Pilot project in flight
Last June, a pilot project partnered between the Royal Bank of Canada, Rogers Communications, and Visa went into action. The project delved into the viability of having phones gain the capability to pay for items at cash registers.
The mobile payment system works using Near Field Communications (NFC), in which a tiny chip within a mobile phone connects to the sensor on the payment terminal as the device is waved in front of it. The process takes just a few seconds and a text message can be sent as a digital receipt for personal records right after. Any retailer who can scan the newer, chip-embedded credit cards using Visa’s payWave terminals will already be able to accept mobile phone payments.
But is it safe and secure?
“The data is stored and transmitted in an encrypted way, so when the phone is being waved in front of the point-of-sale terminal, it’s not your number being transmitted, it’s an encrypted version,” explained Mike Bradley, VP of products at Visa Canada, in late 2009. “It’s always a balance between security and convenience,” he added. “If you ask consumers about security, they want more of it. But when they are asked to make tradeoffs with usage, accessibility and convenience, that’s where the forced tradeoffs are required.”
He also pointed to Visa’s policy, which is zero-liability, meaning it removes any responsibility for fraudulent transactions from its customers, and that policy would be extended to mobile payments. It’s also possible that users would be able to choose a threshold for transactions; that is to say, transactions above $20, for example, would typing a user-set password on the phone. Additionally, with alerts being sent immediately after a transaction by text, fraudulent attempts could be caught far sooner, he pointed out.
Furthermore, new SIM cards would be rolled out to coincide with the NFC chips. So if the phone was reported lost or stolen, the card could be deactivated in a matter of minutes.
The perfect storm
Not everyone is riding the bandwagon. Khoi Nguyen, who is the product manager for Symantec’s mobile security group has seen a rise in cyber attacks—particularly those targeting mobile phones. “If we take a step back and look at how smartphones provide users with e-mail applications, SMS text capabilities, and Internet access, then combine the low adoption rates of mobile security solutions, it adds up to create a perfect storm for mobile device attacks,” Nguyen said.
Targeted attacks on government agencies, wealthy individuals, and consumers interested in major loans and investments would be likely, Khoi suggested, because their mobile devices would probably store valuable information. Cyber criminals could theoretically buy, sell, and create an entire black market for that data, reaping significant profits.
Others, like Frank Maduri, a Toronto-based consultant on mobile payment technologies, feel the biggest challenges lie in making everyone happy. Between the credit card companies, phone manufacturers, banks, carriers, and government, there are many forks in the road before reaching a unified destination.
He does point out that “People are already buying stuff on their phones, whether it be ringtones, songs, applications—and all of that comes out of credit cards, so there is a certain comfort level already.”
What the hell is the point?
Consumers who have observed the pilot project pitch a common question: why bother?
Consumers have wondered, is it truly more convenient? You still have to carry a wallet—some say all it really accomplishes is moving your payment method from one pocket to another. Not exactly an earth shattering technology, anonymous commenters noted. Others had similar responses, pointing out that it really isn’t any easier or simpler to whip out a CC than it is to whip out their phone. Doubters also suggested this put their phone at even greater risk of being stolen, making it almost dangerous for them to bring to parties and other social or unfamiliar settings. And losing it would be more of a pain than ever, too.
Would you use your phone to pay for goods? Or does it increase risks too much?