October 2, 2012

The Buzz About Mobile

It seems everywhere you go these days there is buzz about mobile: mobile messaging, mobile commerce, mobile banking, mobile payments – heck, some people still even use mobile phones to make calls.
With all the hype (and in response to a few customer requests), we’d like to take the opportunity to explain Shift4’s stance on mobile payments and where we see it going in the future.

First, we need to make a distinction. There are two “flavors” of mobile payments. The first we at Shift4 refer to as “consumer” mobile payments. These applications allow consumers using a phone or tablet to make a payment with their mobile device. In some cases, they may even use a small swipe device attached to their phone or tablet.

The second style we are calling “business mobile payments.” Business mobile applications may be extensions of the POS designed to run on mobile devices. They may also be entirely new tools designed to help merchants engage with the customers on their sales floor, or hoteliers easily check in VIPs from the comfort of their guestroom. These applications tend to be more complex because they are suited to the needs of a professional business environment and have to interface with the existing systems.

Currently, and at least for the foreseeable future, Shift4 plans to play only in the business-mobile space. While we recognize the attraction of consumer mobile payments devices, we expect it to soon be replaced by digital wallet apps, which will allow for much more security when dealing with an unknown organization or individual.

Some may argue that Starbucks’ recent decision to use Square (perhaps the most well-known consumer mobile payment solution) in their stores would contradict our forecast but if you look closely at that deal, you will see that is not the case. Starbucks is keeping its own payment infrastructure and writing its own app to accept Square’s wallet data. The deal essentially turned Square into a well-branded digital wallet and completely ignored the hardware that they have built their business around.

The problem most mobile solutions to date have is security. Mobile payment applications have been extremely difficult to secure and nearly impossible to validate. They came to market so quickly that security groups like the PCI Council were caught almost wholly unprepared. While initially validating a few applications through their PA-DSS program, the Council actually stopped issuing PA-DSS validations for mobile apps altogether almost two years ago.

This left merchants in a bit of a bind. They wanted mobile solutions so that they could deliver the “Apple Store experience” to their increasingly tech-savvy customers but there was no authoritative way to determine which ones (if any) were secure. Many rode the wave of “cool” with little thought for security, while a few wised up and built their own apps to ensure they were secure and well-suited to their environment. Today, the rush to have a solution has slowed a little and merchants are again taking stock of what they’ve done and what they should have done. As additional thought has been put into security, a solution has become clear – Point-to-Point Encryption (P2PE).

With a P2PE device attached to your payment terminal (be it a mobile phone, tablet, or a full-featured POS), all card data is encrypted at the swipe and that means card data never enters your application. As long as you don’t hold the encryption keys on site, you essentially eliminate your entire card data environment by using P2PE.

This is the method Shift4 has adopted for mobile payments. We have announced a few solutions featuring IDTech’s P2PE devices and are working on adding devices from an additional manufacturer that should be unveiled in the near future. We have partnered with applications developers to integrate our P2PE technologies into some of the most popular retail POS applications. And, of course, we have built P2PE capability into our own virtual terminal, 4VT®, which gives you the full functionality of DOLLARS ON THE NET® from any device with an Internet connection. So, if you have DOLLARS ON THE NET, an iPad, and purchase one of our approved P2PE devices, you’re essentially up and running with an extremely simple and secure mobile solution.

If you would like to learn more about Shift4’s P2PE capabilities or would like to develop Shift4 P2PE into your private mobile payments solution, please contact the Shift4 Sales department at 702.597.2480 (option 3) or e-mail [email protected].