eMarketer predicts 37.5 million Americans will use proximity mobile payments this year — a 61.8 percent increase over 2015 — and total value of mobile payment transactions in the U.S. alone will grow 210 percent in the same period.
Historically, only established businesses have benefited from innovations available through card acceptance networks. That means there is huge potential to penetrate the SMB market, taking card payments on the move in street markets, pop-up shops, restaurants, and food trucks, or when making home deliveries.
This technology could user in the much-discussed cashless society. Going cashless holds many benefits, including safety and convenience. Rather than riffling through a wallet full of cash, a mobile payment is quick and discreet as well as less likely to attract the attention of thieves. Once cash is lost or stolen, it’s gone for good, but card payment methods — including both physical cards and mobile wallets — can be cancelled or switched off quickly. Lending and borrowing money between users becomes as easy as a tap or a wave of a smartphone.
Because all payment card activity is recorded, consumers can prove their payments were made if need be and can dispute or stop unauthorized transactions. In addition, this record of all digital payment transactions reduces the viability of black market or underground economies, which often undermine national economies. A cashless society makes criminal activity and tax evasion much more risky and difficult, so going cashless increases government revenue and reduces crime. Sweden, Israel, and Thailand are already considering going cashless. Resellers who understand this emerging opportunity and its requirements can shepherd their customers toward higher profit margins.
What It Takes To Secure Mobile Payments
High levels of mobile security are required for a cashless society to exist. Cyber criminals are creating increasingly sophisticated attack vectors, including attacks on payment devices themselves. mPOS uses a low-cost card reader connected to a mobile device to accept payments from both EMV and magnetic stripe payment cards. As with traditional POS, it is critical that the card reader encrypt the sensitive payment data it receives.
Deploying point to point encryption (P2PE) is one of today’s best practices for keeping sensitive card data safe. Businesses can reduce their risk and fear if the sensitive cardholder data in their possession is useless to hackers. This is why P2PE is so pivotal in reducing fraud. Another best practice is using HSMs in the processing environment to protect keys, manage risk on payment credentials and provide a secure and compliant trust environment. Why? Read on.
An Alphabet Of Solutions
There are several methods for making payments via mobile devices, but Host Card Emulation (HCE) holds significant market advantages. HCE has much broader applicability because the security of the payment data and transaction are not dependent on the phone’s hardware. Any smartphone could use the HCE approach by loading payment credentials on the device and using it in place of a physical card.
To interact with a contactless POS terminal, HCE-based applications use the NFC (near field communications) controller on mobile devices. Yet because the application cannot rely on secure hardware embedded in the phone for protection of the payment credentials, alternative approaches have to be used — including tokenizing payment credential numbers as well as actively managing and rotating keys used for transaction authorization. This enables issuers to manage the risk of having a less secure mobile device environment for payment credential data.
Managing this risk necessitates the use of hardware security modules (HSMs) in the issuer environment to create the rotating keys as well as send them securely to the mobile device. HSMs are also a crucial factor in the tokenization and transaction authorization process. The HCE infrastructure does not actually introduce any new security processes or procedures for retailers and processors; it just enables issuers to combine their existing strong security practices — comprising key generation/distribution, data encryption and message authentication — into a cohesive offering to enable payments with mobile devices.
Enabling Digital Payments
The cashless society is moving from the realm of theory to the real world, thanks to today’s new payment options. Doing away with paper- and coin-based currency provides greater convenience, but impeccable security must undergird this transition. Customers need to know all the requirements, both software and hardware, that must be put in place — including P2PE, tokenization and HSMs. They will be looking for guidance and recommendations, and now you’ll be able to provide them.