Mobile Payments
1. Introduction
Mobile payments can be defined as any payment for a product or service completed through a portable electronic device. In recent years, the growth of mobile payment solutions slowed as the adoption and use of mobile payments remained lower than expected. Nevertheless, mobile payments still represent a non-trivial and rapidly growing portion of the financial services market. With the invention of NFC or Near Field Communication systems, businesses and consumers can hope to see real inroads made by mobile payment systems. This technology allows a mobile device, in this case a cell phone or smartphone, to establish communication with a terminal using NFC by either touching them together or bringing them into close proximity, usually no more than a few inches. The NFC chip will actively interact with the mobile payment reader to transfer data and complete the transaction. Google created Google Wallet as a way to introduce mobile payments utilizing NFC. Android users with certain mobile devices can download and implement the Google Wallet app. Through the setup process, users can link their Google Wallet to their debit card or another credit card so payment can be made with their cell phone. Apple Pay is a mobile payment and digital wallet service introduced by Apple Inc. on September 9, 2014. It lets users make payments using an iPhone, Apple Watch, iPad or Mac. Apple Pay does not require Apple Pay-specific contactless payment terminals; it works with any merchant that accepts contactless payments. Samsung Pay is a mobile payment and digital wallet service by Samsung Electronics that lets users make payments using “compatible phones and other devices”. It works on Android and iOS devices, but the commitment of the app offerings varies by device and operating system. Like Apple Pay, Samsung Pay also utilizes NFC to communicate with the merchant’s mobile payment reader. Mobile Payment is a useful, convenient and easily adopted technology. However, as with any technological advance, especially in the financial world, there are hazards and challenges that need to be considered. Issues such as security and privacy, acceptance versus tradition and customer education are common challenges that need to be overcome for the successful adoption of mobile payments. With the necessity of adopting emerging technologies which may be unfamiliar – for example smartphones, mobile devices and newer operating platforms, there is a strong case for ongoing and tailored mobile payment user education and guidance – such as in the form of dedicated user and customer support service channels.
1.1 Advantages of Mobile Payments
It is vital to understand the benefits of using mobile payments as one of the methods of payment. This is in order to justify and support the proposed projects of introducing the mobile payment system in an organization, within the project. By upgrading the already existing traditional payment methods, there can be increased advantages. This includes: customer satisfaction and increasing the customer base, with the improved operational efficiency through streamlining of administrative activities such as the accounting and the management of administrative costs and better controls, in as far as efficient use of the organization’s funds is concerned. It is also possible to generate additional revenue through certain advanced features such as mobile marketing and customer relationship management. As well through data, mobile payment services offers the ability to manage different types of transaction and payment information on a single platform, enabling easier expansion of payment methods such as facts, credit and e-cheque. The creation of secured mobile internet payment protocol (version 2) has made it possible to process payments in those situations where a mobile phone is not physically presented at the point of the sale, that is, it is used for remote purchases, including those transacted over the internet. Many internet companies and organization offering products and services over the internet have incorporated secured mobile internet payment protocols and has created a fast and reputable delivery system of purchased goods. Last, mobile phone payment services offer many advantages to service providers over the traditional methods of credit card acceptation. Credit card transaction fees are very high; they can range anywhere from 3% – 9% per transaction. In addition, due to a large number of different credit card types and the three-digit security numbers on the back of the cards, relatively complex equipment is required to process credit card transactions. Many service providers have to lease expensive credit card processing equipment and pay additional fees for internet credit card transaction services. On the contrary, mobile phone transactions typically charge much lower fees, primarily due to the effective security measures that are undertaken to ensure that the rightful owner of the mobile phone effect to the transaction. All these cost-saving advantages are crucial for any entrepreneur or service provider.
