July 5, 2016

Making Sense of Mobile Payments

Making Sense of Mobile Payments

You probably take your smartphone with you wherever you go, so it should come as no surprise that mobile payments usage has been steadily increasing. But, with all of the different mobile technologies out there, we know that it can sometimes be confusing and overwhelming.
Here’s a closer look at some of the mobile payments technologies we support – including how they work and how you can secure them.

  • Mobile Wallets – Mobile wallets are essentially the digital version of your old, leather, pocket-filling billfold. Mobile wallets typically involve one or more cards that a consumer has entered into a single application on their mobile device, allowing payments to be made using one of the methods below. The biggest examples of these are Apple Pay®, Android Pay®, and Samsung Pay®. Years ago, when we discussed how there are two types of mobile payments, we predicted that the popularity of mobile wallet applications would grow, and this has definitely rung true. According to Statista, as of October of last year, nearly half of U.S. consumers (41%) had heard about making a purchase via mobile and 32% of consumers had actually made a mobile payment.
  • NFC – Short for near-field communication, NFC is a way to transfer payment information without requiring a physical swipe or insertion. This is similar to the key fob technology that you may use to get into your car without putting the key into the door. Most mobile wallets use NFC technology to transmit payment information. Coin, a mobile payment device that – scarily from a security perspective – combines your credit, debit, and gift cards into a single instrument, also uses NFC to process payments. If you want to accept NFC payments so that your customers can put their mobile wallets to use, simply select a payment device that supports the “Contactless/NFC” feature on our third-party devices page and double-check with your point-of-sale (POS) provider whether your software needs to be updated to support it.
  • Magnetic Secure Transmission (MST) – MST is also known as Magnetic Loop to pay homage to the company that invented the technology, LoopPay (since acquired by Samsung). MST emits a magnetic signal when a consumer is physically present at a POS. Like NFC, it is a contactless technology, but because it uses a magnetic signal, it works at locations that have an MSR swipe and don’t support NFC. This technology should be accepted at nearly all terminals with a card reader, but some payment terminals may require software updates to support it. The only mobile wallet using MST is Samsung Pay, which can also use NFC.
  • Contactless – Simply put, a contactless payment is when a mobile technology requires a consumer to be physically present at a POS, but doesn’t require an instrument, such as a card or device, to physically touch or be inserted in to a POS. NFC and MST are technologies that allow for contactless payments. However, the word “contactless” has also been used by banks and card issuers to refer to EMV cards that are contactless. At this time, contactless EMV is rare in the United States, largely because the cards cost issuers twice as much as regular EMV cards to produce.
  • Tap-to-Pay – Tap-to-pay is just a fancy way of saying contactless – no actual tapping required. (We suppose “wave-around-until-you-hear-a-beep-to-pay” didn’t sound as catchy.)
  • Secure Element – Secure element is a type of mobile-device-based security, used by both Apple Pay and Samsung Pay, which stores fingerprint data and a “token” within a chip on the smartphone. This secure element is separated from the phone’s software, so the idea is that if someone hacks into your phone’s operating system, there isn’t a way to extract the financial information, and this element shuts down if it is tampered with.
  • Host Card Emulation (HCE) – HCE is another type of mobile-device-based security that stores payment card information in the cloud, allowing consumers to use “tokenized” credentials directly from the phone for payment. This technology, which is used by Android Pay and also supported by Samsung Pay, stores the payment application in the device’s software while the data is hosted in the cloud, bypassing the device’s secure element.
  • Mobile Point of Sale (mPOS) – Unlike the previous technologies, which are all about consumers making payments, an mPOS gives merchants the ability to accept payments in new ways and new locations. An mPOS solution gives merchants the ability to open up new revenue centers whenever and wherever their business needs dictate. And, with our mPOS solution, VT4®, you don’t need to purchase specialized mobile devices to get an mPOS out on the floor – VT4 turns any internet-connected device into a secure point of sale. Find out more at vt4.com.

Related – But Significantly Different – Security Technologies
While consumer-facing mobile payments are handy for your customers to use and are becoming increasingly important for you to support, they may also introduce vulnerabilities and increase your card data environment (and therefore PCI scope). That’s why the topic of these consumer-facing mobile technologies, which are largely provided by companies having their first foray into payments, can’t be discussed without underscoring the importance of EMV, point-to-point encryption (P2PE), and tokenization.

This trifecta of payment security technologies protects you, the merchant, against instances of credit card fraud while also encrypting data at the point a card or mobile wallet interacts with the payment terminal, so card data never enters your environment. As long as you don’t hold the encryption keys on site, you can completely remove the burden of storing, processing, and transmitting sensitive card data thanks to our True P2PE™ and TrueTokenization® solutions together with EMV.

To find out how you can get EMV and use Shift4’s True P2PE to secure all of the latest payments technologies, contact our Customer Support team at 702.597.2480 (option 2) or [email protected].