If mobile wallets don't shape up soon, some other form of payment will swoop in and steal the spotlight and profits. Online, mobile wallets were a digital strategy aimed at solving a consumer problem. They were designed to provide rapid, problem-free checkout on the mobiles that are encouraging the rapid escalation of online sales.
Unfortunately, the chance to use those wallets was offered to the consumer at the very end of the online/mobile shopping journey. A registration process was then required. Many consumers would have abandoned the sale had the need to register been disclosed at the beginning of the experience.
This makes the job of a mobile wallet less about eliminating friction at the checkout, at the end of the shopping experience, and more about authenticating that consumer and their account credentials at the beginning of their shopping journey. Where “buy” becomes an affirmation of a transaction they've already started, shown intent to complete, and then does.
It also suggests that one of the power plays we’ll see unfold in 2018 and beyond is someone emerging as the trusted enabler of that identity and the secure account credentials that travel with them. Who that will be, and who will be the trusted provider of information security will most likely be up to the consumer.
Authentication at the start has the potential to shape not only how consumers pay and the payment method they use when they do but ultimately, from whom they buy.
Mobile wallets are really trying to solve three problems in one. They are attempting to:
- Eliminate online buying hassles for the consumer
- Increase conversion rates for the business
- Ensure that payments are made securely.
Equifax Shakes Confidence of Consumers
When Equifax suffered a breach in 2017, it gave consumers a reason to believe their identity had been somehow compromised. There’s a very good reason for that: The identity credentials of nearly every adult in the U.S. were stolen and are now being sold for a couple of bucks on the Dark Web.
The breach occurred at the exact moment that digital commerce opportunities outside the classic online and mobile channels, such as wearables, speakers, even cars, began to emerge.
Consumers, who had once been confident their issuers had their backs if their account credentials and/or physical cards were lost or stolen, suddenly became nervous that cyber crooks were setting up accounts right and left in their names and robbing them blind.
Concerns About Safety, Security, and Trust
In 2017, a random sample of more than 3,500 U.S. consumers was surveyed on the question of who they regard as trusted enablers of payments in a world where payment can happen using a variety of connected endpoints. That was two months before the Equifax breach was made public.
There was concern over the uncertainty of the safety and security of their account credentials and the privacy of their data when tapping into new, connected devices for commerce. If anything would hinder the chances of commerce expanding to those new devices, security and data privacy were it.
Also, seventy percent of consumers who owned six or more connected devices said they’d trust their bank and card networks to enable these new payment experiences on their behalf. PayPal and Amazon were also rated highly by consumers. Merchants, mobile operators, and tech giants were way down on the list.
The “Pays” Have to Change
Mobile wallets have been presented to consumers as a way to make checkout easier, more convenient, and faster. That doesn’t seem to be enough. Recent studies of mobile wallet adoption have shown a rise in concerns over security by the large majority of consumers. That’s a change from where we were two years ago.
The certainty of a consumer’s identity and the authorized use of personal credentials are essential to building trust in a world where the consumer and her credentials become more and more intangible. Whoever cracks the authentication code will take payments and commerce to its full, digital potential and may become the tailwind that moves identity and authentication beyond the retail payments use cases we speak about today.
Change Needs to be Adopted
Safety concerns must be addressed if mobile payments are to become commonplace in the US. While some mobile payment and wallet providers have been able to reassure consumers, in comparison with established banks, levels of trust are generally lower than before.
There are still concerns around mobile payments that banks have overcome with contactless cards. Among non-bank/credit card providers, growth of trust is even slower or stagnant. Much of the issue around trust stems from concerns about security and they aren’t going away either.
Ironically, however, most high-end smartphones offer even greater levels of information security. Fingerprint recognition is required prior to payment, which should be a major selling point in lulling security concerns.
Key Security Concerns
The security concerns that cause consumers to hesitate when it comes to adopting mobile payment methods include the following:
- Virus-infected app clones can be downloaded by mistake in place of authentic payment apps.
- Older phones are vulnerable to identity fraud and are easily hacked.
- Proxy IP or burner phones can be used for mobile fraud.
Tips to Combat Potential Mobile Payment Risks
Many of the risks associated with mobile payments can be minimized by the use of best practices. The following three key practices should be implemented when using the mobile payment system:
- Educate your customers.
- Implement authentication verification.
- Use a PCI DSS level 1-certified mobile payment platform.
When educating customers, be sure to keep them up-to-date on the dangers of app clones. Make them aware of the need to download apps only from App stores, as well as the importance of timely app updates to ensure the highest level of payment security. Provide additional advice to your customers about using screen locks, updated account verification, and security settings.
When implementing authentication verification--Newer devices that verify authentication enable user fingerprint identification. When older devices are used, alternative identification methods can be employed, such as two-factor authentication or virtual tokens.
PCI DSS level 1-certified payment service providers ensure the highest level of security. These providers have blacklists and historical data to identify fraudsters and trends. They use advanced algorithms, geolocation and IP tracking, which detect potential security breaches and fraudulent transactions while enabling valid transactions to go through.
GDPR Poses a Threat to Retailers
The General Data Protection Regulation, (GDPR), which goes into effect in 2018, also ups the ante.
The GDPR stresses the necessity for retailers to have well-designed data breach plans and cyber insurance in place. If companies fail to meet this requirement, there may be severe consequences for the businesses and the individuals responsible. Companies that come under the GDPR will have to take care in how they approach their customers' data privacy, especially with the risks involved in mobile wallets. Retailers cannot rely solely on third-party liability if they want to avoid lawsuits.
Make Sure You Have the Protection You Need
While the emerging payment technologies seek to streamline the buying experience, it is important for retailers to identify all potential risks arising from these technologies and to ensure their insurance coverage adequately covers the risks. DPO’s, CISO’s, and CPO’s should all be ready for the impending GDPR regulations, and if they’re not, they need to start now. Mobile payments are just one thing out of many things to check off the compliance list.
If you need help securing your consumers' data, indentifying potential risks, getting ready for GDPR compliance, or need to put together a team to tackle all of the above, call ICS. We have industry experts who can take the time to sit down with you and figure out what and who you need when you need it the most. You'll be ready to take on the mobile market with a team staffed by ICS.