised on this forum have been addressed yet.
  • Like
Reactions: 1
1 - 7 of 220 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.