380 likes | 395 Views
Explore the convenience of mobile wallets and how they are replacing traditional forms of payment. Learn about NFC technology and the different mobile payment options available.
E N D
Mobile Wallets Using Your Smartphone for Brick-and-Mortar Payment
Traditional Methods of Payment • Cash • Check or Money Order • Traveler’s Checks • Credit Cards and Debit Cards • Pre-paid Cards (e.g., Gift Cards, MetroCard) • Combination Cards (Loyalty Plus Payment) • e. g., Starbucks Card • NFC or RFID Tokens (“tap to pay”)
Cyber Payments • Secure Web site • Uses credit card numbers, often with CVV • Cyber Wallets • PayPal, Amazon.com, iTunes, Google Wallet, Apple Pay • Cryptocurrency • Bitcoin, eGold, etc.
Mobile Payment Processing • Moves credit/debit card processing to the mobile device • Square • Pay Anywhere • PayPal Here • Intuit • Assorted mobile Point of Sale (POS) apps
Hybrid Payment Systems • Moving cards and cyber wallets to mobile devices • PayPal app – access your PayPal account • Amazon apps – purchase merchandise, MP3s • Google Wallet – for Google Play, Google Wallet-enabled apps, NFC • iPhone Passbook • Loyalty+Payment card apps • Starbucks, Dunkin Donuts, etc. (scan to pay) • Balances can be spent online, on mobile, and/or in store
NFC: Payment’s Next Iteration? • NFC: Near Field Communication • Devices must be in close proximity (2-3 cm) • Login plus secure PIN to access payment method • “Secure element” within the NFC chip makes stored information device-specific • NFC-stored payment information must be manually migrated to upgraded devices • “Tap to pay” requires separate supporting logic chips and antenna • iPad Air 2 and Mini 3 use their NFC chip only for its secure element for storing payment information
How NFC Wallets Work • NFC radio must be turned on in Settings • I usually turn this OFF when not actively using it • Apple Pay app automatically turns NFC on and off • Launch wallet app • You may also need to tell the cashier you’re paying with Google, Apple Pay, etc. • Choose payment card from app • Hover phone over payment terminal • A buzz or sound will tell you that your payment method has been accepted. • You may still need to confirm the payment and/or sign the screen
NFC-Enabled Wallets • Google Wallet • Apple Pay • Wallet for Windows Phone 8 • Isis/Softcard (purchased by Google and suspended as of 4/1/15)
Google Wallet • Hover/tap to pay option on Android phone and iPhone apps • Requires NFC-equipped terminal and enabled POS • “Buy with Google” banner on mobile Web sites and enabled apps (may be limited to Android and iPhone) • Payment information stored in online Google Account, not in NFC Secure Element • This is called Host Card Emulation (HCE) • Limited number of banks and loyalty programs • Subject to Fake ID Exploit
Apple Pay • Hover/tap to pay option only available on iPhone 6 series devices (or iPhone 5 with add on NFC case) • Wallet information requested upon iOS 8 set-up (new devices) • Used as backup payment method for iTunes, AppStore, and Apple Pay-enabled apps • Apple says it stores payment information (bank cards, etc.) in the secure element of the NFC chip • While it requested the information for setting up my iPad, my computer says my iTunes account is still set to pay with PayPal and doesn’t provide an Apple Pay option
Wallet for Windows Phone 8 • API supports both bank and loyalty transactions • User app is available for both Tap To Pay and Microsoft Store online purchases • Developer side appears to be white-label back-end system • More information here
Softcard (formerly Isis) - DEFUNCT • Hover/tap to pay • Was available for Android, iOS, and Windows Phone • Complete NFC solution • NFC is built into most current-generation smartphones • Financial information stored in NFC secure element • Limited number of participating banks and services • Included additional loyalty programs and incentives • Purchased by Google and suspended 3/31/15
Paying With NFC Android Settings Google Wallet
Other Mobile Payment Options • Bar Code Scan Apps • Loyalty + Gift Card • Starbucks, Dunkin Donuts • Connected through customer’s loyalty account • Apple Passbook (iPod, iPhone only) • PayPal Mobile App • CurrentC • Developed by Paydient, which is being acquired by PayPal • Open (Numerical) Code Apps • CurrentC (Gas pump purchases) • BK Crown Card/Mobile App • Social Payment Apps • Venmo –PayPal-based social and business payments (mixed reviews)
How Merchant/Loyalty Code Apps Work • Open the app as you approach the register • Tell the cashier you’re paying with the merchant’s app • Choose “pay” in the app • Choose the card you wish to pay with • I have had several Starbucks cards given to me; I use the app to transfer the balances to a single “default” card • Click “pay” to generate a bar code or PIN code • Show the code to the cashier • Bar codes and QR codes are scanned; PIN codes are entered manually • A beep will tell the cashier your payment’s been accepted
How MultiMerchant Bar Code Scan Apps Work • Open the app • You can do this before approaching the register • Choose the merchant from the selections in the app • Pay Pal presents a list based on your current location, or you can search from the menu • Tell the merchant you’re paying with the app • The app will either • Generate a code for the merchant to scan or enter • Tell you to scan or enter the merchant’s transaction code • Tell you to enter your mobile phone number and PIN at the merchant’s terminal
Pay With Open Code • Log in to app • Select merchant or payment method • Present code to merchant • Merchant enters payment method or loyalty card menu, types in 4-digit code
A Bit More About CurrentC • Created by Paydient for MCX (Merchant Customer Exchange) – a consortium of major retail chains • Combines payment, loyalty, and coupon information in a single QR code • Designed to directly access bank accounts to save merchants card processing fees • Collects personal information for marketing purposes • Merchant, customer, or both may need to scan QR codes (not unlike the Pay Pal app) • May have already been hacked
Mobile Payment Incentives • Dunkin Donuts and Softcard have offered referral incentives • Burger King, Softcard (and associated My Coke Rewards accounts) offered purchase incentives • Loyalty programs usually reward in merchandise or in “points” to be redeemed for merchandise • Exception: during much of 2014, American Express and Softcard offered monetary rewards for using the AmEx Serve prepaid card through the Softcard app • Most incentives disappeared after the announcement of Apple Pay. Burger King’s BK Crowns expired 4/28/15.
