It’s a weird time for mobile payments. Years ago it was thought that by now some parts of the world would be well on their way to if not fully entrenched in NFC payments: Customers using ‘Near Field Communication’ technology to purchase coffees on the go, telling a tiny chip in their smartphones to deduct the money directly from their bank account.
Now it’s almost 2014 and with every new iPhone release failing to fulfill a juicy NFC rumor, critics have been quick to write its obituary.
Still though, a recent Federal Reserve study claims 22 percent of mobile phone users have used their phone for banking before.
But even with the proliferation of mobile payment apps like PayPal, Square and LevelUp, only a scant 15 percent of smartphone users use their devices to regularly purchase goods and services, a far cry from mobile payment domination.
A group of CEOs and mobile banking directors met last week in one of the most technologically savvy cities, San Francisco, to conduct a panel on all things mobile to see why exactly that is. In a discussion at MEF’s Global Forum on Friday panelists described the challenges they’ve encountered, debated how secure digital money really is and asked each other where they think the industry is going.
Darren Foulds, a mobile banking director at Barclays pointed out early in the panel just how ubiquitous mobile payments have become: He compared them to texting.
Barclays, one of the largest banks in the world, made headlines last year when it introduced a mobile banking app called Pingit that has a similar goal: Let users send money back and forth between mobile phone numbers as easily as users can text back and forth.
Technology adoption has its ebb and flow though and that’s what’s happening in the UK. Mobile phone users in the United States meanwhile have been less receptive to purchasing items and transfering money with their phones.
It shouldn’t come as a surprise but the public’s concern over security is one of the main barriers preventing the full-fledged takeover of mobile transactions.
Like PCs and laptops before them, mobile devices have become ripe for malware and cybercrime. Malicious apps that want your credit card numbers can still lurk in the darker corners of Apple’s app store and Google’s Play marketplace. Mobile malware has exploded exponentially over the last two years, with Kaspersky Lab researchers discovering some of the most advanced Android malware yet over the summer.
Not to mention what happens when we lose or misplace our phones? We already store sensitive information like friends’ e-mail addresses, conversations and photos on these devices. If we kept our banking information on our phones, wouldn’t losing it be the same thing as losing our wallet?
A recent PriceWaterhouseCoopers survey around the resistance to mobile payments found that 85 percent of respondents are afraid of their phones getting stolen, 79 percent are afraid of having their information stolen while transmitting payments wirelessly and 74 percent are afraid of having too much information in the same place.
Aunkur Arya, the Mobile GM at Braintree, a Silicon Valley-based payment platform believes most of these fears are being blown out of proportion.
“I think it’s a much, much smaller problem than the mainstream media believes,” Arya said during the panel, “the whole notion that a piece of plastic with a magnetic strip is more secure than a device… something you know has two-factor authentication… is just irrational.”
Two-factor authentication of course is the added security measure that sites like Facebook, Google and Twitter have adopted in recent years that requires users to enter in a randomized numeric code in addition to their regular password to access websites and e-mail.
Arya noted that as digital money gets more popular there would assuredly be some problems but that users should look at the ongoing switch to digital as a “mindset shift.”
Hannes Van Rensburg, the CEO of VISA Mobile argued that there’s not so much of a security issue with mobile payment adoption as there is an education issue.
“Consumers are worried about what they don’t understand,” Van Rensburg said, adding that if companies can better explain what happens when something goes wrong, for example when a customer’s security is compromised, they’ll be in better shape.
Another panelist, Kevin Grant, the head of mobile payments at Boku, a payment system that relies on a phone number for safe and secure payment, says he’s already seen the new mobile payment dynamic in action.
“You’re seeing us move into traditional roles. Now when new customers come in we’re putting their phone number on file, not their card number,” Grant said.
No doubt Van Rensburg, Grant and others have their eyes – and their wallets – focused on the future. Mobile payments and technology are already becoming so entwined; developers and executives are looking for the next way to capitalize on those connections.
Starbucks for example tried to pierce the ever-changing mobile payments landscape just last month with Tweet-a-Coffee, a service that can send a $5 gift card to customers via Twitter. The amount isn’t connected to a bank account or credit card and is prepayment for goods and services at certain stores. Users can receive and spend the money with virtually no strings attached.
Many of the panelists lauded Uber, the car service that users can summon simply by clicking a button on their smart phones, for beginning to master the next big thing in mobile payments: Content driven commerce.
Uber notes your GPS and upon a user’s request can send a black car to the destination of their choice for pickup. Once the user has been transported the app deducts a predetermined amount from their bank account. It’s not a cheap service and won’t overtake taxicabs anytime soon but the application is intuitive and involves minimal interaction from users.
Uber is breaking new ground by taking many of the troubles out of mobile payments and moving them to the background. Similar to Google Now, a personal assistant app Google pushed to the company’s Android phone line over the past year or so, Uber does a great job learning about its customers, noticing trends and predicting what they want before they have to ask the app.
“Does this merchant have my payment? Do I need to re-enter my info? Is this app going to be secure? Does this merchant ship to me?” Arya ran down a list of possible questions users may need to ask their device.
According to Arya, the narrative for apps in the future is going to be focused on surveying that experience.
All of those questions are all going to be extracted by devices. When it comes to purchasing things with their device, if a user performs let’s say, seven to eight mobile commerce experiences a week, those are all going to be strung together to form a context driven process.
“Where payments are going in general are about merchants recognizing that they’re going to get their money,” Van Rensburg added. “You used to be able to hand someone a VISA and that’s how they’d know but now with Uber, they can authenticate you by your phone and know you’re not someone strange getting into their car.”
The phone, if properly secured, should continue be an excellent vehicle for carrying even the most sensitive information going forward, providing of course, technology and the public mindset can keep up.
Still, both mainstream mobile OS developers, Apple and Google, are in their relative infancy when it comes to embracing mobile payments, something that could continue to handicap the technology.
The same thing, lack of development, is what’s holding mobile payment security back.
Since human beings have used cash for centuries and credit cards for decades, it makes sense that it will be a slow transition.
As it stands now, if a user has their phone stolen and it contains their credit card information, they better have a strong passcode or swipe pattern. Even that may not help though. As some Threatpost readers may know, many hackers have proved adept at cracking smartphone locks over the past few years.
If someone has their phone stolen and that person has gotten complete access to their device there’s only so much they can do to prevent them from accessing apps that use their credit card information. The iPhone allows users to remotely wipe their phone via Apple’s iCloud feature. Elsewhere, Google also allows users of some of their phones to remotely wipe them.
It’s really going to be a two-way street with security though until the mobile payments game picks up steam.
Until users’ fears are addressed, two-factor authentication is more widely-adopted and there are better industry standards in place for treating our devices as a wallet, the technology will face an uphill battle going forward.