Uncertainty reigns in the realm of contactless mobile payments. Near field communication (NFC), quick response (QR) codes, geolocation purchasing and Bluetooth have all been presented by various service providers as the solution for mobile payments in the brick-and-mortar space, yet nothing has taken hold as the preferred solution. But now comes a new variant: a combination of NFC and Bluetooth that attempts to leverage the advantages of both technologies.
On Jan. 16, 2014, the U.S. Patent and Trademark Office made public a patent application filed by Apple Inc. in July 2012. The patent, titled Method to send payment data through various air interfaces without compromising user data, involves various proposed methods for establishing and maintaining connections between mobile devices and POS devices, and then allowing for secure transactions to be processed over those connections.
Apple proposed that payments be initiated at the POS via NFC and then completed via Bluetooth connections. To establish the secure NFC connection, Apple stated that mobile devices must be within 3 to 6 inches of the POS device. But then a second connection established between the mobile device and a Bluetooth connection takes over, whereby the transaction is completed.
Apple believes this scheme is more user friendly than a strictly NFC-based transaction; it also can be a boon for merchant loyalty programs. The patent states, "The NFC protocol … establishes a secure link quickly and conveniently at a point of sale. However, transactions that include sending additional data between the POS terminal and the portable device, such as additional payment information, coupon offers, coupon data, and the like, can continue for some time. … Holding or setting the device near the POS terminal becomes inconvenient for users, so NFC is less desirable for longer transactions."
Wi-Fi or Bluetooth was proposed by Apple as the secondary connection, where cardholder verification and transaction processing is conducted. Not mentioned in the patent application, but assumed to be central to Apple's scheme, is iBeacon, introduced by the tech giant in mid 2013, which utilizes Bluetooth Low Energy (BLE) technology.
PayPal Inc. launched similar technology, PayPal Beacon, via which a BLE device that plugs into a retailer's wall socket recognizes consumers as they enter store environments, and a connection is activated between the consumer's smart device and the web. In the Apple patent scheme, the BLE connection is established between the mobile device and the merchant's back-end network.
Randy Vanderhoof, Director of the Smart Card Alliance, recognized the Apple patent as an example of Apple's "walled garden" approach to technology. Apple is intent on developing solutions that function within Apple's closed ecosystem of devices and its own Apple Stores, according to Vanderhoof.
"They don't need to be open and interoperable with other systems and other retailers," he said. "They're building stuff to fit their needs between the Apple stores, which is what they've implemented Bluetooth technology for. And the interface is to the Apple iCloud."
Companies like PayPal, Isis and Google Inc. have taken different approaches, with solutions that are open and interoperable with various types of smart mobile devices and used in multiple retail settings, Vanderhoof added.
Vanderhoof also believes Bluetooth technology is inherently less secure than NFC. The close proximity devices must be to readers for an NFC-based transaction to proceed was a security feature built into the NFC protocol "so that information isn't being broadcasted out that could be listened to or copied by other devices in the area," he said.
BLE's greater range - put at about 100 meters - exposes consumers to greater risk. "If there is some targeted communications going on between two Bluetooth-enabled devices, anybody within a six- to 10-foot perimeter can be reading and participating in that communication as well, so it just doesn't lend itself well for security purposes," Vanderhoof said.
The Apple patent includes a mechanism for creating an "alias" and a "shared secret" to secure customer account data.
A November 2013 SCA white paper, The Changing U.S. Payments Landscape: Impact on Payment Transactions at Physical Stores, detailed the pros and cons of the various technologies. The paper characterized NFC as secure and reliable. However, in-store acceptance of NFC-based transactions remains limited because most POS terminals are not NFC equipped, the paper said.
QR code technology, on the other hand, is already ubiquitous in the marketplace, with two-dimensional bar code scanners standard in most retail locations. The solution thus does not require merchants to invest in expensive POS upgrades, and consumers do not need NFC-enabled smartphones to conduct contactless transactions, the paper stated. But the technology is limited in that it is "considered to be more appropriate for use by merchant brands than by card payment networks," the SCA said.
As for geolocation technology, it is currently employed only by Square Inc. via its mobile wallet app. It is marketed as a fast way to pay at the POS because no physical card needs to be presented. However, consumers have to first launch Square Wallet on mobile devices to establish the GPS connection. "This process is not faster than using a traditional card," the SCA said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.Prev Next