Mobile payments aren’t necessarily prevalent now, but that will likely change over the next few years as EMV overtakes retailers and consumers look for an easier and faster way to check out.
According to a report from BI Intelligence, usage rates of in-store mobile payments are expected to grow 80 percent year-over-year between now and 2020. Based on this study, mobile wallets may be ubiquitous in three short years.
But what are the repercussions of integrating mobile payments into a merchant’s operations? Specifically, what security concerns does this technology introduce?
The mobile payment process
With every technology comes a set of protocols people must follow in order to use it. Understanding the risks of mobile payments involves analyzing how PIN pads accept, validate and transmit the data associated with mobile wallets.
Let’s take a look at near-field communication – the enabler of mobile payments. This is what happens when a consumer uses his or her phone to pay for something:
- The cashier rings up the order and asks for payment.
- The customer either scans his or her fingerprint or enters a passcode to authenticate the transaction.
- The customer taps the smartphone to the NFC-supporting PIN pad.
- A chip within the smartphone exchanges data with the PIN pad, completing the purchase.
In this case, one of the most pressing concerns is how the mobile wallet transmits information to the PIN pad. In addition, how do smartphones store customer card data, if at all?
Vendor-based solutions
The severity of data storage risks largely depend on the product. For example, Android Pay never transmits users’ credit or debit card information, but rather uses tokens to represent their card numbers. In fact, the app doesn’t even store credit card numbers and creates a token for each card a user submits.
Android Pay explained: How it works and where it’s supported https://t.co/WDS4f6HQr5 via @Pocketlint
— Chip & PIN Solutions (@Chip_and_PIN) September 28, 2016
Apple Pay uses a similar process. When a customer enters a payment card into Apple Pay, the app encrypts the data and sends it to Apple’s servers. Apple decrypts the data to identify the card’s payment network, and re-encrypts it with a key that only the card issuer and authorized providers can unlock. It then sends that information to the bank, which generates a Device Account Number and sends it to Apple. Apple doesn’t decrypt the DAN, and sends it to the Secure Element on the customer’s phone. Apple maintained that it doesn’t store the DAN or payment card information in its entirety.
The risks of mobile payment
Much of the risks regarding mobile payments lie in how customers use them. For example, nonprofit ISACA surveyed 900 cybersecurity experts last year to identify mobile wallet security threats. The respondents named use on public Wi-Fi, stolen devices and phishing as the three greatest threats to mobile payment security. So consumers will have to be more cognizant of how they use their devices.
Meanwhile, the infrastructure behind mobile payments must become more robust, and right now, most systems are inherently secure largely due to tokenization. For example, entrepreneur noted that Samsung Pay avoided a cyberattack by leveraging tokenization, the KNOX security framework and fingerprint authentication.
Misconceptions around the security of mobile payments is whats hampered much of the growth in the segment, but as that perception changes, expect to see more and more consumers reaching for their smartphone for faster checkout.
Don’t support mobile payments today?
Related Articles:
Featured
The stage is set for increased mobile payment adoption. Are your clients equipped to accept NFC payments?
In the rush to buy “must have” gifts for kids, spouses and co-workers, there is one other, less enjoyable accessory to Christmas time: lines, and lots of them. Here’s how to combat lines during the holiday season.
Brick-and-mortar retailers and e-commerce companies are in the midst of a game of one-upmanship, a battle that features each side vying for a larger slice of the customer-loyalty pie.
Cloud computing makes maintaining and obtaining vast amounts of data possible. But do cloud-based point of sale systems offer advantages in other respects? You be the judge.
Here are 5 POS system traits that food trucks can’t afford to do without.
An increasing number of supermarkets are supplying patrons with a plethora of payment possibilities – with mobile POS in particular gaining traction.
Here are a few of the concept trends the National Restaurant Association expects in 2018, several of which are tailor-made for mobile POS solutions.
What you need to know about Apple Pay and Google Pay
Mobile point of sales systems give business owners the competitive advantage they need to stay one step ahead of rivaling retailers.
Nearly 9 in 10 consumers – 87 percent – say they’ll be scouring retail store aisles in search of the perfect holiday gifts, according to recent polling.