For many years, payment industry experts have discussed the rise of mobile payments, claiming that the ease of use of mobile payments would mean that the technology would become widely adopted among consumers. Many major technology players such as Google and Samsung have launched or enhanced mobile payment services. But it was the earlier launch of Apple Pay that proved to be a game changer, pushing mobile payments to the forefront of many people’s minds, particularly in the United States.
Mobile has found itself at the center of financial technology innovation, with many consumers seamlessly using online banking and peer-to-peer payments on their mobile devices. The simple user experience and effective design of mobile payment applications is likely behind their increase in popularity, as many consumers like the idea of being able to pay for products with a ‘tap’, which is far simpler than having to search for the wallet, pull out a card and type in a PIN number.
This is evidenced in the 81 per cent of users that rated the general experience as “good to excellent” according to a recent Telecommunications Systems (TSYS) report1. This positive reception has opened up a world of opportunities for banks and retailers who, after significant investment, can provide tailored services that keep up with the changing needs of their customers. Now that consumers have become accustomed to simply ‘tapping and going’, Visa predicts this will impact over 3 million Visa transactions per day, a total of more than $76.4 million, demonstrating the extent to which mobile devices has become ingrained in the way we make our purchases.
Innovation Brings New Security Requirements
Innovation often arouses suspicion and can lead to questions around security issues – and mobile payments are no different. Even though the adoption of mobile payments has increased significantly, some users still have yet to come to terms with the fact that they are using a phone, a device they normally just text or call with, to make a payment.
Mobile payment users often feel apprehensive regarding their security when making a transaction, and this is usually due to the link between security and consumer trust. Any business has to ensure they build and maintain their customers’ trust and this is particularly true within the payments industry. The payments sector faces the pressure of innovation as well as needing to balance a sense of security so consumers won’t feel that their personal or financial data is in jeopardy. The industry now faces the challenge of convincing consumers that their mobile has the same level of security as the bank card that they are accustomed to using.
How can this be done? Mobile has expanded the payments ecosystem in an unprecedented way, with untrusted devices now communicating over untrusted networks. This has resulted in a whole new challenge for security professionals. Mobile payments providers are looking to emulate the EMV cryptographic security of an EMV chip that can be found in payments cards, in a virtual environment. A recent arrival on the scene, Host Card Emulation (HCE) is making it simpler for banks to provide safe contactless mobile payments without the need to depend on mobile network operators (MNOs) or Trusted Service Managers (TSMs).
What Solutions are Out There?
In the past, tokenization has mainly been used by acquirers to help merchants reduce their PCI DSS scope, as well as devalue data stolen by criminals. Many solutions have come on to the market to assist issuers with isolating sensitive account data between various payments channels, such as the EMVCo tokenization standard, which is being actively promoted by the global card schemes as part of their mobile payment initiatives.
The process of tokenization means that the 16 digit number used for the transaction process has different values for each mobile payment transaction or an ecommerce transaction, but there is one constant aspect in the process – the real PAN (primary account number) is maintained and held by the issuer. Tokenization makes it practically infeasible for criminals to create counterfeit magnetic stripe cards from stolen data.
Tokenization not only protects the user but it also protects the back end infrastructure that communicates with the phone to set up payment accounts and approve transactions. Apple is an example of a major household name that has made tokenization an integral part of its security infrastructure. The company ensures that only temporary ‘tokens’ are stored on a phone, and these tokens are rendered useless for hackers when they are stolen as they are only used in transactions to represent a user’s account. These same tokens can be easily deleted without impacting a user’s bank account or credit card.
Even though many companies have realised the positives of tokenization, there is the one challenge that security professionals will have to concentrate on to ensure it is a success – the storage of the tokens. The security team that handles the tokenisation service will have to focus on storing the tokens and their correspondent PANs, in a ‘token vault’ and they will have to guarantee that the vault is secure at all times to prevent it from becoming an easy target for criminals.
Mobile Payments vs Bank Cards
One of the main barriers preventing mobile payments from becoming completely main stream is that credit and debit cards are still primarily used. We are familiar with bank cards and when it comes to our finances, many would prefer to stick with the tried and tested than take what seems to be a potential risk. The efficiency of mobile payments is also competing against the ease of contactless card payments, with some consumers wondering why the need to make the switch, when their trusted cards are just as quick whilst maintaining a sense of security.
However, if payments providers would like mobile payments adoption to continue grow, they should steer away from comparing the technology to bank cards. Instead, payment providers should concentrate on which payment method is best for each individual transaction environment. Only then will payments providers be able to deliver services that are appropriate for different scenarios while guaranteeing that they satisfy their customers’ requirements for efficiency and security.
Michele Merrell is the President of Merrell Consulting Group, a global marketing and corporate communications consultancy. Formerly, she was a senior-level executive for CSPI Technology Solutions, and also at Brightstar Corp, a $6.8 billion global leader in wireless distribution, manufacturing and supply chain solutions. She has also held other senior level positions in the mobile telecommunications industry, Including BellSouth Cellular and U.S. Cellular.
Michele’s achievements have earned her dozens of awards and recognition over her carer spanning 23 years in telecommunications and technology. In 2014, Michele was the recipient of the Florida Achievement Award from the Florida Commission on the Status of Women, part of the Office of the Attorney General. In 2013, she was also named by the Diversity Journal as a recipient of their “Women Worth Watching” award. The South Florida Business Journal named Michele in 2012 as their “Business Woman of Influence” recipient. She was also a featured executive in the November 2010 edition of March Magazine, a women’s executive magazine. Michele has won numerous other awards for business and leadership acumen.
Michele is a member of the Board of Directors for Cable Bahamas, a publicly held international telecommunications company headquartered in Nassau, Bahamas, with subsidiaries in the United States. She is on the international board of directors for the Global Telecom Women’s Network (GTWN), and is also the North America President for GTWN, an organization that actively promotes and mentors women in the telecommunications and technology industries. She is a member of numerous local and national professional organizations. Michele speaks regularly on topics ranging from technology, marketing, business leadership and women’s issues.