Over the past several months, there has been a lot of media coverage about mobile payment platforms, Apple Pay being the most notable. However, there is still some reluctance from consumers to pay via smartphones, according to a global research company GfK, which conducted online surveys with consumers in 17 countries. One of the main concerns is security, which has resulted in only 21 percent of Canadians reporting that they made a mobile payment in the last six months. Compare this with 33 percent in the US, 83 percent in China, and 62 percent in South Korea.
It seems that every other week, there is an announcement being made about yet another new mobile payment option. What are the leading platforms, and how secure are they?
Without a doubt, Apple Pay has been this year’s poster child for mobile payments. Since rumours began circulating before its official unveiling by Apple, Apple Pay has created tremendous buzz about how it would change how we pay. It uses near-field communication (NFC) technology to connect your iPhone with a point-of-sale (POS) terminal to pay using a credit card that is linked to your phone.
While the basic concept of Apple Pay is hardly revolutionary, one of the key features that has been heavily touted is the built-in security using the iPhone’s Touch ID. By ensuring that you use your own fingerprint to verify your identity when paying, Apple Pay has added a new layer of security that goes beyond the chip-and-PIN system already commonly used in Canada and in Europe.
In addition to using biometrics, Apple Pay also uses tokenization. Tokenization makes it much harder for thieves to steal credit card information because unique codes are used instead of actual card numbers. These codes are difficult to trace back to the actual accounts.
For a payment platform that just launched a little over a month ago, Apple Pay is a strong contender in the mobile payments space. It is currently accepted at many major US businesses that accept Visa, MasterCard, or American Express. Although, Apple Pay is only available in the US, we predict it won’t be too long before it becomes available in other markets.
Google Wallet has been around since 2011, considerably longer than Apple Pay, but it has not received nearly as much attention. It uses NFC technology, like Apple Pay, to connect the smartphone with the POS terminal in order to pay with cards linked to the Google Wallet account.
In terms of security, although Google Wallet does not use biometrics or tokenization, it is secured through the use of a PIN, and secure financial credential information is stored in a secure area of the NFC chip’s protected memory.
Google Wallet is widely accepted at US stores, as long as they accept Debit MasterCard. For the time being, Google Wallet is only available in the US, similar to Apple Pay.
The inspiration behind Square happened in 2008, when one of its co-founders was unable to complete a $1,000 sales transaction because he couldn’t accept credit cards. The Square Reader, the company’s first product, turns a smartphone or tablet into a retail POS terminal for credit cards, rather than having customers use their phones to pay. Square also now offers the Square Stand that can transform an iPad into a full cash register with an optional receipt printer, cash drawer, and bar code scanner.
Square’s mobile payment solutions meet industry security standards and do not store any card information once a payment has been processed. They are now taking pre-orders for new Square Readers that will accept chip cards in order to comply with the new chip-and-PIN requirements coming into effect next year. It’s not clear whether or not Square has plans to introduce the new readers in the Canadian market, where chip-and-PIN has been standard for several years.
Square began offering its products in the US in 2010, expanded to Canada in 2012 and to Japan in 2013.
PayPal is well known as one of the first companies ever to provide online payment services. Founded in 1998, it was and continues to be closely tied to eBay, the Internet auction website, which acquired it 2002.
PayPal has entered the mobile payment arena with its own offering through its mobile phone app. In addition to being able to access your account, the PayPal app also provides a Wallet feature that is linked to your PayPal balance and credit or debit cards of your choice. This digital wallet can be used to pay for goods and services at merchants that accept PayPal as a form of payment. However, relatively few businesses currently accept PayPal compared to the other options previously mentioned here. Also, the payment process is not as straightforward or as convenient – customers must log into the PayPal app, find the store listing, and check in before making a purchase.
There are several security measures in place to protect against identity theft. App users must log into their PayPal account in order to access their information and make any payments, and the app can be locked with a PIN to prevent unauthorized access. Also, when paying with PayPal in a store, the merchant is required to verify your identity by checking your name and photo in your PayPal profile.
Although PayPal is widely accepted online, the same cannot be said when it comes to shopping in bricks-and-mortar stores. Compared to using smartphones with NFC chips running Apple Pay and Google Wallet or card readers like Square, PayPal is a much less attractive option for mobile payment.
According to new data from PunchTab, 40 percent of mobile users who have used one or more mobile payment apps to make a purchase, say that the Starbucks App is their most-used mobile payment option. This should come to as no surprise since Starbucks is considered by many to be an innovator and pioneer in mobile payments. It first launched its mobile payment smartphone apps in 2009, years before Apple or Google.
Security is provided in the form of an optional passcode to use the app, username and password login to connect to a Starbucks account. Given that this app can only be used at Starbucks, the relatively light security probably isn’t a concern.
Although it does not use NFC technology or offer sophisticated security features, it has been extremely successful and widely used, claiming as many as 4 million mobile payment transactions per week. In October 2013, Starbucks announced that 11 percent of its sales originated from its mobile apps. One of the major draws to using the mobile app for payment is undoubtedly its loyalty program that rewards users for paying with their phones.
Starbucks’s app differs from Apple Pay and Google Wallet by being linked to gift cards for payment rather than directly to credit cards. Linked gift cards can be reloaded using the app through a connected Starbucks account.
As a Canadian company, we would be remiss if we didn’t also include Tim Hortons in this article. Tim’s is a newcomer to this space, having launched their mobile app only in late 2013 and making it available at all of its Canadian and US locations in May 2014. Their first foray into mobile payments was not without challenges, however, as a security loophole was publicly revealed during the initial pilot. It has since been addressed.
Unlike Starbucks, Tim Hortons does not currently offer any kind of loyalty rewards program, and its app still has many bugs to be worked out. Like Starbucks, Tim’s also offers an optional app passcode and requires users to login to a company account to track gift card balances.
Plastc is a Silicon Valley startup that was founded in 2012 that has developed a new method of payment that incorporates the concept of a traditional card with a fully-featured smartphone app. The Plastc Card uses existing card technology, including magnetic stripes, chip-and-PIN, and barcodes, and adds a touchscreen that doubles as a display for card information and a keypad for entering a PIN. The card can store up to 20 cards at a time such as credit, gift, and loyalty cards that can be called up at the touch of a button.
To protect the card from unauthorized use, the Plastc Card must be unlocked with a PIN before it can be used by the person holding the card. Also, the card owner will receive a text message on their smartphone if they leave the card behind. In a worst case scenario, the card owner can even remotely wipe card information from the Plastc Card. The card will then display information informing the finder that it has been reported lost and how to return it.
Coin is a San Francisco-based startup that has created a product that is very similar to the Plastc Card, except that it does not support chip-and-PIN at this time. It can store up to 8 cards at a time, both credit and loyalty cards. Coin does not have a screen that can display barcodes like the Plastc Card, so it currently only supports cards that exclusively use a magnetic stripe.
For security, Coin has similar features to the Plastc Card. It offers a tap code to prevent fraudulent use, wiping itself out after three failed attempts. It also provides a smartphone app that will notify the card owner when the card has been left behind.
Even though mobile payment has yet to see widespread adoption in North America, it is likely only a matter of time before it is commonly used here. As paying by smartphone has entered the mainstream in Asia Pacific – where new technology trends often start and eventually move westward – we can expect to see mobile payment gain in popularity with local merchants as security concerns are addressed.
Do you currently use mobile payment apps to make purchases? Why or why not?