Payment apps have the potential to change the cashless payment landscape and speed up transactions in retail environments and unattended markets. Everything is set to change by 2020, the date by which Visa and MasterCard will be mandating contactless payment capabilities.
At present in the US, mobile payments have not been largely adopted, and its speculated that the reason is because consumers view it as risky. This is likely triggered by the incorrect but prevailing idea that credit card numbers are stored on one’s phone or a mobile wallet app’s server, and therefore susceptible to hacking and theft. Most consumers aren’t actually aware of how these payments work. This article will explain how transactions with mobile wallets work and show the security features built into the process.
Increased mobile payment safety with tokenization
To ensure consumers’ safety, mobile payment apps use encryption technology known as tokenization. This technology replaces personal card data with a tokenized number so that at no point in the authorization process is any sensitive data exposed. Instead of a credit card account number, a randomized 16-digit number (sharing the last 4 digits of a credit card number) is generated while the real account number is stored in a secure token vault. This temporary number has no use outside the authorization process and has a limited validity. Additionally, if the token is intercepted, it becomes void.
Apple Pay, Android Pay, Samsung Pay, and Nayax’s own mobile payment app Monyx Wallet all use tokenization to secure their payment services. For this technology to work, consumers will need to have near-field communication (NFC) technology in their smartphones. NFC is available in all Android phones produced after the KitKat version was released and for iOS it has been available on all iPhones since model 6’s.
Upon payment a user needs to unlock their phone, and activate the payment app. The consumer selects the card they wish to pay with and holds the phone over the POS machine. The NFC transmits a tokenized number to the merchant, which in turn sends the encrypted data to the credit card lender.
Each time a token is created, it goes on a credit card’s file at the credit card network. The card lender confirms that the token matches the credit card that created the token and the transaction is confirmed to the merchant. The real card number is only sent to merchants when they want to bill an account holder. The card number is not stored by the merchant and they need special authorized devices to decrypt the tokenized numbers.
Securing smartphones against fraudulent behavior
Credit cards and cash leave consumers more vulnerable than mobile payments. If a credit card is intercepted, a consumer is in danger of a fraudulent credit card being created with their data. Another possibility is that if a credit card is stolen that it can be authenticated on mobile wallets on other phones and used for payments until the credit card is canceled. If a phone is stolen and one hasn’t protected the phone with phone passwords and pin codes, then the wallet can be used to pay for items.
The more likely danger in using mobile payment lies in consumers being idle about their phone security. However there are a lot of steps to protect smartphones that can be taken. Firstly, users can add PIN codes, passwords and bio-metric locks like fingerprints or face recognition technology. Secondly, smartphone users can install apps for remote tracking in case a phone is misplaced, lost or stolen. Thirdly, there are also wipe control apps, or apps that monitor typical phone behavior and block payment apps if suspicious phone behavior is detected. Lastly, users can lock the actual mobile wallets with passwords or fingerprint technology.
The takeaway from looking at how mobile payment apps are encrypted is that digital wallets are extremely secure, with an authentication process rich in protocols to ensure data safety and privacy. In fact, a transaction made with this payment method is much safer than the consumer who opts to pay with cash or a physical credit card.