View
223
Download
0
Category
Tags:
Preview:
Citation preview
Mobile WalletsUsing Your Smartphone for Brick-and-Mortar Payment
Traditional Methods of Payment
•Cash•Check or Money Order•Traveler’s Checks•Credit Cards and Debit Cards•Pre-paid Cards (e.g., Gift Cards,
MetroCard)•Combination Cards (Loyalty Plus Payment)
▫e. g., Starbucks Card•NFC or RFID Tokens (“tap to pay”)
Cyber Payments
•Secure Web site▫Uses credit card numbers, often with CVV
•Cyber Wallets▫PayPal, Amazon.com, iTunes, Google
Wallet, Apple Pay•Cryptocurrency
▫Bitcoin, eGold, etc.
Mobile Payment Processing
•Moves credit/debit card processing to the mobile device▫Square▫Pay Anywhere▫PayPal Here▫Intuit▫Assorted mobile Point of Sale (POS) apps
Mobile Payment Processing
Hybrid Payment Systems• Moving cards and cyber wallets to mobile
devices▫PayPal app – access your PayPal account▫Amazon apps – purchase merchandise, MP3s▫Google Wallet – for Google Play, Google Wallet-
enabled apps, NFC▫ iPhone Passbook▫Loyalty+Payment card apps
Starbucks, Dunkin Donuts, etc. (scan to pay)• Balances can be spent online, on mobile,
and/or in store
Hybrid Payment Systems
NFC: Payment’s Next Iteration?•NFC: Near Field Communication
▫Devices must be in close proximity (2-3 cm)▫Login plus secure PIN to access payment method▫“Secure element” within the NFC chip makes
stored information device-specific NFC-stored payment information must be manually
migrated to upgraded devices▫“Tap to pay” requires separate supporting logic
chips and antenna iPad Air 2 and Mini 3 use their NFC chip only for
its secure element for storing payment information
How NFC Wallets Work• NFC radio must be turned on in Settings
▫ I usually turn this OFF when not actively using it▫Apple Pay app automatically turns NFC on and off
• Launch wallet app▫You may also need to tell the cashier you’re paying
with Google, Apple Pay, etc.• Choose payment card from app• Hover phone over payment terminal• A buzz or sound will tell you that your payment
method has been accepted.• You may still need to confirm the payment and/or
sign the screen
NFC-Enabled Wallets•Google Wallet•Apple Pay•Wallet for Windows Phone 8•Isis/Softcard (purchased by Google and
suspended as of 4/1/15)
Google Wallet• Hover/tap to pay option on Android phone and
iPhone apps• Requires NFC-equipped terminal and enabled POS
• “Buy with Google” banner on mobile Web sites and enabled apps (may be limited to Android and iPhone)
• Payment information stored in online Google Account, not in NFC Secure Element• This is called Host Card Emulation (HCE)
• Limited number of banks and loyalty programs• Subject to Fake ID Exploit
Apple Pay• Hover/tap to pay option only available on iPhone 6
series devices (or iPhone 5 with add on NFC case)• Wallet information requested upon iOS 8 set-up
(new devices)▫Used as backup payment method for iTunes,
AppStore, and Apple Pay-enabled apps• Apple says it stores payment information (bank
cards, etc.) in the secure element of the NFC chip▫While it requested the information for setting up my
iPad, my computer says my iTunes account is still set to pay with PayPal and doesn’t provide an Apple Pay option
Wallet for Windows Phone 8
•API supports both bank and loyalty transactions
•User app is available for both Tap To Pay and Microsoft Store online purchases
•Developer side appears to be white-label back-end system
•More information here
Softcard (formerly Isis) - DEFUNCT
• Hover/tap to pay• Was available for Android, iOS, and Windows
Phone• Complete NFC solution
▫NFC is built into most current-generation smartphones
▫Financial information stored in NFC secure element • Limited number of participating banks and
services• Included additional loyalty programs and
incentives• Purchased by Google and suspended 3/31/15
Other Mobile Payment Options• Bar Code Scan Apps
▫ Loyalty + Gift Card Starbucks, Dunkin Donuts Connected through customer’s loyalty account
▫ Apple Passbook (iPod, iPhone only)▫ PayPal Mobile App▫ CurrentC
Developed by Paydient, which is being acquired by PayPal• Open (Numerical) Code Apps
▫ CurrentC (Gas pump purchases)▫ BK Crown Card/Mobile App
• Social Payment Apps▫ Venmo –PayPal-based social and business payments (mixed
reviews)
How Merchant/Loyalty Code Apps Work• Open the app as you approach the register• Tell the cashier you’re paying with the merchant’s
app• Choose “pay” in the app• Choose the card you wish to pay with
▫ I have had several Starbucks cards given to me; I use the app to transfer the balances to a single “default” card
• Click “pay” to generate a bar code or PIN code• Show the code to the cashier
▫ Bar codes and QR codes are scanned; PIN codes are entered manually
• A beep will tell the cashier your payment’s been accepted
DD Perks: A Bar Code Payment App
How MultiMerchant Bar Code Scan Apps Work• Open the app
▫You can do this before approaching the register• Choose the merchant from the selections in the app
▫Pay Pal presents a list based on your current location, or you can search from the menu
• Tell the merchant you’re paying with the app• The app will either
▫Generate a code for the merchant to scan or enter▫Tell you to scan or enter the merchant’s transaction
code▫Tell you to enter your mobile phone number and PIN
at the merchant’s terminal
PayPal Mobile Payment
PayPal Mobile Payment
Pay With Open Code
•Log in to app•Select merchant or payment method•Present code to merchant•Merchant enters payment method or
loyalty card menu, types in 4-digit code
Burger King – an Open Code App
Burger King Loyalty and Payment
A Bit More About CurrentC• Created by Paydient for MCX (Merchant Customer
Exchange) – a consortium of major retail chains• Combines payment, loyalty, and coupon
information in a single QR code• Designed to directly access bank accounts to save
merchants card processing fees• Collects personal information for marketing
purposes• Merchant, customer, or both may need to scan QR
codes (not unlike the Pay Pal app)• May have already been hacked
Mobile Payment Incentives• Dunkin Donuts and Softcard have offered
referral incentives• Burger King, Softcard (and associated My Coke
Rewards accounts) offered purchase incentives• Loyalty programs usually reward in merchandise
or in “points” to be redeemed for merchandise▫ Exception: during much of 2014, American Express and
Softcard offered monetary rewards for using the AmEx Serve prepaid card through the Softcard app
• Most incentives disappeared after the announcement of Apple Pay. Burger King’s BK Crowns expired 4/28/15.