Advantages of mobile payments
1.2 Challenges of Mobile Payments
New payment methods are always subject to security concerns, especially payment methods that are founded on advanced technologies. For mobile payments, setting up secure solutions on an insecure platform is no easy task. It is even more difficult to get the mass market to trust the new platform. Another challenge is the client authentication in mobile environment. It is still an open question and requires a systematic approach. When a client initiates a payment, she has to be authenticated to both the mobile payment infrastructure and the bank infrastructure. In addition, the same client should be authenticated to the mobile infrastructure when she needs to make a change. This issue is a complex problem because it depends on which entity provides mobile services. It is suggested by some mobile payment experts that mobile payments will have the same standard, like credit card payment and internet payment. However, the suggestion lacks concrete support in either theoretical or practical aspect, leaving the standardization a challenge for the industry. Mobile payment solutions are being developed and tested around the globe, but the acceptance by merchants, consumers and various authorities are uncertain. It is very likely different places may have different solutions in the near future. However, it is unclear who, either the government or industry, will dictate the accepted one. Such situation makes the investment into mobile payment solutions a hard decision to a business. These challenges must be identified and resolved as they may become critical obstacles to the wider adoption of mobile payments.
2. Types of Mobile Payments
Mobile payments enable customers to purchase products, goods, and services with their mobile devices. To do this, mobile payment technology uses a method called tokenization. In a software environment already handling transactions like a mobile payment app, the mobile payment app takes the place of the petty debit and credit cards in your physical wallet. The app stores every bit of data necessary for a transaction. Unlike a card which physically connects to a card reader, online payment solutions like Apple Pay and Android Pay utilize a method called tokenization. Using a token for your payment instead of sending your entire card number protects your confidential information. When you open a mobile wallet, it asks for your primary payment method information, for example, your credit or debit card number. The token is a piece of data that references your regular card number only when passing payment data between your phone and the payment receiver. This way, we will be able to maintain the security and one-time use properties of the tokens. When you pay with your phone or use a mobile payment solution, you no longer have to share account numbers. Mobile payment solutions sometimes employ methods for near field communication to communicate with point of sale systems. These systems also have various levels of security. However, when making an online purchase, the process differs slightly. After choosing to pay for an item using a mobile payment method, the system may prompt you to enter an accompanying dynamic security code before the payment finalizes. This code generates on the spot and typically registers the transaction as an official use of your card. Many banking institutions incorporate multi-level security, like the dynamic security code, to protect consumers. By working in tandem with mobile app developers and mobile payment program creators, these security measures can evolve to meet changing threats as they develop. For now, the methods offer a highly secure and contemporary approach to paying for purchases.
2.1 Mobile Wallets
A mobile wallet is a virtual version of your physical wallet. It stores payment card information and uses NFC (near-field communication, this is a method of wireless data transfer that detects and then enables technology in close proximity to communicate without the need for an internet connection) to allow you to pay for items and services by touching your phone over a contactless payment terminal. Mobile wallets are easy to use and do not require an internet connection to make everyday transactions. However, should a WiFi or 3G/4G connection be available, it’s useful to know that the wallet connects to the internet to ensure that the latest card information is available. This provides an additional layer of security. The transactions are also similarly secure due to the use of the latest security standards and technology. For example, a user would typically need to unlock their mobile phone with a pin, pattern, password or fingerprint in order to access the mobile wallet app and make a payment. Most mobile wallets also have “tokenisation”; a method of increasing the security of transmission of card data. When a card is uploaded, tokenisation replaces its primary account number (PAN) with a series of randomly generated numbers so that no personal account details are stored on the mobile device or used during a transaction. Lastly, all transaction data is heavily encrypted. This section will then describe mobile wallets as a type of mobile payment, and provide information as to how they operate and their practical uses. This section will then describe mobile wallets as a type of mobile payment, and provide information as to how they operate and their practical uses.
