Payment systems can be a dry topic until your credit card stops working or until hackers dip into your credit. Then our interest is piqued in how to avoid today’s clunky credit cards. Mobile payments will deliver more convenience and much more safety for consumers.
Unlike the security exposure of credit card signatures and numbers in clear text, mobile payments use tokens and data engineering that resists theft or hacking. The best known examples of mobile payments are from Google and Apple. Google Wallet came on the scene three years ago via Android phones, yet it attracted just a small following. Both Apple and Google use near field communications (NFC) to make “touchless” information transfers at retail checkouts, instead of using a card-swipe on a germy touchpad.
In October 2014, Apple introduced the iPhone6 and Apple Pay. When consumers sign up for Apple Pay their credit card or their iTunes card information is encrypted and sent to their credit card’s network. After validation, a 16 digit token and other unique values are returned and imbedded into the iPhone. The credit card number is not stored and not used again by the iPhone and there is no algorithm to convert a token back into a credit card number. The token itself becomes part of the phone on which it’s stored and cannot be used successfully from another device.
Purchase transactions are easy. You put the iPhone near the checkout’s touchless reader, pick the credit card you want (card types show on the screen, but not account numbers) and then press OK. Your work is done.
The iPhone sends the customer’s Apple Pay token, the transaction totals, and a unique cryptogram through the credit card network for validation. The credit card company can use the token to look up which credit card should be charged. Merchants are never aware of the credit card number.
US merchants are scrambling to convert their payment systems to token-based identification by October 2015. After that, merchants using credit card numbers will bear much more of the liability costs for credit card fraud. Most will adopt token-generating chip and pin cards, the same technology as European merchants successfully used to cut credit card fraud. This token project is massive because only 2% of consumers have token cards that will replace the swipe and pin cards we are used to.
Apple Pay uses a highly secure token technology that protects the underlying bank account and information about the consumer’s purchase. Even though Apple will charge banks for their customers use of Apple Pay, many banks and credit card networks are lining up to cooperate with Apple. However, Apple is not the only mobile payment option.
For merchants, mobile payment systems are a strategic decision because each requires an expensive NFC reader to communicate with the mobile phone, and merchants are unwilling to invest the money and scarce foot-print for each of the payment-systems that are being offered at each cash register.
The Merchant Customer Exchange (MCX) is a collaborative of retailers (Walmart, Lowes, Gap, Dunkin Brands, Wawa, CVS, Rite Aid, and others), who think they can quickly build their own mobile payments system at lower cost. They also voice fears that with other mobile payment systems, competitors would get access to rival merchant’s transaction data. (Apple notes that it does not store transaction details so that fear is baseless).
MCX plans for a barcode approach. That avoids specialized, costly readers at the point of sale since most cash register scanners use barcode already. MCX did not detail how it will arrange for consumer’s mobile phones to display the right barcode token and pin for each transaction at their existing scanners, but they have enough resources to orchestrate that.
Apple’s approach sounds smoother. Both Apple and MCX have impressive backers, but neither is finished yet. Whether a consumer signs up for Apple Pay or for the MCX approach, thanks to reliance on tokens, credit cards will be less susceptible to fraud than they are today.
Alan Daley is a retired businessman who writes for The American Consumer Institute Center for Citizen Research