Mobile Wallet Security•Pros:
▫NFC: Short-range radio, secure element for info storage, dual identification required Apple Pay only requires fingerprint or PIN HCE only uses NFC for communication
▫Magnetic stripes cannot be force-read (street device) if cards are not present
▫Multiple-factor authentication available for some apps PayPal can use email/password or mobile-
phone/PIN in conjunction with app-loaded photo
Mobile Wallet Security•Cons:
▫Can the NFC radio and/or the app(s) be hacked? Emails have already been hacked from CurrentC New RFID chip readers and antennas can read
current-generation chip credit cards from a distance
▫What if you lose or break your device (or it is stolen)? Security apps, remote wipe of device Card management through computers/Web
▫PayPal mobile does not allow for a separate PayPal security token
Retrofitting• Some mobile wallets provide credit services
and physical credit cards▫Amazon Card▫PayPal Credit
• Some mobile wallets provide credit/debit-style cards to access your online balance offline▫Google Wallet Card▫PayPal Credit
• NOTE: Mobile wallet-based physical cards have the same security issues as traditional credit and debit cards
Other Considerations•Availability Issues•Resource Management
▫Money distribution▫Device space limitations
•Back End Security•Privacy
Availability Issues• Despite
what the availability map sayswhat the payment terminal saysthe fact you’re using the merchant’s own app
▫ The merchant/location may not have enabled mobile payment
▫ The merchant/location may have disabled mobile payment CVS, Rite-Aid, etc. (MCX contract terms?)
• The cashier may not know how to process mobile payment
• Hardware issues▫ Scanner, radio malfunction
Resource Management• Money distribution
▫ How many different places do you want to store money? (What if you suddenly need it all in one place?)
• Device space limitations▫ How much room on your device do you want to allocate
to wallet apps and loyalty apps? How many of these apps come pre-loaded as “carrier
bloatware”?• What if you don’t have a data plan (or a 3G/4G chip)?• Many wallet apps are unavailable for tablets
▫ How many mobile phones do you want to be paying for?
Back End Security•Your financial information is only as secure
as the systems through which it is sent•Banks, stores, payment processors are still
weak links• Database breaches have become increasingly common
and wide-scale• Debit card and ACH (direct withdrawal) fraud victims
don’t have the protection and legal recourse that credit card fraud victims have
• While stores may no longer have your card information, they do have increasing amounts of other personal information
Privacy• Do you really want Google, PayPal, etc. knowing all your banking
information as well as your personal info?
• Do you want multiple digital wallets having your banking information?
• Store security cameras and transaction timestamps can still trace what you bought (and when) back to you in two or three steps
• High-end (current generation) store security cameras can probably capture your security PIN
• Free in-store Wi-Fi, and Bluetooth beacons, can capture where you are in the store at any moment
• Proposed paths for mobile commerce evolution include drawing all customer information from one’s mobile phone number
NFC Security: Resources
•8 Myths About Mobile NFC (Gemalto Security)
•How Secure is NFC Tech? (How Stuff Works)
•Security Concerns with NFC Technology (NearFieldCommunication.org)
•Nearfield Communication (Wikipedia)•NFC FAQ (Smartcard Alliance)
CurrentC Resources
•Merchant Customer Exchange (MCX) Official Site
•CurrentC site•MCX: Wikipedia entry•BostInno article 10/28/14•Mobiquity article 5/28/14•Tech Crunch on CurrentC 10/25/14
More Resources
•Apple Pay and Privacy•PayPal Acquisition of Paydient 3/20/15•Mobile devices as proxy for identity,
4/16/15•More on the future of
Host Card Emulation (HCE)•Professional level reports on Mobile
Payments from Networld Media Group, home of Mobile Payments Today (pay to download)
Recommended