2.2 Mobile Banking Apps
Mobile banking apps come from traditional, brick-and-mortar banks. These apps allow customers to carry out a variety of tasks like checking one’s balance, sending money, and even depositing checks. They also employ a couple of different methods when handling mobile check deposits. Some apps allow customers to take a picture of both sides of a check and submit the images as a way of depositing the “paper” without actually going to the physical bank. This process is not instantaneous, and it can take a couple of days for the check to finally be processed and fully deposited. Other apps may allow customers to deposit checks by first submitting the pictures and then having to physically sign the check on-site. This method is usually faster and will result in the check being processed and deposited in the span of about one or two days. Certain apps may only be available to customers who use a certain bank or financial institution. However, many banks have mobile banking apps that can be used universally by customers, regardless of where they live in the United States. These types of apps allow for an incredible amount of transaction flexibility. For instance, if a person owes money to a friend and they happen to physically see each other, the app would allow the money to be “sent” from the visiting account user’s account to the receiver’s account within minutes. By linking a card or funding the transmitter’s account, it is easy to quickly and securely send money that will be available to the receiver at a moment’s notice. In addition, many mobile banking apps allow for features that would seem to work in a more modern, “futuristic” setting. It is possible to attach any accepted credit and debit cards to a phone or other smart device and use that device in place of the actual card. This allows customers to use the card reader available at many stores without having to get the card from a wallet, purse, or pocket. This acts as a faster alternative to cash and is more secure than simply paying with a physical card due to a unique security code assigned to the digital card on the phone or device. However, this option does not work 100% of the time, so keeping the original card is still practical.
2.3 Contactless Payments
When you make a contactless payment, your smartphone or smartwatch communicates wirelessly with a card reader at checkout. Near field communication (NFC) is the technology that allows this exchange of information. NFC works within a radius of about 4 centimeters and provides a high level of security. Contactless payments are so fast that you can complete a transaction in less than half a second. And you do not need to open an app or use your fingerprint, because your device verifies a payment with a passcode or facial recognition. However, for security reasons, you cannot make a contactless payment for an amount higher than 25 or 30 without unlocking the device. You must also unlock your device before you can make a certain number of contactless payments or if you have not made any payments for a while. Contactless payments are continuing to grow in popularity, with people using them everywhere from coffee shops to public transport, and in countries around the world. If you use a contactless payment card, rather than a smartphone, the process is similar, except that you do not need to unlock anything over a certain amount. You could also link your bank account to a wearable device, such as a wristband or sticker, that has contactless technology. This means you could make payments simply by touching the wearable device to the card reader at checkout. Wearable devices use the same technology as mobile devices, so the payment information is kept secure. However, to make sure these products are right for you, check that the specific device or app you are interested in is supported by your bank or payment card issuer.
3. Security in Mobile Payments
As I’ve looked at the project and identified all the main financial administration procedures, I began to consider the different security elements that would be included. It was no occurrence that security is such a significant aspect of mobile payments. One of the primary explanations for this that I promptly perceived is the way that it is practically difficult to verify the tools used to start and complete payments. Although a portion of the most secure GPS systems use geofencing so as to validate the client’s location first, the majority of the payments can theoretically start from anywhere on the earth and this provides a potential gap in security. Innovation, for example, encryption and tokenization, should be used so as to guarantee that payments are secure. This includes the usage of P2P encryption in order to ensure that when the payment button is clicked, a passage is immediately opened between the dealer’s financial institution and the purchaser’s financial institution, and analysis and validation starts immediately. With tokenization, sensitive data is replaced with a unique identifier that has no value at all and can’t be reversed back to the initially secured information. This methodology guarantees that merchants, processors, and systems don’t store or process sensitive payment credential information. This keeps such information secure and limits the risk presented by a potential data breach. Biometric validation offers a completely unique method for verifying that the individual creating a mobile payment is the true and correct account holder. This is because biological characteristics, for example, fingerprints are unique and can’t be duplicated, ensuring that there is no way a non-authorized individual can execute payments. Biometric verification is done simply by comparing a real-time biological record to the saved template for that record. In general, it involves creating a biometric template from an initial capture, analyzing the capture to determine the quality of the capture and the quality of the data captured, and saving the template as a whole in a predetermined position. This means that when the individual produces an acceptable biological record, it will be compared to the preserved template. Any deviation beyond a predefined limit will result in rejection of the attempt and potential logging of the violation.
3.1 Encryption and Tokenization
When application interfaces are built, the details on the consumer device communicate with the appropriate payment service using the token. This means that the actual card in use is not communicated with the app or device, further helping to protect the safety of the payment. Mobile payments.
