It’s no secret the mobile payment technology takeover is upon us. Apple Pay is available at a number of popular retailers — including McDonald’s, Walgreens and Petco — with more joining rank. Even the U.S. government is getting in on the action: Apple CEO Tim Cook recently announced that visitors to national parks will be able to pay admission fees using the app, starting in September.
With such a strong outpouring of support for systems like Apple Pay, as well as its predecessors Google Wallet and Softcard, it seems like the security concerns for such a convenient product should be airily dismissed as outdated fears. But research proves otherwise. According to a 2012 paper published by the SANS Institute, a U.S. company specializing in information security and cybersecurity training, 48 percent of participants in a Federal Reserve study said they did not use mobile payment technology because of safety concerns.
“A major challenge for the adoption of mobile banking technology and services is the perception of insecurity,” the paper’s author, Vanessa Pegueros, wrote. “When you analyze the security risks of the mobile space, many of these feelings are not necessarily irrational. The lack of maturity of the mobile banking space brings many risks in the areas of new technologies.”
However, this ingrown fear of security breaches that has impeded the use of mobile banking and payment apps may be on its way out. The 2015 Digital Banking and Predictions Report expects the total amount of money spent in mobile payments to increase from $1.8 billion last year to a staggering $189 billion in 2018. The report’s publisher, Jim Marous, cites 2015 as the tipping point in mobile payment growth.
“Despite all of the attention on mobile payments in 2014, the use of mobile devices to make in-store payments is still extremely rare, and done mostly by millennials,” Marous wrote. “Our crowdsourced panel believes 2015 will be the year that Apple Pay, CurrentC, Softcard and other mobile initiatives make mobile [point of sale] payments a much more mainstream occurrence.”
Part of this change of heart may be due to improved security measures embedded in the payment apps. One of these measures is tokenization, where private data is replaced by an identifier, or token, and the actual information is stored in data centers. This is the system adopted by Apple Pay when it first rolled out. However, not even this method is foolproof.
“Tokenization creates security problems of its own,” Richard Moulds, vice president of product management and strategy for Thales e-Security, said in a recent Wired article. “Cybercriminals won’t have to steal your wallet, or even your phone, to take your cash. It is possible for criminals to clone the phone and request the card information, or even write malware to reside on the phone that will instantly send the virtual card to the thief.”
But even with gaps in security, the protection offered by such measures as tokenization is still effective, some would say too effective. A few businesses, perhaps most notably casual eatery Panera Bread, have refused to use Apple Pay because it does not allow the corporation to track consumers’ buying habits, knowledge that helps Panera market itself more strategically. Instead, some of the companies that have rejected Apple Pay are going rogue and developing their own mobile payment systems. A pioneer of developing in-house payment apps is Starbucks, which has been allowing patrons to pay for drinks and food using an iPhone-based scanner for the past few years. But even the coffee giant’s app is not impenetrable — the Seattle Times reported in January 2014 that a Minneapolis computer-security specialist found a loophole in the Starbucks app that could allow hackers to access customers’ personal information.
A 2014 Consumer Reports virtual wallet review compared the safety features of four of the most popular wallets on the market: Apple Pay, Google Wallet, Softcard and LoopPay. Since the report was released, Softcard and Google have joined forces to improve mobile wallets. In terms of security and consumer protection, Softcard came out on top overall in the review thanks to its top-notch tokenization. LoopPay trailed in last place due to its ability to allow users to turn off the wallet’s lock timer, making accounts more vulnerable to potential hackers.
Another way mobile payment systems are launching their products in a market paralyzed by expensive implementation and fear is by taking the independent route, such as the startup payment app Loop. Launched via a Kickstarter campaign in 2013, Loop offers consumers the ability to touch their phone with the app pulled up to nearly any magnetic reader to pay for things. This gives them a definite advantage over systems like Apple Pay, which requires retailers to install a special network with an Apple Pay touchpad in order to work. But the method could still be improved. In an effort to curb the problem, Samsung recently teamed up with Loop with the intent of creating phones with Loop’s mobile wallet technology already built in, similar to what Apple has done with its iPhone 6, iPad Air 2 and iPad mini 3.
“The first thing we need to solve is really the coverage issue, so that wherever you go, you can actually use your mobile device for payments,” senior vice president of Samsung Mobile Injong Rhee told TechCrunch. “And then you’re adding a lot of other value-added service on top of that, plus the additional security that the plastic card may not be able to provide.”
These upgrades to mobile payment apps appear to have decreased the security fears associated with virtual wallets. It is difficult to say exactly how virtual wallets will improve in 2015 and beyond, but their growth has been exponential over the past five years, and that trend is only expected to continue in the near future.
