Mobile Wallets Using Your Smartphone for Brickand-Mortar Payment Traditional Methods of Payment • • • • • • Cash Check or Money Order Traveler’s Checks Credit Cards and Debit Cards Pre-paid Cards.
Download ReportTranscript Mobile Wallets Using Your Smartphone for Brickand-Mortar Payment Traditional Methods of Payment • • • • • • Cash Check or Money Order Traveler’s Checks Credit Cards and Debit Cards Pre-paid Cards.
Mobile Wallets Using Your Smartphone for Brickand-Mortar Payment Traditional Methods of Payment • • • • • • Cash Check or Money Order Traveler’s Checks Credit Cards and Debit Cards Pre-paid Cards (e.g., Gift Cards, MetroCard) Combination Cards (Loyalty Plus Payment) ▫ e. g., Starbucks Card • NFC or RFID Tokens (“tap to pay”) Cyber Payments • Secure Web site ▫ Uses credit card numbers, often with CVV • Cyber Wallets ▫ PayPal, Amazon.com, iTunes, Google Wallet, Apple Pay • Cryptocurrency ▫ Bitcoin, eGold, etc. Mobile Payment Processing • Moves credit/debit card processing to the mobile device ▫ ▫ ▫ ▫ ▫ Square Pay Anywhere PayPal Here Intuit Assorted mobile Point of Sale (POS) apps Mobile Payment Processing Hybrid Payment Systems • Moving cards and cyber wallets to mobile devices ▫ PayPal app – access your PayPal account ▫ Amazon apps – purchase merchandise, MP3s ▫ Google Wallet – for Google Play, Google Walletenabled apps, NFC ▫ iPhone Passbook ▫ Loyalty+Payment card apps Starbucks, Dunkin Donuts, etc. (scan to pay) • Balances can be spent online, on mobile, and/or in store Hybrid Payment Systems NFC: Payment’s Next Iteration? • NFC: Near Field Communication ▫ Devices must be in close proximity (2-3 cm) ▫ Login plus secure PIN to access payment method ▫ “Secure element” within the NFC chip makes stored information device-specific NFC-stored payment information must be manually migrated to upgraded devices ▫ “Tap to pay” requires separate supporting logic chips and antenna iPad Air 2 and Mini 3 use their NFC chip only for its secure element for storing payment information How NFC Wallets Work • NFC radio must be turned on in Settings ▫ I usually turn this OFF when not actively using it ▫ Apple Pay app automatically turns NFC on and off • Launch wallet app ▫ You may also need to tell the cashier you’re paying with Google, Apple Pay, etc. • Choose payment card from app • Hover phone over payment terminal • A buzz or sound will tell you that your payment method has been accepted. • You may still need to confirm the payment and/or sign the screen NFC-Enabled Wallets • • • • Google Wallet Apple Pay Wallet for Windows Phone 8 Isis/Softcard (purchased by Google and suspended as of 4/1/15) Google Wallet • Hover/tap to pay option on Android phone and iPhone apps • Requires NFC-equipped terminal and enabled POS • “Buy with Google” banner on mobile Web sites and enabled apps (may be limited to Android and iPhone) • Payment information stored in online Google Account, not in NFC Secure Element • This is called Host Card Emulation (HCE) • Limited number of banks and loyalty programs • Subject to Fake ID Exploit Apple Pay • Hover/tap to pay option only available on iPhone 6 series devices (or iPhone 5 with add on NFC case) • Wallet information requested upon iOS 8 set-up (new devices) ▫ Used as backup payment method for iTunes, AppStore, and Apple Pay-enabled apps • Apple says it stores payment information (bank cards, etc.) in the secure element of the NFC chip ▫ While it requested the information for setting up my iPad, my computer says my iTunes account is still set to pay with PayPal and doesn’t provide an Apple Pay option Wallet for Windows Phone 8 • API supports both bank and loyalty transactions • User app is available for both Tap To Pay and Microsoft Store online purchases • Developer side appears to be white-label backend system • More information here Softcard (formerly Isis) - DEFUNCT • Hover/tap to pay • Was available for Android, iOS, and Windows Phone • Complete NFC solution ▫ NFC is built into most current-generation smartphones ▫ Financial information stored in NFC secure element • Limited number of participating banks and services • Included additional loyalty programs and incentives • Purchased by Google and suspended 3/31/15 Paying With NFC Android Settings Google Wallet Apple Pay Other Mobile Payment Options • Bar Code Scan Apps ▫ Loyalty + Gift Card Starbucks, Dunkin Donuts Connected through customer’s loyalty account ▫ Apple Passbook (iPod, iPhone only) ▫ PayPal Mobile App ▫ CurrentC Developed by Paydient, which is being acquired by PayPal • Open (Numerical) Code Apps ▫ CurrentC (Gas pump purchases) ▫ BK Crown Card/Mobile App • Social Payment Apps ▫ Venmo –PayPal-based social and business payments (mixed reviews) How Merchant/Loyalty Code Apps Work • Open the app as you approach the register • Tell the cashier you’re paying with the merchant’s app • Choose “pay” in the app • Choose the card you wish to pay with ▫ I have had several Starbucks cards given to me; I use the app to transfer the balances to a single “default” card • Click “pay” to generate a bar code or PIN code • Show the code to the cashier ▫ Bar codes and QR codes are scanned; PIN codes are entered manually • A beep will tell the cashier your payment’s been accepted DD Perks: A Bar Code Payment App How MultiMerchant Bar Code Scan Apps Work • Open the app ▫ You can do this before approaching the register • Choose the merchant from the selections in the app ▫ Pay Pal presents a list based on your current location, or you can search from the menu • Tell the merchant you’re paying with the app • The app will either ▫ Generate a code for the merchant to scan or enter ▫ Tell you to scan or enter the merchant’s transaction code ▫ Tell you to enter your mobile phone number and PIN at the merchant’s terminal PayPal Mobile Payment PayPal Mobile Payment Pay With Open Code • • • • Log in to app Select merchant or payment method Present code to merchant Merchant enters payment method or loyalty card menu, types in 4-digit code Burger King – an Open Code App Burger King Loyalty and Payment A Bit More About CurrentC • Created by Paydient for MCX (Merchant Customer Exchange) – a consortium of major retail chains • Combines payment, loyalty, and coupon information in a single QR code • Designed to directly access bank accounts to save merchants card processing fees • Collects personal information for marketing purposes • Merchant, customer, or both may need to scan QR codes (not unlike the Pay Pal app) • May have already been hacked Mobile Payment Incentives • Dunkin Donuts and Softcard have offered referral incentives • Burger King, Softcard (and associated My Coke Rewards accounts) offered purchase incentives • Loyalty programs usually reward in merchandise or in “points” to be redeemed for merchandise ▫ Exception: during much of 2014, American Express and Softcard offered monetary rewards for using the AmEx Serve prepaid card through the Softcard app • Most incentives disappeared after the announcement of Apple Pay. Burger King’s BK Crowns expired 4/28/15. Mobile Wallet Security • Pros: ▫ NFC: Short-range radio, secure element for info storage, dual identification required Apple Pay only requires fingerprint or PIN HCE only uses NFC for communication ▫ Magnetic stripes cannot be force-read (street device) if cards are not present ▫ Multiple-factor authentication available for some apps PayPal can use email/password or mobilephone/PIN in conjunction with app-loaded photo Mobile Wallet Security • Cons: ▫ Can the NFC radio and/or the app(s) be hacked? Emails have already been hacked from CurrentC New RFID chip readers and antennas can read current-generation chip credit cards from a distance ▫ What if you lose or break your device (or it is stolen)? Security apps, remote wipe of device Card management through computers/Web ▫ PayPal mobile does not allow for a separate PayPal security token Retrofitting • Some mobile wallets provide credit services and physical credit cards ▫ Amazon Card ▫ PayPal Credit • Some mobile wallets provide credit/debit-style cards to access your online balance offline ▫ Google Wallet Card ▫ PayPal Credit • NOTE: Mobile wallet-based physical cards have the same security issues as traditional credit and debit cards Other Considerations • Availability Issues • Resource Management ▫ Money distribution ▫ Device space limitations • Back End Security • Privacy Availability Issues • Despite what the availability map says what the payment terminal says the fact you’re using the merchant’s own app ▫ The merchant/location may not have enabled mobile payment ▫ The merchant/location may have disabled mobile payment CVS, Rite-Aid, etc. (MCX contract terms?) • The cashier may not know how to process mobile payment • Hardware issues ▫ Scanner, radio malfunction Resource Management • Money distribution ▫ How many different places do you want to store money? (What if you suddenly need it all in one place?) • Device space limitations ▫ How much room on your device do you want to allocate to wallet apps and loyalty apps? How many of these apps come pre-loaded as “carrier bloatware”? • What if you don’t have a data plan (or a 3G/4G chip)? • Many wallet apps are unavailable for tablets ▫ How many mobile phones do you want to be paying for? Back End Security • Your financial information is only as secure as the systems through which it is sent • Banks, stores, payment processors are still weak links • Database breaches have become increasingly common and wide-scale • Debit card and ACH (direct withdrawal) fraud victims don’t have the protection and legal recourse that credit card fraud victims have • While stores may no longer have your card information, they do have increasing amounts of other personal information Privacy • Do you really want Google, PayPal, etc. knowing all your banking information as well as your personal info? • Do you want multiple digital wallets having your banking information? • Store security cameras and transaction timestamps can still trace what you bought (and when) back to you in two or three steps • High-end (current generation) store security cameras can probably capture your security PIN • Free in-store Wi-Fi, and Bluetooth beacons, can capture where you are in the store at any moment • Proposed paths for mobile commerce evolution include drawing all customer information from one’s mobile phone number NFC Security: Resources • 8 Myths About Mobile NFC (Gemalto Security) • How Secure is NFC Tech? (How Stuff Works) • Security Concerns with NFC Technology (NearFieldCommunication.org) • Nearfield Communication (Wikipedia) • NFC FAQ (Smartcard Alliance) CurrentC Resources • Merchant Customer Exchange (MCX) Official Site • CurrentC site • MCX: Wikipedia entry • BostInno article 10/28/14 • Mobiquity article 5/28/14 • Tech Crunch on CurrentC 10/25/14 More Resources • • • • Apple Pay and Privacy PayPal Acquisition of Paydient 3/20/15 Mobile devices as proxy for identity, 4/16/15 More on the future of Host Card Emulation (HCE) • Professional level reports on Mobile Payments from Networld Media Group, home of Mobile Payments Today (pay to download)