First and foremost, tokenization makes sure that sensitive and protected data such as the primary account number is meaninglessly replaced by a token that has no value to anyone who may intercept the transmitted data, which significantly reduces the chances of that data being stolen. Moreover, tokenization simplifies the process of data storage, processing and transmission in the context of mobile payments. Storing tokens is safer than storing actual card numbers, especially when this data is held in various systems. This is because tokens cannot be exploited for fraudulent activity in the way that real card data can and it reduces the complications surrounding data protection requirements.
Tokenization, on the other hand, involves replacing actual card details by a randomly generated number at the point of a payment request. These numbers carry no intrinsic value because they are not the actual card numbers and rely upon a system that is able to translate them back to the original data when needed. Such a method greatly reduces the actual data that needs to be transmitted when a payment is processed and it can be usefully employed in mobile apps and e-commerce platforms among other possibilities.
Encryption refers to changing data into a form that can be read only by the intended receiver, usually using a password. Data encryption is a common method for keeping card details secure when processing mobile payments. This involves turning the original card number into something called a ciphertext and requires a key to be also applied to this numeric string to unlock the data when needed. Here, two main forms of encryption are able to be used – ‘Symmetric’ encryption, where the same key is used for both the encryption and decryption of data, and ‘Asymmetric’ (or ‘Public Key’) encryption, where two different but mathematically-related keys are used – a ‘Public Key’ for encryption and a ‘Private Key’ for decryption.
3.2 Biometric Authentication
Biometric authentication methods are part of a trend of heightened security measures in mobile payments. Recent implementations in consumer electronics have made biometric scanning the next logical step to further secure mobile payment applications. Unlike passwords and PINs, biometric data—such as fingerprint scans and facial recognition—is unique to a specific user, cannot be easily replicated, and is significantly harder to steal. For the best results, biometrics should be implemented using the following guidelines: a biometric management system to securely store and manage biometric reference data, liveness detection, strong encryption, and the possibility to add multibiometric capabilities, so the user can choose between different biometric data. Also, precautions can be made in order to avoid physical biometric fraud, like the use of a fingerprint tape. This system provides both a classic capacitive fingerprint sensor and a “live” finger detection system, adding a new layer of security. Moreover, recently developed techniques use machine learning algorithms which are able to extract and then use an individual’s cardiac biometric profile to perform identification and verification processes. This technique allows for a remote, scalable but still secure method of biometric authentication, where information about a person’s unique physiology can be used within cryptography to provide higher levels of security. Biometric methods are extremely secure when implemented properly, serving as a practical method to reinforce the security of the mobile payment app by authenticating the user and keeping biometric authentication data separate from the rest of the mobile device data. Digital data encryption is the process of converting electronic data into another equivalent form, so that only people with certain access can decrypt and read the data. It is therefore a highly secure process, particularly with regard to storing biometric authentication data.
3.3 Fraud Prevention Measures
The technological development in mobile payments has now been fostering a change in consumer behavior globally. Mobile payments have become an everyday activity in the global market, and businesses have been utilizing this technology to transfer money and make payments. Mobile payment fraud prevention in this data relies on quite a number of strategies, such as keeping the software up-to-date. Criminals are always looking for new ways of breaking through the security in mobile devices, so the continuous update of mobile payment apps and mobile operating systems is key to securing financial and personal information. New updates also include security and new fraud prevention features. Additionally, enabling the fraud prevention features that are present in mobile payment apps has also been recommended. For instance, enlighten fraud prevention in the digital wallet of Apple Card can be helpful because it shares the same tokenization number as the physical card placed in the chip. Mobile payments and tokenization can help safeguard payment information because the real account data is kept secret. In other words, the safety of mobile payments ensures that personal financial data is secure through the process of transmuting the data into the undecipherable. The technology of tokenization works by replacing the data with random numbers, and the numbers do not give any kind of decipherable meaning.
