Advances in business technology are becoming routine, even in the most unexpected places. Each new advance comes with both risks and rewards. One of the more recent, the mobile payment app, accessed through a customer’s mobile phone, points out how the good and the bad often go hand in hand: big data, marketing, privacy, cybersecurity, biometrics, and liability all wrapped up into one. How to benefit from this technology, without being caught in its snares, is a lesson every business should learn.
We previously talked about the costs involved when digital information is stolen from a business. At approximately $188 per stolen record in the United States, the costs quickly add up, even for small and medium size businesses. At that price, think of how hard it would be for a parts supplier, a small manufacturer, or a retail store to cover the loss of a few thousand, or even a few hundred, customers’ payment records.
Customers like the mobile payment apps; they make the buying experience seamlessly simply. Their ease of use lets the customer pay for a purchase without much more than punching up the app and turning the smartphone towards the store’s scanner; all without the sting of paying with cash or the necessity of pulling out a credit card. Instead, the credit card information is tied to the app. That, however, is where the trouble begins.
Mobile payment apps offer even more advantages for businesses. Many, including Henry Helgeson, CEO of payment systems software provider Merchant Warehouse, in a June 18, 2013 article in Forbes, have touted the possibilities. If done properly, and widely, mobile payment apps can harness the big data capabilities of smartphones to help businesses:
- Create targeted, personalized marketing campaigns. Every time you pay for an item using the app, it could learn your preferences; not just what you say you’ll buy, but what you actually bought. It could use those preferences to make suggestions or even offer coupons for items you’ll actually be interested in, rather than the generic mass offers businesses most often make.
- Make suggestions based on where you are in the store. It might be more effective to have a special on cold-cuts pop up when you’re in the deli section of the supermarket, rather than when you’re staring at boxes of cereal or, even worse, on your register tape as you’re walking out of the store after you’ve paid for everything.
- Let customers shop for goods on-line, find out what stores have them in stock, and maybe even let stores market particular goods based on the customers’ browsing history.
One of the most common mobile payment apps is the one used by Starbucks. You may have seen it; approximately 10 million customers use it. Sales using the app are impressive: it accounted for approximately 11% of all purchases made at Starbucks in this country in the third quarter of 2013. It’s easy, convenient, and beneficial to both customer and business; but it reportedly is vulnerable.
The problem with the Starbucks mobile payment app, at least the iPhone version, reportedly was that it left its customers’ full name, address, user name, password, and email stored, in plain text, in the app. The customer’s credit card information was in the same file, and none of it, according Daniel Wood, the computer-security expert who exposed the flaw, was that hard to get to. If a hacker could get ahold of a smartphone with the Starbucks payment app, he conceivably could access a user’s account, and any money in it, by devoting some time and a laptop to the project. Mr. Wood reportedly discovered the flaw because he wanted to see if the app was safe before he stored his information on it. Though no one claimed to be hacked, Starbucks recently released an update to rectify the problem.
There are many ways to make payment apps, and credit card transactions in general, more secure. Possible solutions include biometrics, such as:
- Facial recognition technology. A Finnish start-up company, Uniqul, has launched a system where a person’s face is linked to credit cards or a PayPal account; it’s the ultimate in photo identification. A person walks up to the checkout counter, looks into a scanner, which matches the person’s face against its database of registered faces, and, once it identifies the person, uses the person’s payment information to complete the sale. The whole transaction takes no longer than a typical credit card transaction, though it reportedly is much safer.
- Fingerprints. Apple is reported to be considering creating a mobile payment service based on its fingerprint recognition app, Touch ID. The app, currently available on its iPhone 5S, secures a person’s iTunes’ account, and his phone, better than any password alone could, by creating a record of the owner’s fingerprints and making them the key.
There’s also another, more secure, type of credit card: the computer chip based credit card we spoke about the last time. It turns a cardholder’s information into a unique code for each transaction and requires the user to enter a PIN code to authorize the transaction. This makes it harder to duplicate, and use, than the information found on the magnetic strip on the back of most credit cards used in this country today. It requires the costly combination of the special card and a special reader, much like an ATM machine, to process the transaction.
Chip based credit cards are going to become a lot more common, very soon, and it has everything to do with liability for credit card fraud. Right now, the bank that issued the card involved in the fraud bears the cost. Beginning in October 2015, Visa and MasterCard will hold the merchant liable for the fraud if the card had the more secure chip technology but the merchant didn’t have the right reader to use it, so it processed a magnetic strip transaction instead. Buying a chip-based credit card reader is a major expense that many small and medium size companies don’t even know is coming.
No matter how you look at it, change is coming to commerce, with technology and digital data leading the way. Making sure you’re aware of it, the good, the bad, and the ugly, is the only way to protect your business, your customers, and your future. There really doesn’t seem to be much of a choice.