Think Twice Before Signing up with Apple Pay

By   ISBuzz Team
Writer , Information Security Buzz | Oct 07, 2015 08:00 pm PST

Apple Pay created plenty of buzz when it launched last year. Since then Google and Samsung have followed suit with their own payment app alternatives. But choosing to become part of these brands’ payment ecosystems can be more costly than many financial institutions realize. There are important factors to consider before these banks and businesses should effectively give over control of their customer.

Financial institutions that sign on with Apple Pay give up a portion of interchange, as well as important control of customer data, branding and other opportunities to streamline and offer value-added banking services.

Apple Pay with its first-to-launch advantage had many financial institutions scrambling to commit in fear that they would lag behind the market in mobile payment capabilities, even though relatively few merchants could process mobile transactions at the time Apple Pay was introduced. Today the viability of mobile payments is growing as more merchants have upgraded their point-of-sale (POS) terminals in order to accept chip-based cards.

Financial institutions that didn’t join the initial wave of those offering Apple Pay are still seeking to add mobile payment options. Rather than jumping on the latest bandwagon, many are looking to offer mobile payment through their own mobile banking app.

Despite the news hype, Apple Pay isn’t as popular as some of the media reports would lead you to believe

A recent Business Insider report indicates that 13.1 percent of Apple iOS users surveyed have used Apple Pay during the second quarter of 2015. Given the exploding mobile payments market, there is plenty of room for other services.

But more important than Apple Pay’s still emerging popularity is the lost opportunity for financial institutions that comes from teaming up with a third party provider – one that puts its brand and services between a financial institution and their customers. During the Apply Pay sign up process, Apple records customer data including address, phone number and other personal information. With this information and payment data provided when using the app, Apple can track a financial institution’s customer’s spending habits, collect shipping information and obtain a plethora of other data that can be used for cross-marketing other products and services—including products and services from a financial institution’s competitors.

Compounding this problem is the fact that with every mobile payment, the Apple brand will be top of mind for app users. In a sense, the financial institutions’ own brand becomes invisible—making it that much easier for their customers to switch to another financial institution offering Apple Pay.

With updates to payment standards, like Host Card Emulation (HCE), and new highly secure payment application solutions, building an independent banking app that offers mobile payment capabilities has never been easier. With a stand-alone payment app they can control customer data and the benefits associated with it—including offering products and services based on spending habits.

“The one who enrolls is the one who controls,” says Richard Crone, president of financial institution and payments consultancy Crone Consulting.

Creating a free standing payment app also allows financial institutions to innovate and customize the customer experience. Barclaycard recently announced that it will sidestep Apple Pay and Android Pay with its own mobile payments app. Mike Saunders, managing director of digital consumer payments at Barclaycard, said in a statement.

“These new features transform Android phones into a mobile hub for our customers, allowing them to manage their account on the go, make contactless payments up to 100 [British] pounds and have a lost or stolen card instantly reissued — letting them continue to make contactless payments straight away.”

Overcoming Payment App Obstacles

Security concerns used to be the biggest barrier for financial institutions that wanted to build their own payment apps, but these problems have been addressed by the industry. Today Host Card Emulation (HCE) provides comparable security to the embedded secure elements that underlie the security of Apple Pay as well as Samsung Pay. HCE is the chosen standard for Android Pay.

Since there is no hardware involved, HCE allows for easier deployment of applications, giving developers and originators more control over their business. HCE goes hand-in-hand with tokenization, an up and coming trend that aims to further strengthen mobile payments. Finally, HCE provides even stronger security through secure design and implementation—protecting sensitive cardholder data from capture by concealing it in a protected crypto format to secure transactions.

The customers of financial service firms will likely want a mobile payment solution, but by providing their own banking app rather than using Apple Pay or others, they can retain the relationship with their own customers, provide superior security and offer value-added services and conveniences that will help to preserve rather than diminish customer loyalty.[su_box title=”About Andrew McLennan” style=”noise” box_color=”#336588″]mcLennan_andrewAndrew McLennan currently serves as President of INSIDE Secure, USA. Andrew is an experienced entrepreneur and start up CEO having co-founded Metaforic, helping the company gain industry acclaim for its mobile security infrastructure and white box cryptography. INSIDE Secure is the brand financial institutions worldwide have come to trust to solve their biggest banking card and mobile security challenges. They have the broadest security offering for payment technologies from smartcard to virtual payment card for mobile devices, leveraging over 20 years of experience to meet the evolving security and certification needs of the traditional and emerging payment markets.[/su_box]

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x