The Challenges of Mobile Payments

Dreamstime.com View full size image

Mobile devices are the new currency. And, thanks to near-field communication, customers can make a payment as if they were using a credit card by touching a payment terminal and adding a PIN.

“In general, there are two categories of mobile payments: remote and proximity payments,” said Alberto Jimenez, mobile payments leader at IBM Corp. “For proximity payments, the key technology is called near-field communication, which is a short-range radio standard that supports interactions up to about 4 inches. For remote payments, there are multiple technologies and they are usually categorized depending on the type of device," he said.

"For feature phones (more common in emerging markets), SMS, USSD and menus on the SIM cards are the key technologies," Jimenez explained. "For smartphones (more common in developed markets), downloadable applications and WAP interactions using the browser of the device are the most-used technologies.”

Although NFC is not new, 2011 could be the breakthrough year as NFC-enabled mobiles and point-of-sale terminals become widely adopted. Most of the major smartphone-operating systems have announced support for NFC, including Nokia, Blackberry and HTC.

“A mobile payment process works by providing two parties in a transaction with a single touch point in common, such as a bank or credit card service, or a payment-service provider like PayPal,” explained Fred Emmer, co-founder of Give.mobi, a branded mobile payments platform, serving nonprofits by allowing them to collect donations from smartphone users. “If both a donor and a recipient, in the case of a nonprofit, or a buyer and a seller in a commercial transaction, have an account with a common payment provider they can make a transaction over their Web-enabled smartphones.”

It makes sense for businesses to be where the customers are and to make the payment process as easy as possible, but mobile payments come with challenges. And those challenges will be different by industry.

“Banks, telcos and retailers face different challenges,” Jimenez said. “In general, interoperability is a big concern; as mobile payments ecosystems develop, we believe it is important for retailers to choose partners that allow them to accept payments from as many end-clients as possible. We believe that restrictive schemes (closed ecosystems) might limit the ability of the different players to monetize this opportunity. This not only applies to business relationships but also to technology choices: handsets, point of sale terminals, back-office systems, etc.”

“Businesses need to be concerned about the cost of developing unique payment solutions for each mobile device,” Emmer added.  “Developing smartphone apps for each mobile-operating system is prohibitively expensive for most companies.”

Companies, individual contractors and nonprofits also need to be concerned about security when sharing sensitive financial information via mobile devices.  And it appears that security is a major concern for customers. A survey by payment solution provider Mobio Identity Systems found that 94 percent phone of potential users would happily move to mobile payments if they knew the system was secure.

Right now, security of mobile payments is a mixed bag. It all depends on the type of payment system being used, according to Steve Brunswick, strategy manager at Thales e-Security.

“On the NFC mobile payments front, there has been a lot of misinformation disseminated by the press on the security of contactless cards, which in essence uses the same technology as used in NFC mobile payments. NFC mobile payments are in fact highly secure,” Brunswick said. “For peer-to-peer mobile payments, whether the payment is made via SMS or other means, security can be built into the phone’s SIM card. The card holds cryptographic keys to secure transactions, and security vendors secure the generation of those keys and their storage in back-end systems.”

The most insecure payment system, Brunswick added, is using a mobile phone with attached card reader to act as a payments terminal, or mobile acceptance.

“On June 24, 2011, the PCI Security Standards Council that governs the security of payment card schemes issued guidance that payment applications running on popular consumer mobile devices such as smartphones, tablets and PDAs face further review to determine whether they can be eligible for PCI status,” he said.

Over all, Brunswick said, the biggest challenges facing mobile payments isn’t going to be evolving technology or security, but changing the way people think about paying for purchases and services.

“Card schemes like Visa and MasterCard have tremendous muscle and an established infrastructure that means they have an advantage for mobile payments at bricks-and-mortar locations in the developed world,” Brunswick said. “In the developing world, where the infrastructure is not there, mobile payments have been more successful and will probably continue in their success.”

• CFOs Controlling IT Departments
• Dialing for Dollars: Credit Card Smartphones Pose New Risks
• 4 Big Security Risks Right Now