Into the Breach with Secure Mobile Payments
Last Friday, President Obama signed an executive order announcing the “BuySecure Initiative” to jump-start the adoption of enhanced security measures for financial transactions and sensitive data. The goal is for financial institutions to implement tools like “chip-and-pin,” which would secure credit, debit, and other payment cards with microchips in lieu of basic magnetic strips, and PINs (like those standard on consumer ATM cards). While the PIN feature speaks for itself, the microchips soon to be embedded in payment cards allow for dynamic authentication of the card’s validity and account information through strong encryption.
The new executive order was announced during the ongoing National Cyber Security Awareness Month, and comes on the heels of a massive data breach at JP Morgan. The cyber threat landscape is not pleasant, particularly in the financial sector, but we at DisCo are an optimistic bunch. We’d like to focus on the silver lining—the proliferation of methods of mobile and online payment, in addition to the long-awaited shift to chip-and-pin, partly spurred by consumer desire for enhanced security in the face of data breaches associated with traditional means of payment.
The latest and greatest tool is Apple Pay (which rolled out to owners of the newest iPhones Monday), but it follows a number of technologically advanced payment methods looking to displace or improve upon the cash and credit formula, like Google Wallet, which was introduced in 2011.
- Google Wallet and Apple Pay both serve as mobile repositories for all your payment cards, which can be used via NFC-capable terminals or with apps or services that support the wallets.
- Bitcoin is a payment system that allows for peer-to-peer transactions using a virtual currency produced via “mining” (cryptographic operations used to maintain the public ledger of bitcoin transactions).
- Venmo behaves as an escrow account for sending and receiving money between friends.
- PayPal (which now owns Venmo as an independently operated subsidiary) is the original—and still most popular—method for storing payment information and completing transactions. It acts as a trusted intermediary between the purchaser and e-commerce sites.
Each of the above services has been designed, at least in part, to appeal to consumers by providing enhanced security over traditional means of completing physical transactions. While measures like chip-and-pin are a clear improvement over swiping a magnetic stripe and signing a receipt, the requirement of a physical card for providing and authenticating payment presents fundamental weaknesses for preventing fraud.
Mobile wallet and online escrow services, on the other hand, provide for the same security improvements while also being more convenient and less physically vulnerable. The FTC acknowledged the security benefits of technologically advanced mobile payment systems in a report last year, highlighting features including end-to-end encryption and dynamic authentication. By storing and transmitting account data remotely or simply providing a token generated from encrypted payment information, the new payment methods also remove the risk of data breaches at the point of sale or time of purchase. Bitcoin and Venmo in particular allow for payments to be sent and received by users within a single shared ecosystem, after which they can be converted into traditional account balances. Finally, mobile wallet services also come with the significant added benefit of being more convenient—consumers (at least this one) would rather have a single service that is able to manage all their payment accounts and track transactions than wield a separate card for each.
Being responsive to consumer demand for better security features, combined with increased convenience is a potential recipe for effective market disruption. In many disruptive products, a new player seizes on an inefficiency in a market to provide a service in a way that is better tailored and more convenient to consumers. In others, the disruptor iterates on existing services to respond to consumer demand faster than incumbent providers. The rising ecosystem of online and mobile payment processing tools manages to do both by addressing calls for improved mobile security in a way that could be simultaneously familiar to and simpler than traditional means of payment. Execution on each one of those fronts is key to the long-term success for these new tools, but they are already attracting the attention of legacy payment processors. It seems the old saying is true: if you can’t beat ‘em, join ‘em.