Rachel McCormack writes:
Mobile point of sale transactions (mPOS) are growing in popularity as mobile use takes over from desktop computers. The description of ‘mobile’ point of sale transactions denotes the ability of a payment to be taken via smartphone or tablet rather than a traditional card reader. There are many different ways to do this; mobile chip & PIN, mobile swipe & sign and NFC payments. All of these methods vary in popularity and security conceptions and many are difficult to understand. In this article we will explore each and give you the chance to understand the technology and issues surrounding the various methods.
This field of mobile payments is rapidly growing, with several players - including payleven - already dominating the space. These companies work by providing an app that is generally free to download and a chip&PIN device which costs anything from 59.99 to 99.99. To purchase these devices you have to pass a high security level; however once you are verified you can pretty much take payments straight away as soon as you receive your card reader.
The devices work by connecting to a smartphone or tablet via Bluetooth technology. Once a connection is established the transaction amount needs to be entered into the app, then the customer card is inserted and the PIN is entered to finish the transaction. Aside from working on simple Bluetooth technology, these devices also depend on an internet connection to link to the necessary bank account.
As this method requires various authentications from both merchant and customer, it is largely viewed as one of the most secure ways to conduct mobile payments. There is some trepidation about the safety of sending such important information over an internet connection and it is unadvisable to conduct such payments over an unsecure line. However, this rule applies for many kinds of private information and the device is very difficult to hack. As with any traditional card machine, there is no need to worry about leaving data traces on the merchant’s phone - only the necessary transaction information is left within the app.
Mobile Swipe & Sign
Many merchants that offer Chip&PIN also offer a swipe and sign option, as the device price is a little cheaper (smaller and much less complicated hardware) however the obvious downside to this method is that swipe and sign is not a popular method of payment in many countries including the UK. However, companies such as Sum Up offer it anyway. Using this method the user purchases a small swipe card reader that plugs into the audio jack of the phone; before he does this he must also pass security verification checks. As the card reader connects via the audio jack there is no reason to be connected to another device, however an internet connection is needed. The customer is required to use the phone screen to sign his name for verification.
The main security risk with this payment type is the same as with traditional swipe and sign: it is difficult to verify, even more so when signed with a finger on a mobile phone screen. However, chargebacks are available if fraud does occur. In terms of data security, as there is no ‘between device’ internet connection required, it could be argued to be more secure for data protection if the only other option is an open WiFi connection.
Mobile Wallet/ NFC
This is perhaps the most controversial type of payment, but nevertheless the one that is gathering the most traction. Big companies such as Google and PayPal are opening themselves to these wallet-type payment models, however for the moment these two companies are just trialling in the USA. Mobile wallet payments are dependent on NFC (near field communication) technology. Similar to Bluetooth, it establishes a connection between two devices, however the difference is that this connection is made at very small distances (4cm) and uses electromagnetic radio fields to communicate. So, a user needs to download an application such as Google Wallet, input his bank details and top up by credit card. This topped up amount acts as ‘cash’ in the wallet (once you run out of the topped up amount, you must add more to spend more via NFC) and can be used to pay for a number of things by simply bumping a phone against an NFC primed device.
The main security issue with this type of payment is that fact that the only verification of payment necessary is proximity. Bumping a phone and a device together is commonly used as this is an action that is unlikely to happen by accident; however this does not account for fraud. If a phone is stolen with a Google wallet amount of $100, the thief is free to use that money easily until the phone is reported stolen or Google wallet is shut down. However, it does have the advantage of coming with a money limitation; funds do not get transferred straight out of a bank account, meaning that theft can be a small issue. Similarly, in terms of data security, this method does not require transmission of sensitive data over an internet connection; again a benefit for those worried about data.
|Rachel McCormack works in online marketing for mobile payment provider payleven.