Thanks to a variety of mobile payment systems, buying and selling goods and services has never been easier. Increasingly, mobile devices are becoming both credit-card readers and stand-ins for the cards themselves.
It might not mean the end of cash just yet, but we’re moving in that direction.
“Ten years from now, we’ll be able to live without much of a wallet,” Todd Ablowitz, president of mobile payments consulting firm Double Diamond Group, told the E-Commerce Times. “We are seeing a march in that direction.”
Inside the Industry
The mobile payments industry is broad and wide-ranging, and even the term “mobile payments” itself can mean many different things, including mobile acceptance, contactless near field communication (NFC) payments, SMS-based transactional payments, mobile Web payments, and direct mobile service provider billing.
One popular new type of mobile payment method involves using a mobile phone to accept card payments, which is a service offered by companies like Square.
Square’s card reader can be plugged into a mobile device’s headphone jack, turning it instantly into a payment system. Anyone with a cellphone, from a babysitter to a freelance photographer, can then take credit card payments, with Square charging a small fee for the service.
“Square takes away the complexities of payments and offers a flat, transparent rate that is lower than competitors,” Square spokesperson Lindsay Wiese told the E-Commerce Times. “Square doesn’t require a merchant account — which is expensive, complicated, and often turns down new business owners. Square empowers anyone to accept payments anywhere.”
The benefit of Square is that it’s a take-anywhere, cashless way of accepting payments, even for the smallest businesses or individuals.
“With Square, individuals and business owners feel like they’re on the cutting edge of technology,” said Wiese. “They love having the ability to send email and SMS receipts, and customers love using their finger to sign their signature on a mobile device. Also, it’s so easy for Square users to take their payment system with them anywhere — whether they are at a fair, farmers market, or client’s home, they can always accept any form of payment.”
Another type of mobile payment method that could soon see tremendous growth allows consumers to tap their mobile devices on a reader, which picks up their credit card information using a technology called “near field communication,” or NFC.
Many smartphones already have NFC chips, and over the next year, with the introduction of Google Wallet and other services, this is likely to become a much more common form of payment.
The first thing many people wonder when they think of mobile payments is “how secure are they?” The answer to this question varies, depending on the type of payment system, the encryption, and other security measures taken by any given vendor or mobile provider, as wel as many other factors.
“Mobile payments are an emerging technology with lots of players — mobile operators, smartphone platform vendors, app developers, financial institutions and payment processors,” explained Amit Sinha, CTO of cloud security company Zscaler. “In this complex ecosystem, managing risk and compliance is difficult.”
The concerns, in fact, aren’t entirely ungrounded, given the industry’s many moving parts.
“Vulnerabilities can exist in various components and with different entities,” Sinha told the E-Commerce Times. “Mobile platforms have security issues such as jailbroken firmware, lack of proper encryption on device, issues with lost and stolen devices, malicious apps that can access stored information and relay it silently to third parties.
“The mobile operator can have vulnerabilities such as SIM card cloning,” he continued, “which can lead to impersonation attacks for operator-based mobile payments. The mobile payment protocol itself may have design flaws leading to man-in-the-middle, replay, repudiation or unauthorized access. Mobile payment app vendors may have insecure practices when it comes to PCI compliance.”
As an emerging industry, said Sinha, standards and practices are still being developed to handle concerns about security.
“Much like the traditional payment industry, the mobile payment industry will go through some amount of standardization and regulatory compliance,” he noted. “Organizations such as PCI and EMVCo are already talking about enhancements to their standards to include mobile payment security. NFC standards are already making contactless payments a reality.”
A variety of encryption and data-protection methods are employed for everything from mobile card readers to NFC devices, and companies are working hard to battle the perception that paying on the go is any less secure than paying in traditional ways.
“Security is our biggest priority at Square,” said Wiese. “To protect Square users and their customers, all information by our users has been encrypted and submitted to our servers securely. Our software and hardware meet, and in most cases exceed, all PCI-Compliant regulations.”
For consumers nervous about losing their phone and opening themselves up to fraudulent charges, Double Diamond’s Ablowitz pointed out that phones have a built-in security feature: People like to keep them close.
“A phone is so much more secure, mainly because of people’s behaviors,” he said. “The reality is that if people lose their phone, they know it within a half hour, but it’s much longer if you lose a wallet. It’s a very emotional attachment we have to our phones.”
Does all this mean that we will soon, in fact, be wallet-less? It’s more complex than that, in Ablowitz’s view, and the reality is that we’ll probably be buying and selling in a variety of ways, both traditional and mobile, for a while.
“We’ve been talking about the end of cash since before I got in the payments industry in the 90s,” he said, “but both sides have to be tempered. People’s payment options change more slowly than that.”