QUITE A BIG deal has been made of mobile payments over the last few years, but it’s only until recently that people have started taking it seriously.
First Apple Pay was announced then Samsung and Google followed with their own versions. But while they’ve been covered extensively, you may not be familiar with the mechanics behind it.
So how does Apple Pay /Samsung Pay actually work?
While having different names and concepts, the core of all these payment systems is the same. Accessed through a fingerprint unlock or a PIN, you store your debit or credit card details within the device itself but it never shared with any companies.
All of these systems operate on a touch and go basis. Instead of getting your wallet, you just take your phone out and tap/ put it in front of a reader and it makes the payment
The difference between the two is in how payments are made. Apple Pay requires Near Field Communication (NFC) which means retailers need compatible equipment to use it.
Samsung’s version is more expansive as it uses technology from a company it bought called LoopPay. It uses Magnetic Secure Transmission allowing users to pay for goods using nearly every magnetic stripe payment gateway out there (that’s where you would normally swipe your card). The technology is embedded in Samsung’s latest phones, the Galaxy S6, and the Edge.
Android Pay doesn’t follow the same pattern. Instead, it’s a platform for third-party developers to design their own payment systems.
So what’s secure about this?
There are a few things to help prevent fraud or interception. The first is your credit card details such as number, security code and identity aren’t used when paying. Instead, you’re issued a Device Account Number that is encrypted and stored in your device. It is not shared with Apple, Samsung or any other party.
The only time your debit or credit card details are seen by Apple/Samsung is when you’re entering it into your phone.
The key feature of these services is tokenisation. What it means is that for every payment you make, a once-off token is generated and used in place of your credit card details. This is something that standard groups and major card players like Visa and Mastercard have been working on for a while.
It’s much like generating a new voucher for every transaction you make. Each one is for the specific transaction you make and even if it is intercepted, the token cannot be traced back to the buyer.
When you make a payment, it happens in two phases. the first is the authorisation of the card and the second is the transaction itself. The first goes through a number of checks for fraud and checks whether the cardholder has the funds (or credit line) to make the purchase.
This determines whether the transaction is allowed to happen or not and is done in the space of a few seconds.
But didn’t I hear about Apple Pay being used by scammers already?
You did, except it wasn’t by breaking the encryption. Instead, the credit cards used in this were already stolen and entered in by the thieves themselves.
That said, there are still some problems. Secure doesn’t mean that unbreachable – anything can be hacked once you have the skills and put in enough time and effort to break it – and this is still new territory for these companies.
The other bigger problem, highlighted by the above example, is while the core of it is secure, the methods of verification aren’t.
There’s no real way to ensure the person entering the card data owns it, and that’s something that falls mainly on the banks and their verification system (although Apple and the card-makers should also push for it too). A service is only as strong as its weakest link and it’s a significant problem to solve.
What’s holding it back?
As well as the concerns mentioned above, their availability. Both Apple and Samsung’s payment systems are only available on two of their own devices (Samsung’s won’t be released until next month) meaning adoption rates are going to be slow. Also, such a system requires negotiation with the different banks in each country which is a slow process at the best of times.
The biggest barrier is the culture itself. While there was a lot of fuss and praise for Apple Pay when it first came out, security will always be a issue for people until it becomes more widely adopted.
It’s still very early days for these type of payment systems so writing them off would be premature.
So when will any of these payment services arrive over here?
It’s unclear right now although there has been talk of it arriving in the UK in the summer time. Other card companies have introduced tokenisation in Europe recently so the path is clear for this to happen, but there are a number of loose ends to tie up first before we see it arrive here.
If we’re going to be optimistic, then the end of the year would be a good guess, but don’t hold your breath.
To embed this post, copy the code below on your site
have your say