The article certainly captures the reticence many folks express when I discuss mobile-enabled payment schemes. There is some fear built into the prospect of keeping payment credentials on the device, and the possibility of it being hacked, or picked up when it broadcasts. At its core, while it is indeed more secure as the article outlines below, the creators have not been discernably active is raising public awareness of the higher level of intrinsic security in play when using mobile payments.
Rather than using the actual cardholder data, all three of these mobile payment technologies use tokenization to represent the credit card number rather than using the actual number. This helps prevent the cardholder’s data from being exposed. None of these technologies will work unless the device’s screen locking capability is enabled and the device is unlocked when the payment occurs. Apple Pay and Samsung Pay keep the tokens in a secure chip on the device. Android Pay gets its tokens from the cloud but keeps a small number offline to allow it to work when the device is offline.
Mercator Advisory Group notes the article also focus exclusively on the Universal mobile payment capabilities integrated and supported by the manufactures of handsets and the associated operating systems, excluding the merchant specific mobile payment schemes that have outpaced the universal pays in terms of rates of adoption (https://goo.gl/V36ASZ). We expect as the acceptance of the Universal payments of IPay and Android Pay expands, there will be a launch of public awareness campaigns with broad appeal to underline the strengths the universal mobile payment wallets represent, and not in the least of those being greater security.
Overview by Joseph Walent, Associate Director, Customer Interactions Advisory Service at Mercator Advisory Group
Read the full story here