Mobile Payment Solution Security and Compliance Concerns
What about security? Don't smartphones pose a security risk?
Metzger: Arguably smartphones pose a potential security risk. They use open operating systems designed to allow software developers an easy platform to rapidly deploy useful applications to a wide range of end users. This openness can certainly expose risk to privacy and data security. However, certain technologies are helpful in reducing the potential risk, such as point to point encryption (P2PE) and tokenizing the card numbers stored within the mobile application.
The card issuing brands and PCI council have released a number of guidelines for developing payment applications that provide developers with a good framework for securing payment related applications, but the continued absence of mandated standards still allow circumvention of these guidelines.
While the industry has not demanded compliance, a few companies, such as PayAnywhere, are trying to be at the forefront of security and take the initiative on their own to have outside third parties validate compliance to these guidelines.
Bank of America Mobile Pay Tom Bell, CEO, Bank of America Merchant Services: Security and privacy are always the top priority. Merchants' customers have to trust that their payment information is being handled safely and securely. With Mobile Pay, data is encrypted within the card reader itself, and no data is stored either on the reader or a merchant's smartphone. We've also designed our reader with a wider card swipe path, to ensure the merchant isn't swiping a card three or four times to get a good swipe. And we've designed the reader so that it securely clamps to a user's phone, to make that swipe process easier.
Nayar: Security is a priority for PayPal. PayPal Here uses encryption to help protect card information as it swipes, this is all backed by PayPal's world-class security, risk and fraud management capabilities.
PayPal also never shares financial information with the merchant so that consumers can maintain their privacy. [Square is also PCI compliant.]
Mobile Payment Solution Integration, Fees and Pricing
What if you already have a merchant account/accept credit cards, albeit the old-fashioned way? Is integration an issue?
Metzger: Integration can be an issue if the solution is not developed by the existing POS provider or a registered partner depending on the degree of integration the merchant is looking for and the type of mobile usage they are planning on deploying. If the merchant is just looking for financial system integration, this lessens the integration effort and many of the localized mobile payment applications provide export data to interface with popular business finance systems.
Ury: For companies that already accept credit cards, there are major advantages. For one, the hardware and software are free. Another is low, simple, transparent pricing.
Sign up for CIO Asia eNewsletters.