Mobile payments make debit cards do-able again
By Laura Haight
Originally published as The Digital Maven in Upstate Business Journal, Nov. 19, 2014
It seems like this crowded field of mobile pay players emerged overnight. But Google Wallet has been operational for several years, while Current C and Softcard have been in development.
With mobile payments you use your existing card accounts, but connect them to your device. Because you are never handing over your physical card and the merchant (the weak link in the security chain) is never actually getting your account info, the legions of debit card users who have been hammered by hackers in recent years can feel much safer using their accounts.
Terry Garner, senior vice president for deposit operations for Southern First Bank, has been comparing these services to see who gets the edge from a financial institution perspective. That means protecting both the customer account and the bank’s interests. There are a lot of analysts doing the same thing through different lenses: security, convenience, the cool-tech factor.
But in the mobile pay arena, only one thing really matters: security. And that’s where Apple Pay gets an edge.
Here’s a look at how the five current players stack up:
Apple doesn’t store your credit card anywhere. In fact, it only has your credit card data once — when it passes it along to your card issuer for verification. Once approved (that takes milliseconds), the issuer sends a device account number (DAN) back to Apple. This is stored in a dedicated chip in your iPhone. When you make a purchase, that DAN along with a one-time use token is used for authentication. Neither Apple or the merchant ever have your credit card number or PIN. To activate your payment, you use your fingerprint via Touch ID. There’s no app to find and open, no choices to make. The payment function is built into the NFC chip. You tap your phone to the payment terminal, authorize with your fingerprint and you’re done. Of course, you’ll need the Apple Watch or iPhone 6.
Google Wallet, uses a token rather than maintaining the credit card information on your phone, but it does store your financial information in the cloud (yes, they say - “securely stored”). They also track your purchasing habits - theoretically to improve your shopping “experience” by delivering up personalized offers (ads). The wallet is more versatile and will work with both barcode scanning technology, which is used by Current C, and Near Field Communications (NFC). And they offer fraud monitoring and protection.
Current C — a consortium of major retailers led by Wal-Mart — was the solution to reducing the 2.5 percent fees charged by various credit card companies that eat into the often tight profit margins. Current C is not designed for flexibility or ease of use for the consumer; but rather to save money for the retailer. Currently in an extended pilot, the system uses a proprietary app that will scan a QR code. That initiates the sending of a token to your financial institution which then authorizes an ACH (automated clearing house) transaction from your checking account. Current C can also work with gift cards. But, since the whole purpose is to cut out interchange fees, not credit cards.
Current C locked its merchants into three-year exclusivity contracts that prevent them from offering access to other payment methods. Some retailers like CVS recently announced they had disabled NFC functionality on their card readers effectively shutting out Apple Pay. Who’s coming out on top in this battle? Well, Wal-Mart is big, but Apple’s bigger. Current C was dealt a big PR blow recently when it was announced that their database had already been hacked. Email addresses, not card numbers, were reported to have been exposed. But the incident itself doesn’t instill tremendous confidence.
The other two mobile payment players at the moment are PayPal and your friendly mobile carriers (Verizon, T-Mobile and AT&T) who are bringing you Softcard.
PayPal has an app for Android and iOS that adds the security of an eight-digit PIN to secure your transaction. It also only works with retailers who are signed on in-network and there aren’t a lot of those. The app will tell you which retailers near you are in-network.
Finally, the Softcard. Yes, there’s an app for that too and it uses the NFC functionality. But you’re not going to see it on iPhones for at least a year. Apple confirmed last week that there was a one-year lock down on any other NFC applications, so you won't see the Softcard in the App Store for a while. But it is working on Android phones. Want to test it out? Head over to McDonalds where you can pay for your Big Mac with a tap at the counter or the drive through. Unlike many other retailers, Micky D’s is all inclusive — accepting Google Wallet, Softcard and Apple Pay.
All these systems have one similarity — they keep your credit or debit card out of the hands of the merchant. For that reason, if for no other, Garner says, the “debit card is not dead.” Combined with new EMV cards, new merchant terminals and the security built into mobile payments, you may be safer than you’ve ever been.
But that doesn’t mean you can let your guard down or stop monitoring your accounts. Somewhere in Eastern Europe, the cybercriminal who sold your Social Security number on the black market is working out how to crack this new tech.
