By: Leilani Doyle
It is no secret that the key to success in any new payment scheme is the ability to balance security with usability (ubiquity doesn’t hurt either). A recent article published on payments.com identifies six key questions to evaluate ways to balance the security and usability of payments using the mobile device. After reviewing many new mobile payment applications, I have found this is a real challenge for most mobile start ups.
The first question asked in the article deals with ways businesses can use the richer content interface of the mobile payments device to create a new authentication method. Clearly we have seen the tap and pay approach of NFC, the pin based approach and the bar code display. Each has elements of security and yet none have created a really compelling story either from a consumer adoption or security perspective.
The next question tackles the rather technical aspect of the management of encryption keys as part of the overall mobile security process. Although it is a rather technical issue, the author, Geoff Keast, makes a valid point that the best security and encryption used is only as good as the key management process. The conclusion Geoff reaches is that new entrants to the payment processing world are best served by leaving the key management aspect up to a Trusted Service Manager. A Trusted Service Manager will build on existing experience in the card world and translate this experience into the mobile payments space.
The card world,that is perhaps my biggest objection to the premise of this article. The entire security and authentication structure is based on existing card security standards. While we can certainly learn a lot from what the card industry has evolved over the last 50 years, the mobile payments really opens the door for a wide variety of other identification, authentication and authorization forms that we are just beginning to develop.
After following the mobile payments trend over the last five years, I may be close to reaching a conclusion that using a mobile device to authenticate a payment may never happen on a huge scale. We may find that biometrics is a more robust, and in fact simpler, approach to identification and authorization. However, that said, I do believe mobile devices have a place in the shopping experience, by delivering geo-based offers, customer-preference coupons and increased awareness of brands.
Read the full article at PAYMNTS.com.