GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View PDF of this issue

Care to Share?


Table of Contents

Lead Story

Trade associations at your service

News

Industry Update

ETA says down with proposed CFPA

Cambridge researchers find EMV flaw

TSYS drives hybrid card

Features

Research Rundown

Selling Prepaid

Prepaid in brief

Finding your most valuable customers

Robert Christiansen
ARM Loyalty

The crux of cash back on gift cards

Views

Follow Wendy's for a winning combo

Biff Matthews
CardWare International

Let's be smart about smart phone payments

Paul Rasori
VeriFone

Education

Street SmartsSM:
Deal or no deal?

Jon Perry and Vanessa Lang
Merchant Services Inc., Fort Worth, Texas

Top 10 mistakes in PCI compliance

John Bartholomew
SecurityMetrics

The nuances of the question, Why?

Jeff Fortney
Clearent LLC

Seven rules for MLS sales success

Jeffrey Shavitz
Charge Card Systems Inc.

Developing a relevant, compelling value proposition

Peggy Bekavac Olson
Strategic Marketing

Company Profile

ControlScan Inc.

New Products

Self-branded smart phone terminal

Swipe
App Ninjas Inc.

ACH through and through

ACH Processing
ACH Federal

Inspiration

Attitude affects everything

Departments

10 Years ago in
The Green Sheet

Forum

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

March 08, 2010  •  Issue 10:03:01

previous next

Let's be smart about smart phone payments

By Paul Rasori

Smart phones have been around for awhile, but it was only with the surging popularity of the iPhone that these powerful devices entered the mainstream of mobile handset sales. With so many users and such a flexible platform, software developers quickly caught on almost overnight that there was a burgeoning market opportunity to deliver content, or "apps," to millions of new users around the world.

Clearly, Apple Inc. hit the sweet spot in the general market, developing a system that makes Web browsing and e-mail use as easy as making phone calls. Just as important, from VeriFone's perspective, is that unlike other smart phones, the iPhone represents a unified platform, both in form and function. Additionally, Apple, by controlling access to its App Store, maintains strict guidelines over software development.

Burgeoning opportunities

With over 100,000 apps now available, it was inevitable that credit card acceptance solutions would appear. Leveraging the iPhone as a payment device opens up a vast audience of "micro" businesses (four or fewer employees) that, until now, have resisted payment technology in favor of cash and checks. It's estimated that 18 million businesses fit into this category, representing a tremendous opportunity for ISOs and acquirers to sign up new revenue sources.

Nonetheless, in some sense, making payments on the iPhone is a little bit like a wild frontier. Go to the App Store, and you can find over 30 payment apps. The problem is that many of the companies developing this software have little or no experience in payment security, and the user has little or no guidance on whether the payment app meets any of today's strict cardholder security requirements.

The iPhone is a great mobile platform but, in and of itself, is not a secure payment device. It wasn't built to be. It was designed to be a relatively accessible mobile platform that would appeal to the broadest segment of consumers. As this popular device establishes itself as a payment platform, there are three key considerations for those in the payments industry:

Leveraging strengths

It's easy to market software these days. Whether it's through the controlled process of the iPhone App Store or less structured downloads for other platforms, software developers can find relatively low-cost methods of putting software into the hands of users.

But who is going to support those users? There's a vast distribution and support channel that can scale to meet the needs of hundreds of thousands, if not millions, of end points. Few of the companies rushing to provide payment applications have the wherewithal, the expertise or the experience to tap into this existing infrastructure. What are they going to do - refer customers to the wireless carrier or handset manufacturer?

The channel infrastructure is a key element in keeping things simple for merchants. ISOs and acquirers are able to provide their customers with simplified management of card transaction costs. Ideally, any merchant should be able to obtain one monthly bill that consolidates processor, interchange and gateway costs.

As noted earlier, there are already more than 30 payment apps for the iPhone. How is a small-business micro-merchant supposed to evaluate which option is best for his or her business?

Such a merchant is going to have to weigh a multitude of factors: Is the payment app tied to a specific gateway? Can it work with an existing merchant account, or can it help set one up? Are apps tied to a particular processor, or do merchants have to find one on their own? How do merchants make sense of interchange, basis points and fees? Can they assure their customers of security?

As with any new market segment, many players want to compete, but ultimately the field will consolidate around a select number of stronger companies that have the staying power and the resources to meet every challenge.

Growing popularity, growing threat

In payments, everything sooner or later comes down to security. Payment functionality on the iPhone is essentially a virtual terminal type of application. The app taking payment communicates with a gateway, which handles the authentication/authorization processes with processors and acquirers.

Most payment gateways evolved from an e-commerce environment where there were no physical devices present, hence the higher interchange rates for a less trusted payment process. Over time, some of these gateways acquired a level of trust with processors and acquirers that rely on them to vet the e-commerce companies they loop into the world of electronic payments.

However, adding physical devices to the online environment introduces a horse of a different color. Acquirers and processors are increasingly concerned that a proliferation of payment software on growing numbers of remote devices represents too many unknowns such as:

Security on any computer device is a moving target. As we've seen with Microsoft Corp.'s Windows operating system, the most popular systems draw the most attention from the criminals and malicious interlopers who create viruses, worms, spyware and other malware.

Mobile devices are quickly becoming the reigning computer devices of choice. Widely available and affordable wireless broadband, along with increasingly popular applications and lower-cost devices, is putting powerful computers into the hands of many. The criminal element is sure to follow.

Protecting the data

In the multilane retail segment, VeriFone is seeing increasing momentum for adoption of end-to-end encryption of card data. Frustrated by an inability to maintain or prove 24/7 fidelity to Payment Card Industry Data Security Standard requirements, larger retailers and their processors are focusing on encryption as a solution to ensure that even if a breach occurs, they won't give up the goods.

Many acquirers and processors are quickly coming to the conclusion that what works for large retailers may hold the key to resolving security for the vast numbers of Level 4 merchants. It's now up to acquirers to ensure the integrity of these smaller merchants, which is a real headache; imagine multiplying the task by a factor of 10 or greater when it comes to supporting millions of micro-merchants.

Encryption from the point of swipe ensures that any data that transits from a remote device and is transmitted over a Wi-Fi or cellular network will not be usable to any criminal that is able to intercept it. So it only makes sense to ensure that smart phones used for payments be equipped with an encrypting device that relieves merchants and acquirers from the risks of breached data.

Anybody entering this market needs to be able to isolate the security of the transaction within a device that an acquirer is able to certify. Without that confidence in the end-point, the acquirer may be unwilling to accept the risk, or will drive up rates to a level at which the risk is balanced.

VeriFone has seen tremendous interest in employing secure, mobile technology from industry professionals, as well as from merchants who have previously been unable or unwilling to accept credit card payments. There's definitely a need and desire to equip the iPhone and other smart phones with a secure but simple-to-use card acceptance solution.

Paul Rasori is Senior Vice President of Marketing with VeriFone. He can be reached at paul_rasori@verifone.com.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio