Mobile Payments SPENDING MONEY THE HARD WAY, SINCE BY JOSH TURIEL, JH TURIEL & ASSOCIATES INC.
In the beginning, there were credit cards. There still are. But they aren’t very secure, and they’re easy to hack and copy. Magnetic stripes encode card number information and a verification code to ensure the card is present. In the Dark Ages, they were imprinted by a manual card reader onto a slip that was sent to the bank. A code is additionally on the back or front (American Express) to be read/entered in Card Not Present transactions.
In 1999, the first mobile payments… A company called Confinity developed a method for using IR transfer to “beam” money from Palm Pilot to Palm Pilot. The program was called PayPal. Among a select few, it was a hit. But PDAs never hit the true critical mass necessary to make handheld payments practical. Confinity went on to merge with a online banking company called X.com (founded by a guy named Elon Musk – maybe you’ve heard of him?). The merged company was renamed PayPal, and the core product pivoted to become an online payments system that wasn’t PDA- dependent. They were bought by eBay to provide a payment back-end.
Meanwhile, across the pond In Europe, the Smart Card was gathering steam. In 1998 they began replacing magnetic stripe readers and over the last decade have become prevalent in that market. In the US, Smart Cards are supposed to be standard issue by this coming October. Some banks are farther along in the transition. The Smart Card has a chip in the left side of the card, visible to the user, that adds authentication capabilities to the transaction. When used with a compatible reader, these cards:
How a Smart Card (chip card) works In a terminal with only a mag stripe reader, they work the way they always did. If there’s a chip reader, the card is inserted and the reader makes contact and uses the chip to create a one-time authentication code that accompanies the transaction. This renders the card useless for cloned transactions – the code is unique each time and keyed to the chip. Some of these chip cards can also provide contactless payments. This uses a NFC (Near-Field Communications) sensor inside the reader to communicate with the card and handle the one- time code generation. This will be key to what comes next.
Basic concept In all these current mobile payment systems, the transactions are tokenized. Instead of credit card numbers, the software generates a Device Account Number, and the vendor has a Token Service Number. Those are used to create a security code for each transaction, and no credit card number is stored by either the the retailer, the device, or the vendor. Much of today’s fraud issues stem from magstripe technology – the information encoded there is easy to clone, and has no security inherent to it. NFC and chip card payments deal with this using tokenization.
NFC – opening the door. Thanks, Google. Google was first to the NFC market with Google Wallet (2011). Wallet used NFC for communications, but was PIN-based (as Android lacked biometrics support in the core OS). Also had dependencies supporting only certain Android phones. Google Wallet piggybacked off MasterCard PayPass and Visa payWave. It also supports person-to-person money transfers (via Gmail).
Google Wallet 2.0 – Android Pay As Android has become more capable, Google Wallet is gradually migrating to a service called “Android Pay”. Android Pay supports virtually all Android devices with NFC capabilities, and supports biometrics (fingerprint readers) when present. It is part of the Android core OS. However…
Samsung has an issue with that! Samsung, in an effort to differentiate themselves, developed their own mobile payments system based on LoopPay. It’s called “Samsung Pay”. Available starting 9/28, it’s provided on all current-generation Galaxy devices. Their secret sauce? MST (Magnetic Secure Transmission) – they have a way to generate a signal that will be picked up by virtually all magstripe readers. Backwards compatibility.
So how did Apple become the leader? A few reasons: 1: Apple Pay is quite elegant in UI design 2: Apple has a year of building it into both their best-selling phones already 3: People already trust Apple with credit cards 4: The fingerprint reader. Really. Basically, Apple took ingredients (NFC, biometrics, credit card storage) that were already being used and combined them. Apple Pay uses NFC terminal compatibility for retail, and hooks into in-app purchasing neatly.
Fingerprint versus PIN That was the key differentiator between Apple Pay and Google Wallet. Newer technologies (Android Pay, Samsung Pay) will eliminate that gap, but Apple was first mover. And first to make fingerprint recognition easy and standard. But there’s still an act to play…
Retailers want more info from you We all know this. Loyalty cards, etc. are incentives. To make that payment loop happen, a big collaborative led by Walmart developed MCX: Their product is called CurrentC, and it ties only to debit cards, using QR codes that are scanned from phone screens to make transactions. Using debit cards = lower interchange fees for retailers. It’s also not available yet – in test mode now. But it will have ties to loyalty programs and be able to track receipts – as it’s retailer-driven. This benefits retailers, and could be useful to those who would rather not keep a loyalty card handy in exchange for a more cumbersome purchase process. (spoiler alert: they’re doomed)
It’s not all roses There are still fraud opportunities. Adding cards to a digital wallet takes two prospective paths: “Green Path” uses automation to determine if the card is in fact eligible for addition. “Yellow Path” requires manual verification, usually through call centers. But in many cases the banks have chosen information to verify that’s easy to spoof (like, for instance, the last four digits of a SSN). This human vulnerability means that fraud is still a factor.
And now, some goodies I have a few pages of charts and diagrams, plus let’s talk about it. Thanks!