The holiday shopping season is in full swing; we’ve survived Black Friday and Cyber Monday and are rapidly approaching the after-Christmas sales.
This year a key part of that shopping experience has involved mobile payments — the use of a mobile device such as a tablet or smartphone to pay for goods and services. What once was just a concept in the minds of technologists is fast becoming reality and, in the process, providing consumers and vendors alike with greater ease of payment and more efficient tracking.
As a result, the number of merchants accepting mobile payments continues to climb at a dramatic rate, as does the number of consumers trying mobile payments for the first time. The last thing either of these camps wants to worry about as they explore this brave new world of shopping is security. Luckily, a number of emerging technologies may now hold the key to making mobile payments much more secure.
One such technology, Near Field Communication, enables the transfer of data between devices like smartphones, chip cards (a card with an embedded, unique microchip that encrypts or “scrambles” user data, making it virtually impossible to copy) and other similar devices, by simply touching them together or bringing them close to one another (usually just a few centimeters). Unlike Bluetooth, NFC requires no pairing, which makes device authentication easier. Also, since NFC is very low power, a battery is not required in the device being read (e.g., the chip card).
With just a tap of your NFC-enabled smartphone or chip card against an NFC-enabled point-of-sale terminal, a merchant could easily take your payment and even identify things like your specific shopping preferences or apply a customer loyalty program reward. Companies such as Samsung and Visa are certainly working to promote this concept by making mobile payments through smartphones commonplace, but would it surprise anyone to know the technology is already in use today?
For a prime example, look no further than the closest McDonald’s; the chain has already installed contactless payments infrastructure in most of its POS systems worldwide, and now offers mobile contactless payments to NFC-enabled handsets.
Consumers not yet aware
In truth, many consumers currently have NFC technology embedded in their phones and credit cards and don’t even know it. That’s because the technology has advanced well ahead of its consumer awareness and usage models. Consumers are waking up to the technology and its benefits, however. With smaller, more energy-efficient NFC chips in development, and with the full gamut of handset manufacturers, POS terminal manufacturers and payments technology providers making the technology available to their customers, it’s only a matter of time before consumers everywhere will be equipped with NFC-enabled devices capable of interacting with other NFC infrastructure devices for the purposes of mobile payment.
One area where NFC will play a key role is as an enabler of contactless chip cards. Chip card technology comes in two variations. Contacted chip cards, also known as chip-and-pin cards, are slid into a slot in a POS terminal and require a personal ID number or secret numeric password for authentication. In contrast, contactless chip cards rely on NFC technology to securely exchange information. Both chip card variations promise to provide consumers with a mobile payment experience that is simple, quick and highly secure.
One reason chip cards offer better security is their use of dynamic authentication. Essentially, dynamic values are introduced into each transaction, reducing a criminal’s ability to use stolen payment card data. Even if criminals manage to get their hands on this data to create a counterfeit cards, they would be unusable without the original cards’ unique elements. By comparison, modern magnetic strip cards are relatively easy for thieves to duplicate or replicate.
EMV is coming
Like NFC technology, chip cards are already in use today around the world. Just this year, Visa began supporting contactless chip card payments. Most consumers remain oblivious to this fact. Also, many of the POS systems, through which those contactless payments would be made, now feature a dual interface, meaning they can accept both contacted and contactless chip card devices. But the terminals are often shipped with this feature turned off because up to now, security has not been a motivating factor for merchants.
What merchants do care about is complying with industry standards, and the deadline they face for that compliance in the United States is October 2015. That’s the date by which the payment industry must comply with new EMV (an acronym derived from Europay, MasterCard, Visa) standards or be forced to assume liability for fraudulent purchases.
EMV is a global standard governing security and interoperability of chip-based payment cards, and it will be a formidable tool in helping to combat the high rate of card cloning fraud with current magnetic stripe technology. For those merchants who adopt it earlier than October 2015, by deploying dual-interface POS terminals, the benefit will be not only safer customer transactions but also the possible elimination of their requirement to re-certify PCI validation with the payment card industry every year.
Any merchant accepting credit cards today is required to be in compliance with PCI standards, which ensure all payment terminals and companion devices contain the encryption technologies needed to provide the highest level of security for cardholder data. That puts added demands on POS terminal and companion device manufacturers, as well as suppliers of “the brains” into those systems, to continue developing the advanced technologies necessary to help ensure these systems achieve PCI compliance.
Mobile payments are now a reality and gaining traction with each passing day. Thanks to advanced technologies like NFC, chip card devices and compliance to evolving standards like EMV and PCI, today’s consumers can be more assured of the security and reliability of their mobile payments.