Mobile Wallets Using Your Smartphone for Brickand-Mortar Payment Traditional Methods of Payment • • • • • • Cash Check or Money Order Traveler’s Checks Credit Cards and Debit Cards Pre-paid Cards.

Download Report

Transcript Mobile Wallets Using Your Smartphone for Brickand-Mortar Payment Traditional Methods of Payment • • • • • • Cash Check or Money Order Traveler’s Checks Credit Cards and Debit Cards Pre-paid Cards.

Mobile Wallets
Using Your Smartphone for Brickand-Mortar Payment
Traditional Methods of Payment
•
•
•
•
•
•
Cash
Check or Money Order
Traveler’s Checks
Credit Cards and Debit Cards
Pre-paid Cards (e.g., Gift Cards, MetroCard)
Combination Cards (Loyalty Plus Payment)
▫ e. g., Starbucks Card
• NFC or RFID Tokens (“tap to pay”)
Cyber Payments
• Secure Web site
▫ Uses credit card numbers, often with CVV
• Cyber Wallets
▫ PayPal, Amazon.com, iTunes, Google Wallet,
Apple Pay
• Cryptocurrency
▫ Bitcoin, eGold, etc.
Mobile Payment Processing
• Moves credit/debit card processing to the
mobile device
▫
▫
▫
▫
▫
Square
Pay Anywhere
PayPal Here
Intuit
Assorted mobile Point of Sale (POS) apps
Mobile Payment Processing
Hybrid Payment Systems
• Moving cards and cyber wallets to mobile devices
▫ PayPal app – access your PayPal account
▫ Amazon apps – purchase merchandise, MP3s
▫ Google Wallet – for Google Play, Google Walletenabled apps, NFC
▫ iPhone Passbook
▫ Loyalty+Payment card apps
 Starbucks, Dunkin Donuts, etc. (scan to pay)
• Balances can be spent online, on mobile, and/or in
store
Hybrid Payment Systems
NFC: Payment’s Next Iteration?
• NFC: Near Field Communication
▫ Devices must be in close proximity (2-3 cm)
▫ Login plus secure PIN to access payment method
▫ “Secure element” within the NFC chip makes
stored information device-specific
 NFC-stored payment information must be manually
migrated to upgraded devices
▫ “Tap to pay” requires separate supporting logic
chips and antenna
 iPad Air 2 and Mini 3 use their NFC chip only for its
secure element for storing payment information
How NFC Wallets Work
• NFC radio must be turned on in Settings
▫ I usually turn this OFF when not actively using it
▫ Apple Pay app automatically turns NFC on and off
• Launch wallet app
▫ You may also need to tell the cashier you’re paying
with Google, Apple Pay, etc.
• Choose payment card from app
• Hover phone over payment terminal
• A buzz or sound will tell you that your payment
method has been accepted.
• You may still need to confirm the payment and/or
sign the screen
NFC-Enabled Wallets
•
•
•
•
Google Wallet
Apple Pay
Wallet for Windows Phone 8
Isis/Softcard (purchased by Google and
suspended as of 4/1/15)
Google Wallet
• Hover/tap to pay option on Android phone and
iPhone apps
• Requires NFC-equipped terminal and enabled POS
• “Buy with Google” banner on mobile Web sites and
enabled apps (may be limited to Android and
iPhone)
• Payment information stored in online Google
Account, not in NFC Secure Element
• This is called Host Card Emulation (HCE)
• Limited number of banks and loyalty programs
• Subject to Fake ID Exploit
Apple Pay
• Hover/tap to pay option only available on iPhone 6
series devices (or iPhone 5 with add on NFC case)
• Wallet information requested upon iOS 8 set-up
(new devices)
▫ Used as backup payment method for iTunes,
AppStore, and Apple Pay-enabled apps
• Apple says it stores payment information (bank
cards, etc.) in the secure element of the NFC chip
▫ While it requested the information for setting up my
iPad, my computer says my iTunes account is still set
to pay with PayPal and doesn’t provide an Apple Pay
option
Wallet for Windows Phone 8
• API supports both bank and loyalty transactions
• User app is available for both Tap To Pay and
Microsoft Store online purchases
• Developer side appears to be white-label backend system
• More information here
Softcard (formerly Isis) - DEFUNCT
• Hover/tap to pay
• Was available for Android, iOS, and Windows Phone
• Complete NFC solution
▫ NFC is built into most current-generation
smartphones
▫ Financial information stored in NFC secure element
• Limited number of participating banks and services
• Included additional loyalty programs and incentives
• Purchased by Google and suspended 3/31/15
Paying With NFC
Android Settings
Google Wallet
Apple Pay
Other Mobile Payment Options
• Bar Code Scan Apps
▫ Loyalty + Gift Card
 Starbucks, Dunkin Donuts
 Connected through customer’s loyalty account
▫ Apple Passbook (iPod, iPhone only)
▫ PayPal Mobile App
▫ CurrentC
 Developed by Paydient, which is being acquired by PayPal
• Open (Numerical) Code Apps
▫ CurrentC (Gas pump purchases)
▫ BK Crown Card/Mobile App
• Social Payment Apps
▫ Venmo –PayPal-based social and business payments
(mixed reviews)
How Merchant/Loyalty Code Apps Work
• Open the app as you approach the register
• Tell the cashier you’re paying with the merchant’s
app
• Choose “pay” in the app
• Choose the card you wish to pay with
▫ I have had several Starbucks cards given to me; I use the
app to transfer the balances to a single “default” card
• Click “pay” to generate a bar code or PIN code
• Show the code to the cashier
▫ Bar codes and QR codes are scanned; PIN codes are entered
manually
• A beep will tell the cashier your payment’s been
accepted
DD Perks: A Bar Code Payment App
How MultiMerchant Bar Code Scan
Apps Work
• Open the app
▫ You can do this before approaching the register
• Choose the merchant from the selections in the app
▫ Pay Pal presents a list based on your current location,
or you can search from the menu
• Tell the merchant you’re paying with the app
