Are mobile wallets taking retailers down a road they’re not ready for?

08 April 2015

Mobile wallets have been THE retail buzzword in recent months. High profile launches such as Apple Pay and Samsung LoopPay have ignited the interest of tech-savvy shoppers, and we’ve now reached the point where 56% of consumers would be willing to use their mobile device to pay for purchases.

However, have retailers really thought through the implications of embracing mobile wallets? We’re already seeing some consequences – such as the recent Apple Pay fraud attack.

While the technology brand has taken the public wrath for this incident, Apple’s fingerprint encryption system remains intact.

What actually happened was that cybercriminals used data from recent security breaches at major retailers including Home Depot and Target to create Apple Pay accounts, which they then used to make big ticket purchases.

The on-boarding process involved the card issuer verifying the set-up and, perhaps unsurprisingly, these issuers took the really low cost approach to verification using commonly known and accessible information such as date of birth and social security number.

This crime should alarm retailers for a couple of reasons.

Firstly, it shows a new dimension for data fraud – no physical card needs to be presented for mobile wallet purchases to be accepted. Ironically, Apple was one of the brands targeted by criminals during the recent attack, as its stores are guaranteed to accept such transactions.

Secondly, the breach was only able to occur because criminals obtained credit card data from retailers’ systems. As Good Technology’s CTO, Nicko van Someren, aptly notes, “the recent spate of fraud…had little to do with Apple Pay and everything to do with legacy databases of card details being stolen and mobile payments being a convenient vector for the purchase of high-value, easy-to-resell products.”

In fact, this type of crime is already being seen among retailers who are using contactless – the natural first step towards mobile wallets, which use the same near field communication (NFC) technology. The switch from Oyster card to contactless on the London transport nework, for instance, has led to a significant spike in low value fraudulent transactions around the major stations – Euston and Kings Cross in particular.

It can seem as if the choice today is to prioritise customer experience – and by that I mean easy, frictionless transactions – or security. However, this isn’t necessarily the case.

Most transactions are being made by genuine customers, who want a quick way to pay. In addition, Visa and MasterCard are working hard to right the current contactless exploitation in London and if all else fails, then retailers can look for contactless clauses in their merchant acquirer agreement – checking the liability might reveal a pleasant surprise!

While the path to future payments remains unclear for many retailers, the rising popularity of both contactless and mobile wallets is hammering home one thing: no matter how sophisticated your front-end technology, robust back-end security is essential to protect customers.

Are mobile wallets taking retailers down a road they’re not ready for?

Mobile wallets have been THE retail buzzword in recent months. High profile launches such as Apple Pay and Samsung LoopPay have ignited the interest of tech-savvy shoppers, and we’ve now reached the point where 56% of consumers would be willing to use their mobile device to pay for purchases.

However, have retailers really thought through the implications of embracing mobile wallets? We’re already seeing some consequences – such as the recent Apple Pay fraud attack.

While the technology brand has taken the public wrath for this incident, Apple’s fingerprint encryption system remains intact.

What actually happened was that cybercriminals used data from recent security breaches at major retailers including Home Depot and Target to create Apple Pay accounts, which they then used to make big ticket purchases.

The on-boarding process involved the card issuer verifying the set-up and, perhaps unsurprisingly, these issuers took the really low cost approach to verification using commonly known and accessible information such as date of birth and social security number.

This crime should alarm retailers for a couple of reasons.

Firstly, it shows a new dimension for data fraud – no physical card needs to be presented for mobile wallet purchases to be accepted. Ironically, Apple was one of the brands targeted by criminals during the recent attack, as its stores are guaranteed to accept such transactions.

Secondly, the breach was only able to occur because criminals obtained credit card data from retailers’ systems. As Good Technology’s CTO, Nicko van Someren, aptly notes, “the recent spate of fraud…had little to do with Apple Pay and everything to do with legacy databases of card details being stolen and mobile payments being a convenient vector for the purchase of high-value, easy-to-resell products.”

In fact, this type of crime is already being seen among retailers who are using contactless – the natural first step towards mobile wallets, which use the same near field communication (NFC) technology. The switch from Oyster card to contactless on the London transport nework, for instance, has led to a significant spike in low value fraudulent transactions around the major stations – Euston and Kings Cross in particular.

It can seem as if the choice today is to prioritise customer experience – and by that I mean easy, frictionless transactions – or security. However, this isn’t necessarily the case.

Most transactions are being made by genuine customers, who want a quick way to pay. In addition, Visa and MasterCard are working hard to right the current contactless exploitation in London and if all else fails, then retailers can look for contactless clauses in their merchant acquirer agreement – checking the liability might reveal a pleasant surprise!

While the path to future payments remains unclear for many retailers, the rising popularity of both contactless and mobile wallets is hammering home one thing: no matter how sophisticated your front-end technology, robust back-end security is essential to protect customers.