Mobile Payment, Your Time has Come

Written by

Mobile payment technology has taken great strides forward in 2015. Earlier this year, at Mobile World Congress, Samsung announced its Samsung Pay service, to be integrated into the new, NFC-toting Galaxy S6 range. Google followed suit, announcing that Android Pay will effectively replace its Wallet system in the next generation of Android phones.

Apple, meanwhile, is ahead of the pack. Its Apple Pay service launched late last year in the US, and in July 2015 will be activated for UK users. As is so often the case, Apple is not the primary innovator in this space, but its adoption of the technology will likely open the floodgates for more popular use.

Security, as ever, is of the essence. To drive consumer trust in new payment methods, especially those that involve NFC, fraudulent use of these technologies must involve as much friction as possible. At the same time, reducing user inconvenience while raising security is vital; no one will adopt technology that is hard to use, especially with something as quotidian as payment.

If there’s one area of life we want to be simple, it’s how we pay for things. Easy, speedy payment encourages spending. But speed isn’t enough; it needs to be secure – ideally, even more secure than using a credit card, or walking the streets with a wallet full of cash. Technologies that somehow strike that balance – achieving ease, and speed, of use, while enabling the user to have peace of mind – are security’s Shangri-La.

It’s important that mobile hardware and software developers get it right, or they risk delaying the mobile payment project for years as it struggles under the weight of consumer mistrust.

"Easy, speedy payment encourages spending. But speed isn’t enough; it needs to be secure – ideally, even more secure than using a credit card or cash"

Indeed, research shows that mistrust in mobile payment seems entrenched, even before the technology has really become widespread. A recent YouGov study found 47% of respondents did not want to use their mobile phone for payments with 81% highlighting concerns over security.

Similar wariness followed the introduction of the first contactless debit cards. However, initial ‘here-be-witchcraft’ skepticism about the safety and security of NFC plastic cards seem to have faded for UK consumers. Visa Europe predicts £1.2bn of contactless mobile payments will be made every week by 2020. The same study found that the UK spent £2.32bn with contactless cards last year.

Worldpay reports it has now processed over £2bn in UK contactless payments since January 2012. It took until October 2014 to reach that first £1bn. That means contactless transactions rose 49% in the last six months. The number of contactless transactions has risen by 964% in two years. Contrast the US, where only 40 million contactless payments were made in the whole of 2014. The UK beat that in December alone.

Clearly there is strong appetite in Blighty for adopting new payment technologies, even if initial distrust is prominent. It’s hardly surprising, after all, given that people’s finances are at stake, and trust in the banking sector is shot post-2008. If faith in banks is low, it’s incumbent on the mobile payment software providers to take risk out their hands.

The ball, for now, is in Apple’s court. With Apple Pay, it seems to have created a secure technology that can offer peace of mind to users. No card details are stored or transmitted locally, and instead one-time tokens are transmitted to the payment terminal (when used physically in-store) to verify payment. Payments can only be activated using the biometric fingerprint sensor, TouchID, found on the newest models of Apple hardware.

If it can be successful in the US, where there is typically less friction around making payments and therefore more opportunities for fraud, it can work here. Indeed, much early Apple Pay fraud Stateside fell at the banks’ feet, with stolen card-not-present data sold by hackers on the black market being used to set-up Apple Pay accounts. The banks did not make it hard enough to verify that card-holders were legitimate.

In the UK, where multi-factor authentication and Chip and PIN are long-established, fraudsters’ chances of success will diminish.

The security commentariat was quick to respond to the Apple Pay UK launch news. Some welcome the moved to a biometrically-authenticated system, others expressed concerns about spoofing of payment entry forms in iOS, and other hypothetical security holes that could be exploited by highly savvy and dedicated criminals.

Of course, the old mantra, there is no such thing as 100% security, always applies. In the world of virtual banking, still a maturing technology, this is truer than ever. Thankfully, Apple, and hopefully its counterparts in Android and Samsung when launched, has started out setting the bar high. Wide adoption is more or less inevitable – so this is a chance for the industry to do something it’s not been best at over the years: getting it right first time round.

What’s hot on Infosecurity Magazine?