Does Your Business Offer Mobile Payments?

mobilepaymentThere are many ways that your business can stand out. Your brand can have a unique name, think Google, Zappos, or Amazon. You can create a new way to provide your product and inject innovation into a stagnant industry, think Starbucks for the coffee industry or Saturn for the automobile industry (although it was short-lived, it was still a trailblazer). Or, you can stay ahead of the curve when it comes to technology. One example is with mobile payments. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services.

With the abundance of smartphones, it seems as a natural progression for people to use smartphones to make payments. However, only a small percentage of smartphone users (early adapters) are doing this now. But once there is a clear technology winner among the competing companies (Apple Pay, Android Pay, and Samsung Pay) and better quality security measures are put into place, more people will use the technology. Today we stand at a crossroads similar to the VHS vs. Betamax battle from several decades ago.

Not all companies use all of these technologies to allow customers to make payments yet. So where you may purchase a latte at Starbucks with Apple Pay, you may not be able to do the same at Best Buy. If the theory behind these devices is to be able to help you track your spending on the fly, it will be hard to do that if you cannot use your device everywhere you shop.

Starbucks allows customers to pay with their smartphones at check-out with the use of an optical scanner. The scanner reads a user’s smartphone screen and deducts money from a Starbucks card or the Starbucks app.

Some companies, such as, Dunkin’ Donuts, have joined the mobile payment party through the use of their own app. This particular app stores money on a Dunkin’ Donuts card that is connected to a customer’s smartphone. Users authorize their payment via the phone and scan the smartphone screen over an optical laser reader at checkout. These apps keep your data outside of your “wallet” and put them generically into the cloud instead of storing them on your device – which brings up another set of security issues.

These advances have yet to reach critical mass. Questions that still need to be answered are: What if one’s smartphone is compromised due to a malware attack? The device is still in the person’s possession but one or all of his or her credit cards are compromised and his or her bank accounts have been compromised as well. How do we handle what should now be considered an issue of non-repudiation since the device was in the user’s possession at all times? That person could have very easily conducted the fraud on themselves. Now, these cool capabilities don’t sound so impressive. In fact, instead, there are some serious consequences.

According to a recent survey by Experian, sponsored by the Ponemon Institute, technology and risk management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S. (EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard for smart payment credit cards; now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.)

Experian and Ponemon surveyed nearly 25,000 technology and information security, risk management, product development, and other professionals involved in the payments systems within their organizations. The survey results were part of a report called “Data Security in the Evolving Payments Ecosystem,” and final results were based on 748 completed questionnaires.

Survey respondents reported that the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices and apps (57 percent), and mobile payments on NFC (54 percent). (NFC stands for near field communication and is the set of protocols that enable electronic devices to establish radio communication with each other by touching the devices together or bringing them into proximity.)

According to Michael Bruemmer, Vice President of Experian Data Breach Resolution, “There are opposing spheres in this argument [of innovation and security]. There are the people that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, ‘Wait, new tech is great, but it’s only as great as the security you build in.’”

In the midsize market, it will be important to analyze the pros and cons of instituting a mobile payment option. Therefore, ask these questions first:
* Who are your customers?
* What are the best methods to reach your customers?
* Based on the demographics of your existing and potential customer base, are they tech-savvy enough to be comfortable using mobile payments?
* What security protocols will be implemented to protect customer data?
* What will the action plan be if a data breach happens?

In the words of American businessman Nicholas Negroponte, “Computing is not about computers anymore. It’s about living.” So, to modify a line from the famous Capital One Credit Card ads, “What’s in your smartphone wallet?”


To read more on this subject, check out “Mobile Payments: Innovative, But with Security Concerns”

Image Credit: Mapichai via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats

About Allan Pratt

Technology and cybersecurity professional with focus on tech news, cybersecurity, networking, infrastructure, data protection, consumer electronics, and social media.
This entry was posted in Cloud Computing, Cybersecurity, Internet of Things, Mobile Computing, Online Security, Tech Equipment and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s