Mobile Wallet Security • Pros: • NFC: Short-range radio, secure element for info storage, dual identification required • Apple Pay only requires fingerprint or PIN • HCE only uses NFC for communication • Magnetic stripes cannot be force-read (street device) if cards are not present • Multiple-factor authentication available for some apps • PayPal can use email/password or mobile-phone/PIN in conjunction with app-loaded photo
Mobile Wallet Security • Cons: • Can the NFC radio and/or the app(s) be hacked? • Emails have already been hacked from CurrentC • New RFID chip readers and antennas can read current-generation chip credit cards from a distance • What if you lose or break your device (or it is stolen)? • Security apps, remote wipe of device • Card management through computers/Web • PayPal mobile does not allow for a separate PayPal security token
Retrofitting • Some mobile wallets provide credit services and physical credit cards • Amazon Card • PayPal Credit • Some mobile wallets provide credit/debit-stylecards to access your online balance offline • Google Wallet Card • PayPal Credit • NOTE: Mobile wallet-based physical cards have the same security issues as traditional credit and debit cards
Other Considerations • Availability Issues • Resource Management • Money distribution • Device space limitations • Back End Security • Privacy
Availability Issues • Despite what the availability map says what the payment terminal says the fact you’re using the merchant’s own app • The merchant/location may not have enabled mobile payment • The merchant/location may have disabled mobile payment • CVS, Rite-Aid, etc. (MCX contract terms?) • The cashier may not know how to process mobile payment • Hardware issues • Scanner, radio malfunction
Resource Management • Money distribution • How many different places do you want to store money? (What if you suddenly need it all in one place?) • Device space limitations • How much room on your device do you want to allocate to wallet apps and loyalty apps? • How many of these apps come pre-loaded as “carrier bloatware”? • What if you don’t have a data plan (or a 3G/4G chip)? • Many wallet apps are unavailable for tablets • How many mobile phones do you want to be paying for?
Back End Security • Your financial information is only as secure as the systems through which it is sent • Banks, stores, payment processors are still weak links • Database breaches have become increasingly common and wide-scale • Debit card and ACH (direct withdrawal) fraud victims don’t have the protection and legal recourse that credit card fraud victims have • While stores may no longer have your card information, they do have increasing amounts of other personal information
Privacy • Do you really want Google, PayPal, etc. knowing all your banking information as well as your personal info? • Do you want multiple digital wallets having your banking information? • Store security cameras and transaction timestamps can still trace what you bought (and when) back to you in two or three steps • High-end (current generation) store security cameras can probably capture your security PIN • Free in-store Wi-Fi, and Bluetooth beacons, can capture where you are in the store at any moment • Proposed paths for mobile commerce evolution include drawing all customer information from one’s mobile phone number
NFC Security: Resources • 8 Myths About Mobile NFC (Gemalto Security) • How Secure is NFC Tech? (How Stuff Works) • Security Concerns with NFC Technology (NearFieldCommunication.org) • Nearfield Communication (Wikipedia) • NFC FAQ (Smartcard Alliance)
CurrentC Resources • Merchant Customer Exchange (MCX) Official Site • CurrentC site • MCX: Wikipedia entry • BostInno article 10/28/14 • Mobiquity article 5/28/14 • Tech Crunch on CurrentC 10/25/14
More Resources • Apple Pay and Privacy • PayPal Acquisition of Paydient 3/20/15 • Mobile devices as proxy for identity, 4/16/15 • More on the future of Host Card Emulation (HCE) • Professional level reports on Mobile Payments from Networld Media Group, home of Mobile Payments Today (pay to download)