The Green Sheet Online Edition
November 28, 2011 • Issue 11:11:02
Mobile payments head to the cloud
Although we think of the cloud as a place for backup or data storage, alternative opportunities for services like mobile payments pose additional benefits. Consumers and merchants may find higher levels of security, compatibility, flexibility and ease of use.
Beyond the idea of using the cloud for mobile payments, what are the real benefits to ISOs, merchant level salespeople (MLSs) and their merchant customers for choosing a server-side wallet over a local, storage-based platform?
One of the most significant challenges for merchants today is compliance with the Payment Card Industry (PCI) Data Security Standard (DSS), which is mandatory for any company that processes, stores or transmits card data. Compliance can be complex and troublesome for many merchants, and some choose to ignore the standard and continue being noncompliant.
For merchants, the ability to offer an alternative payment tender that doesn't require storing or transmitting consumer-sensitive data decreases the time and resources needed to stay compliant.
A token of validation
The ability to safely store payment information in the cloud isn't enough, because the data is still transferred to the merchant's POS system, requiring strict PCI DSS compliance. The use of a token in place of that data provides an added layer of security by allowing sensitive information to be stored in the cloud, with a token acting as a validator when making a purchase.
Tokens are one-time use codes that can be displayed as a number or delivered as a digital signal that becomes useless after it is redeemed or expires. Payment tokenization can reduce the time needed to certify for PCI DSS compliance and decrease the chance of data compromise and fraud.
Merchants, in turn, don't need to worry about fraud or keeping sensitive data secure. A recent CyberSource Corp. report found that payment tokenization can reduce PCI DSS complexity and the resources needed to maintain compliance.
On the flip side, consumers may not exactly care about how a transaction is approved, whether their credit card information is transferred or if a token is used in its place. They are worried about what happens if their devices are stolen or the data stored on their handsets is compromised. Because security is a concern, consumers may be apprehensive about using their phones to initiate transactions.
As consumers and their devices become connected in more places, such as unsecured Wi-Fi networks, the less sensitive information they store on the phone, the better. If the consumer is able to remotely deactivate an account from another computer or device, the worries of unauthorized use diminish.
Simplifying the mobile life
The ability to move data freely across any device and a simplified registration process for consumers will increase the adoption of mobile payments. According to CTIA -The Wireless Association, the typical wireless user replaces his or her mobile device every 18 months.
Instead of replacing a near field communication (NFC) sticker or moving payment card information from one device to another, a server-side wallet keeps the information in the cloud, allowing it to be accessed from any device - with the proper security authentication. Cloud storage of credentials empowers consumers with control over their sensitive data and what devices may be used to access it.
The majority of mobile payment solutions now available on the market require a specific type of hardware - the Sprint Nexus S 4G, for example - in order to operate. Using a server-side wallet and payment tokenization solution allows various types of devices to access the same data.
For example, the same token could be delivered as a six-digit code or a two-dimensional barcode and even delivered via an NFC device.
A checklist of factors
So whether you are deciding if a mobile payments solution would fit with your business or what type of solution offers the most flexibility over time, a few questions are worth considering when reviewing products and services:
- Am I willing to commit to maintaining strict PCI DSS compliance?
- How important is consumer adoption of mobile?
- What types of devices are our customers using?
- How much investment do we want to make in our POS system? Can upgrades be made if the technology evolves?
- Should the solution work both for payments and marketing, reaching customers in a more relevant and personal manner?
To ensure mobile payments solutions will work for ISOs, MLSs and the merchants they serve, the solutions must provide added value beyond just alternative methods to pay. Think about what types of marketing solutions or loyalty programs can be integrated into mobile solutions and how those will increase sales and traffic.
What may be most important to merchants is data. They will be interested in who controls the consumer data and who controls the messaging and marketing that reaches them. These elements of control are most important to retailers today.
Doug Dwyre, President of Mocapay, is a seasoned executive with 24 years of experience in the financial services industry, delivering innovative payment solutions to issuers, merchants and consumers. Doug has launched state-of-the-art incentive marketing programs focused on driving consumer behavior and providing valuable customer data to retailers and financial services firms. For more information, email him at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.