The world has been talking about “mobile payments” for years, but the phrase means different things to different people. So what exactly are mobile payments? And how much more mobile than cash or cards can payments actually get?
Some people believe that mobile payments are those made using mobile phones. Others, myself included, understand the phrase to mean the most mobile, cash-independent payment method possible—although I consider cash to be more mobile than many other forms of payment. But let’s leave those alone for the moment. The second most mobile payment type is the credit card: electricity doesn’t always work, and as Barclaycard demonstrated so effectively in its ad[1], you can even use your card on a waterslide.
Now let’s take a look at the much-lauded smartphone. Of course, people have their smartphones with them most of the time, but, as the majority of business travellers at airports have demonstrated, they will seize any opportunity to extract just one more drop of power from any source—even the most inaccessible ones—to ensure that their smartphone batteries will survive the day. I’m not convinced that relying on your smartphone (and thus, its battery) for your payment options is a good idea. Ultimately, you’d still have to carry a credit card—or at least a battery charger—to ensure that you weren‘t left high and dry if the worst happened. This begs the question, though: if you’re going to be carrying a credit card anyway, why do you need a smartphone to make payments?
Many people, on the other hand, would say: “Ah, but with a smartphone I can make contactless payments”. While this statement is perfectly true, it applies equally to credit cards. When it comes down to it, smartphones are nothing more than a medium for storing credit card data. Any credit card can also be equipped with a contactless function; and unlike a smartphone, it won’t break if it‘s dropped into water or onto a concrete floor. There are also NFC credit card stickers which you can, for example, stick onto your mobile phone. Paradoxically, doing this allows you to add mobile payment functions to even the oldest Nokia.
In any critical review, it is important to remember that smartphone operating systems incorporate a wide range of functions. By their very nature, therefore, smartphones will always contain security vulnerabilities which can, in extreme cases, even jeopardise the security of your payment data. It’s not just payment data that is at stake here (although a fraudster could use it to go shopping), but all the data pertaining to user purchasing patterns. You’re probably thinking: “What’s wrong with someone seeing what I’m buying?” Now, though, imagine that you were on holiday in the USA and that someone could use your phone to see that you were currently making all your purchases there. Wouldn’t that be the best time for them to burgle your flat?
I don’t understand why developers feel compelled to include payment functions in smartphones. Why don’t we just use credit cards? They’re the most widespread, most mobile of all mobile options and—most importantly—they’re the least breakable. Ultimately, it doesn’t matter whether the NFC chip is embedded into a rectangular plastic card, a cufflink, an earring or a sticker; I’ve simply yet to be convinced of the consumer benefits of using a smartphone. The facts are:
– Mobile payment systems’ success is determined by the availability of NFC-capable terminals and the acceptance of credit cards by retailers.
– Local card systems, like, for example, Carte Bleu or Girocard, are becoming less popular among retailers due to the European interchange regulation. Retailers are losing the cost benefits they have hitherto enjoyed, and are being forced to accept more complex payment processes.
– NFC is now effectively the standard. As of 2016, all POS terminals must be NFC-capable.
Why, then, haven’t NFC payments taken off in countries outside the UK, for example, Germany? There is, in theory, nothing technical or structural standing in the way of mobile—or even, contactless—payments. Except, of course, the Germans themselves. In a country where frugality is still considered a virtue, customers are unwilling to pay for banking services. Instead, they believe that everything should be free, from the cards themselves to cash machine withdrawals, account maintenance and loans. Nowhere else in the world is “free banking” as ingrained into the culture as it is in Germany.
Contactless cards are only slightly more expnsive to produce than standard ones. Banks in Germany tend not to offer them, however, because they’re afraid customers won’t want to pay the difference. For this reason, contactless payments using credit cards are still largely unknown in Germany, whereas they’ve become the norm in countries like the UK and Sweden.
Perhaps this is precisely the advantage of making mobile payments via smartphones: adding credit card data to a smartphone is cheaper than adding an NFC chip to every customer’s card. This means, though, that it’s not the consumers who are reaping the benefits of smartphone payments: it’s the card-issuing banks.
In future, NFC-capable credit cards will be the standard for mobile payments—even outside the UK. Alternative “mobile” payment systems, which use options like QR codes rather than NFC, will never achieve this level of popularity. It’s not just the technology vendors and the hugely diverse operators of all kinds of “mobile payment types” who are to blame for this state of affairs; instead, it’s fear and lack of knowledge on the part of retailers. It no longer matters whether chips are embedded in smartphones, stickers, or body parts. Instead, convenience and cost will determine which option consumers prefer.
[1] https://www.youtube.com/watch?
[su_box title=”About Philipp Nieland” style=”noise” box_color=”#336588″][short_info id=”64692″ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.