• The app will either
▫ Generate a code for the merchant to scan or enter
▫ Tell you to scan or enter the merchant’s transaction
code
▫ Tell you to enter your mobile phone number and PIN
at the merchant’s terminal
PayPal Mobile Payment
PayPal Mobile Payment
Pay With Open Code
•
•
•
•
Log in to app
Select merchant or payment method
Present code to merchant
Merchant enters payment method or loyalty card
menu, types in 4-digit code
Burger King – an Open Code App
Burger King Loyalty and Payment
A Bit More About CurrentC
• Created by Paydient for MCX (Merchant Customer
Exchange) – a consortium of major retail chains
• Combines payment, loyalty, and coupon information
in a single QR code
• Designed to directly access bank accounts to save
merchants card processing fees
• Collects personal information for marketing
purposes
• Merchant, customer, or both may need to scan QR
codes (not unlike the Pay Pal app)
• May have already been hacked
Mobile Payment Incentives
• Dunkin Donuts and Softcard have offered referral
incentives
• Burger King, Softcard (and associated My Coke Rewards
accounts) offered purchase incentives
• Loyalty programs usually reward in merchandise or in
“points” to be redeemed for merchandise
▫ Exception: during much of 2014, American Express and Softcard
offered monetary rewards for using the AmEx Serve prepaid card
through the Softcard app
• Most incentives disappeared after the announcement of
Apple Pay. Burger King’s BK Crowns expired 4/28/15.
Mobile Wallet Security
• Pros:
▫ NFC: Short-range radio, secure element for info
storage, dual identification required
 Apple Pay only requires fingerprint or PIN
 HCE only uses NFC for communication
▫ Magnetic stripes cannot be force-read (street
device) if cards are not present
▫ Multiple-factor authentication available for some
apps
 PayPal can use email/password or mobilephone/PIN in conjunction with app-loaded photo
Mobile Wallet Security
• Cons:
▫ Can the NFC radio and/or the app(s) be hacked?
 Emails have already been hacked from CurrentC
 New RFID chip readers and antennas can read
current-generation chip credit cards from a distance
▫ What if you lose or break your device (or it is
stolen)?
 Security apps, remote wipe of device
 Card management through computers/Web
▫ PayPal mobile does not allow for a separate PayPal
security token
Retrofitting
• Some mobile wallets provide credit services and
physical credit cards
▫ Amazon Card
▫ PayPal Credit
• Some mobile wallets provide credit/debit-style cards
to access your online balance offline
▫ Google Wallet Card
▫ PayPal Credit
• NOTE: Mobile wallet-based physical cards have the
same security issues as traditional credit and debit
cards
Other Considerations
• Availability Issues
• Resource Management
▫ Money distribution
▫ Device space limitations
• Back End Security
• Privacy
Availability Issues
• Despite
what the availability map says
what the payment terminal says
the fact you’re using the merchant’s own app
▫ The merchant/location may not have enabled mobile
payment
▫ The merchant/location may have disabled mobile payment
 CVS, Rite-Aid, etc. (MCX contract terms?)
• The cashier may not know how to process mobile
payment
• Hardware issues
▫ Scanner, radio malfunction
Resource Management
• Money distribution
▫ How many different places do you want to store money?
(What if you suddenly need it all in one place?)
• Device space limitations
▫ How much room on your device do you want to allocate to
wallet apps and loyalty apps?
 How many of these apps come pre-loaded as “carrier
bloatware”?
• What if you don’t have a data plan (or a 3G/4G chip)?
• Many wallet apps are unavailable for tablets
▫ How many mobile phones do you want to be paying for?
Back End Security
• Your financial information is only as secure as
the systems through which it is sent
• Banks, stores, payment processors are still weak
links
• Database breaches have become increasingly common and
wide-scale
• Debit card and ACH (direct withdrawal) fraud victims don’t
have the protection and legal recourse that credit card fraud
victims have
• While stores may no longer have your card information,
they do have increasing amounts of other personal
information
Privacy
• Do you really want Google, PayPal, etc. knowing all your banking
information as well as your personal info?
• Do you want multiple digital wallets having your banking
information?
• Store security cameras and transaction timestamps can still trace
what you bought (and when) back to you in two or three steps
• High-end (current generation) store security cameras can probably
capture your security PIN
• Free in-store Wi-Fi, and Bluetooth beacons, can capture where you
are in the store at any moment
• Proposed paths for mobile commerce evolution include drawing all
customer information from one’s mobile phone number
NFC Security: Resources
• 8 Myths About Mobile NFC (Gemalto Security)
• How Secure is NFC Tech? (How Stuff Works)
• Security Concerns with NFC Technology
(NearFieldCommunication.org)
• Nearfield Communication (Wikipedia)
• NFC FAQ (Smartcard Alliance)
CurrentC Resources
• Merchant Customer Exchange (MCX) Official
Site
• CurrentC site
• MCX: Wikipedia entry
• BostInno article 10/28/14
• Mobiquity article 5/28/14
• Tech Crunch on CurrentC 10/25/14
More Resources
•
•
•
•
Apple Pay and Privacy
PayPal Acquisition of Paydient 3/20/15
Mobile devices as proxy for identity, 4/16/15
More on the future of Host Card Emulation
(HCE)
• Professional level reports on Mobile Payments
from Networld Media Group, home of Mobile
Payments Today (pay to download)