By Rob Stringer, Cortex MCP
While the reach of mobile devices has grown dramatically in recent years, we’ve failed to realize the promise of using this ubiquitous device as a mobile wallet.
There are many reason for this lack of adoption, and the following reviews the shortcomings of past and current attempts at mobile wallet implementations — and more importantly, highlights new technologies needed to unlock the promise of mobile payments.
One highly visible approach is near field communications using an on-device secure element (SE), in which the user’s credit card is stored on the phone inside a purposefully-designed SE chip. The SE-based mobile commerce initiatives have failed to achieve mainstream use, due in large part to high cost, bureaucratic and political issues in accessing the SE chip, and the need for special hardware.
Alternatives are cloud-based mobile payments, which involve storing a user’s payment data in the cloud rather than on the mobile device, eliminating the need for the SE. Three of the more prevalent cloud-based mobile payment methods include the “check-in,” “push” and “Host Card Emulation” (HCE).
Each has issues that have deterred adoption — check-in requires that merchants install a special device or make a costly upgrade to their existing POS systems; push needs specialized, expensive equipment at the merchant, along with changes in merchant and consumer behavior; and HCE raises security concerns resulting from full credit card track data being transmitted to the user’s device at the time of purchase. All also require that the consumer’s device is connected to the Internet.
Given that supporters are unable to overcome these challenges and concerns, it has become apparent that a new approach is needed – one that is designed to be truly secure and scalable to any purchases, from coffee to TVs.
Keys to Unlocking Mobile Payment’s Potential
An essential element in overcoming the hurdles to mobile wallet adoption is a new payment instrument specifically designed for mobile devices — one that requires no special hardware and the ability to be stored on the consumer’s device without a cloud connection. Cortex views this as an alphanumeric string containing a user-defined, four character PIN corresponding to a limited amount of money.
The string would be created, tied to and stored on the mobile device in an incomplete state, without the user-defined PIN — this would be supplied by the user at the time of the transaction (in a fashion similar to a debit card purchase). In this way, even if someone illicitly gains access to a user’s phone, they’ll be unable to purchase anything without knowing the PIN.
This new approach could offer additional control measures, for example enabling the user to restrict its use to certain retailers, product categories or geographies — or restricting the amount of money that can be spent for any single purchase and even the number of purchases per day.
Such an approach would address behavioral and device independence obstacles. Because of the security measures cited above, there would be no SE required. Because the code is stored on the phone, users could use it instantly — faster than the time it would take to remove a credit card from a wallet.
At the POS, this user information can be passed over the existing rails leveraged by credit cards using a unique, IP-protected methodology, requiring zero (for NFC) or minimal (for QR code) changes to the merchant’s POS system. Once the user information leaves the POS, it can be routed via the processing network to a backend which would either approve or reject the purchase and trigger a payment or refund.
Another key feature that promises to overcome the mobile wallet adoption hurdle is pre-commerce analytics for offers and loyalty — a module that could be an extension to the new payment mechanism described above. This would enable merchants to target offers to users who create payments for specific purchases. Imagine a user who creates a payment to purchase a new TV with an amount of $1,000 — using this analytic module, a nearby merchant can push an offer to that consumer for a TV within his/her price limit. This module could create a new offer platform tied directly to a consumer’s intent to spend for specific items, opening up a powerful avenue for merchants to expand sales and provides them with a critical incentive to accept this type of mobile payments in their stores. Above and beyond the convenience and security factors inherent in this new payment method, such a loyalty offer platform would drive consumer and merchant adoption.
A final piece of the mobile wallet puzzle is enabling users to do more than make payments, providing the capability to securely store various forms of ID: from a driver’s license to store loyalty cards. In order to “leave the leather” at home, consumers will need to be able to leverage their mobile wallet for the purpose of identification. What is needed is an identification method that is highly secure and leverages much of the same technology as the new payment method outlined above. Components would include: the capability to store and validate all ID files delivered to the user’s device; the ability to verify a user’s ID credentials; and a generation application used by an issuing authority to create a file for their customers/users.
This kind of new mobile commerce foundational platform is possible today — conversations have begun with various groups interested in advancing the mobile wallet. But these groups must put aside political, technical and organizational objectives that are creating obstacles to mobile wallet adoption.
Many believe we’ll see progress toward this in 2014 and 2015 as these groups finally accept a new enterprise-grade, wholly secure mobile wallet platform.
And as this happens, the mobile wallet developments of the next year will shape the future for consumers and merchants for the next 30.
Rob Stringer is VP of product development, marketing and business development for Cortex MCP, developer of a mobile payment, loyalty and wallet platform that can be adopted and accelerated by all, offering device independence, inherent consumer security and control, and no disruption to the merchant's existing POS infrastructure. Rob can be reached at firstname.lastname@example.org.