Today, more and more kids in high school and college do not know how to write a check. Credit cards and direct deposits have replaced what was once a mainstay in making payments.
Just as checks have become less common, cash is on its way out, too. A survey from IEEE estimates that by 2030, Americans will have completely switched from paying with cash to paying with a mobile device. The future is mobile payment, and future generations will view cash the way young people today view checks.
This may be hard to believe. Today, less than 20% of North American consumers regularly make mobile payments, with millennials and high-income earners more likely than others. Yet it’s predicted that mobile payments will triple in the U.S. this year alone, for an estimated $27.05 billion in mobile payment transactions.
There are other signs that mobile payments are set to explode. Android Pay and Apple Pay lead the way with mobile payment, and financial institutions like American Express and Chase Bank are interested in getting involved in mobile payment.
In this, the developed world lags behind the developing world, where mobile payments are much more common. Mastercard was part of a partnership in Brazil to create a mobile payment application. There are more active mobile money accounts in Kenya than there are people, where nearly 60% of the adult population regularly makes payments with their cell phones.
Security concerns are one main reason mobile payment adoption has been lower in the U.S. compared to developing countries. If the wave of enthusiasm in developing countries for mobile payment is going to hit the U.S., these security concerns will need to be addressed.
Table of Contents
American consumers are concerned about security
Millennials are the most likely to use mobile payment systems in part because they are less likely to have security concerns about using e-money. But for e-money to become more widespread, consumers of all ages will have to feel comfortable and secure.
As Accenture found in their survey of attitudes towards mobile payments, “… mobile payments users are interested in assurances that fraud would be covered, being contacted when there is suspicious activity on an account, and receive immediate notification when a payment has been initiated and executed among other services.”
It’s not only consumers who question mobile payments’ security – but many cybersecurity experts are also concerned. In a 2015 survey of more than 900 cybersecurity professionals, nearly half of these experts said mobile payments are not secure and carry significant risks. Nearly 90% of them expected the number of mobile payments data breaches to increase in the next year.
So, what is being done to address if both consumers and cybersecurity experts are concerned about mobile payment security?
The technology of mobile payments
Despite these security concerns, global payment and transaction startups are chomping at the bit to launch mobile payment apps. In the first three quarters of 2014 alone, 75 funding deals raised more than $1 billion for mobile payment apps.
Clearly, they believe they can overcome security issues with mobile payments. There are many technologies to help them.
Near Field Communication
Most mobile payment initiatives are creating applications based on near-field communication (NFC). If you have used Apple Pay or Google Wallet, you’ve used NFC technology, which enables two electronic devices to communicate with one another when two inches from each other. This allows you to bring your phone close to a terminal at a cash register to complete payment.
NFC allows mobile devices to do a wide range of other activities, from unlocking a car door to sharing photos with others. Of course, the security concerns with these activities are not the same as with making mobile payments. Mobile payments require a bit more, which is where NFC is lacking.
NFC alone does not offer the mobile security payments required. An additional layer of security is required to sit on top of the NFC and shield it from NFC’s vulnerabilities.
This is where tokenization comes in. Tokenization replaces the credentials on a payment card with virtual credentials. For example, it will replace the digits of a credit card or the credit card’s expiration date with virtual credentials. This means if there is a data breach, a hacker will not have the actual number of the credit card but only the virtual credentials.
Companies such as SimplyTapp, Sequent, and Visa are all investing in tokenization because of their flexible security and other advantages. Yet tokenization creates its own security problems. Cybercriminals could clone the phone and request credit card information or use malware on the phone to send the virtual card to them.
Tokenization is particularly attractive for smaller organizations, but end-to-end encryption, also called data field encryption, may be a better option for larger organizations. As an example, messaging service WhatsApp implemented strong end-to-end encryption just this year for its more than a billion active users.
Encrypting data at its origin can safely travel to its recipient, at which point it is decrypted. End-to-end encryption allows data to be secured from each endpoint, and it often integrates better with existing technology than tokenization.
Strong authentication mechanisms
Mobile payment systems need strong authentication mechanisms to add another level of security. This means tying the identity of the user to the authorization of the transaction, which is already firmly part of the security protocols of any financial institution. It’s why you’re asked many questions to confirm your identity when you call your bank. Financial institutions are well aware of how important it is to verify identity, and mobile payment systems will need to also build this into their functionality.
Fortunately, smartphones themselves can help ensure the security of mobile transactions.
As explained in Wired, “Features such as proximity to Wi-Fi locations, 3G location, GPS data and the number and type of applications on the device build a unique profile for each phone. Although not a silver bullet, they can comprise a valuable resource in determining the likelihood of a fraudulent transaction. This also brings the potential to streamline the consumer experience in-store by lowering authentication barriers if the consumer is the approved user and erecting barriers if the purchasing event is suspect.”
With this wide range of technologies, mobile payment systems will be able to become more secure and make more consumers feel comfortable using them. You heard it here first – mobile payments are the future. It won’t be long before we are able to simply and securely process most of our transactions with our phones.