Within the week of Mobile World Congress, a major topic of conversation was mobile payments - both in and out of the show. Among the news was the revelation of two new services, one shutting down and one with major security issues. Let's talk about all the ups and downs for this new and emerging industry.
During the Samsung Galaxy Unpacked event at MWC, the primary focus was on the newest members of the Galaxy family: Galaxy S6 and Galaxy S6 Edge. Among the announcements, however, was Samsung Pay, an improved implementation of the mobile payment concept. The system has all of the things you would expect: adding of credit, debit and rewards cards and the ability to make a payment or attach a reward through near field communication. It will also use biometric sensors to protect your data on the device.
One of the biggest issues with mobile payments, though, is the relatively limited number of places, especially small businesses that can accept those payments. With a divergent market it could possibly even become more difficult to find a store that accepts the particular payment system your phone supports. Samsung Pay has a feature that sets it apart from the other system, though: the ability to use it anywhere credit or debit cards can be used.
Using a special chip in the phone, Samsung Pay is capable of being used in place of a traditional magnetic stripe card. You choose the account you want to use, just like you would be paying via NFC, but instead of holding it up to an NFC receiver, you hold it up next to a card reader. It is capable of mimicking the stripe on the card, giving you the freedom of mobile payments without the hassle of figuring out if the store takes your phone.
One of the early players in the mobile payment industry is Softcard. This organization was formed as a joint venture between AT&T, T-Mobile and Verizon as a way to guarantee cross-platform, cross-network payments. The brand has had a series of issues: some of its own making and some out of its control. The most notable issue was with their name; they were known as Isis and were forced to change their branding, for obvious reasons.
The issue that has caused them the most trouble has been acceptance. Despite being owned by the carriers, somehow the app was included on almost no phones. In addition, Google prevented the app from being listed in Google Play, meaning that you couldn't even get it on your Android phone afterwards.
Last month, in an attempt to try and recoup some of their costs, Softcard sold their technology to Google. As part of the technology transition, Softcard is shutting down operations, meaning that if you were able to use the platform on your Windows Phone or Android device, you will be losing it effective March 31, 2015.
As part of purchasing Softcard, Google announced that they will be bringing their own payment platform to market: Android Pay. Obviously this will be based on the Softcard technology purchased last week. However, it is not going to be available on Windows Phone, meaning that the overall market will be smaller than the original platform. However, as Google is fond of including their own services on their platform, it is likely that it will come pre-loaded on Android phones, making it easier to use.
The difference between Android Pay and Apple Pay or Samsung Pay is that Android Pay is a service, rather than an application. Google's Senior Vice President of Android, Chrome and Google Apps, Sundar Pichai, said,
We are doing it in a way so that anybody else can build a payments service on top of Android. In places like China and Africa, we hope that people will use Android Pay to build innovative services.
This platform will enable application developers to include NFC payment capabilities into their own Android apps. This would give retailers like Starbucks the ability to secure their data, which they have not been able to do on their own.
As mobile payment technology is becoming more and more popular, a critical flaw in the way Apple Pay works has been revealed as a source of major credit card fraud. This is not Apple's first glance into Apple Pay security issues, but it is certainly the worst, as it is easy to implement and has already been taken advantage of.
The issue at hand is the lack of verification when adding a credit or debit card to an account. Because the service does not require the user to show the physical card like it would if you swiped a card, it means that you can use any valid card information in the system without in-store verification. So, if you are using a card that is not yours and does not match your personal identification, such as a driver's license, there is no way for the retailer to know.
When you add the card to the system, you are not required to provide any verification, either. In a well-planned system, you would have to provide verification of ownership for the card in question. For example, if you were adding a card issued by Chase, you would have to provide a verification number provided by Chase. This is similar to how you would log in to the same Chase account on a new computer.
The way this is being taken advantage of is through data retrieved through data breaches. For example, credit card information stolen from Target or Home Depot can be entered into an iPhone and used at a store without any verification. This fixes a common problem in getting items from a stolen credit card: delivery addresses. With the ability to walk in to a retailer, purchase a large collection of products and pay with a digitally manufactured credit card that requires no personal identification, it is a simple process to steal money from the banks.
Perhaps it is time for the credit card companies to prevent access to Apple Pay until Apple decides to fix this fairly obvious and serious security oversight.