4. Future Trends in Mobile Payments
One exciting future trend in mobile payments is the use of blockchain technology. A blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp and transaction data. By design, blockchains are inherently resistant to modification of the data – once recorded the data in a block cannot be altered retroactively. Blockchain is the technology that underlies digital currencies, with Bitcoin being the most well-known. In the context of mobile payments, blockchain could potentially be used to facilitate the process of sending and receiving money. As an example, the use of blockchain could remove the need for intermediaries in the process, such as card schemes and acquiring banks, because the system could be set up in such a way that the customer and a merchant could enter directly into an agreement, confirmed by the digital contract and executed by a smartphone application. Another trend is the integration of payments into the Internet of Things (IoT). IoT refers to the interconnection of computing devices that are embedded in everyday objects, enabling them to send and receive data. A “smart” fridge that knows when you are out of milk and places an order with an online grocery retailer is an example of IoT. Predictions are that mobile payments will be integrated into many potential IoT scenarios – for example, a driver could pull into a fueling station and the car will automatically communicate and pay the necessary amount of fuel, without the driver needing to leave the car or authorize the payment. Smartphone digital wallets could, for example, authenticate the user, selecting the correct payment card and authorizing a payment message all in an automated manner. Another development that goes hand in hand with IoT is the rise of voice-activated payments. With the growing popularity of virtual personal assistants like Apple’s Siri, Amazon’s Alexa and Microsoft’s Cortana, more and more people are becoming accustomed to verbal interactions with technology. It is predicted that the convenience and speed of being able to request and make transactions using speech will lead to increasing popularity of voice-activated payments. This is already starting to become a reality – for example, Amazon has created the “Amazon Echo”, a hands-free speaker that users can control with their voice and can be used for a range of tasks, including voice-activated payments.
4.1 Blockchain Technology
Another significant future trend in mobile payments is the increasing role of blockchain technology. Blockchain technology is a type of distributed ledger technology (DLT) that uses cryptographic techniques to establish a secure and permanent record of relaying, archiving, and maintaining transaction data. In other words, blockchain technology does not require centralized control structures and consequently, it is secure and highly resistant to changes by any individual party. Blockchain technology achieves this level of security largely through the use of cryptographic hashes. Each digital record or block in a blockchain network contains a cryptographic hash of the previous block, as well as a time stamp and other relevant data. By recursively including this hash information in all blocks, the blockchain network not only enforces a chronological order of digital records, but also makes it extremely difficult for hackers to alter or falsify the contents of a block once it has been accepted by the network. This is because altering the contents of a single digital record would require the changing of all subsequent records and the consensus of the entire network. Therefore, the promise of heightened security and maintenance of a decentralized platform for transaction authorization and processing makes blockchain technology an important upcoming trend for the continued development and evolution of mobile payments. Furthermore, a natural extension of using blockchain technology for mobile payments is the creation of new cryptocurrencies. Cryptocurrencies are digital or virtual currencies that use cryptographic techniques for security and operate independently of a central bank. By design, cryptocurrencies leverage the technology of blockchain to gain decentralization, transparency, and immutability. As with the development of all cryptocurrencies however, there are technological, political, and economic factors to consider. It takes strategic planning and continued research as well as involvement in digital networks before a new cryptocurrency and its underlying technologies can be realized as a practicable method of mobile payment.
4.2 Internet of Things (IoT) Integration
Moreover, the Internet of Things has the capability to reshape mobile payment processing in relation to micro-location transactional possibilities. Location-targeted advertising is one of the primary ways in which IoT is being utilized within mobile payment applications. The evolution from GPS through Bluetooth to now Radio-Frequency Identification (RFID) and Near Field Communication (NFC) has brought the interactive location awareness technology that little bit closer to users and, more importantly, this tech seems to be directly focused on the mobile commerce and payment market. For example, McDonald’s is already developing a mobile app payment system that makes use of IoT in that it will offer free goods depending on the user’s proximity, i.e. when the user is within 100 meters of a McDonald’s outlet. This RFID and NFC technology would also enable two key features that many consumers feel are barriers to mobile payment processing in the current market: (1) the use of a mobile device to interact and control the user experience whilst standing directly in front of a retail environment sign and (2) the potential to do away with traditional fixed Point of Sale (POS) systems in favor of mobile app-based POS; this is known as a mobile point of sale (mPOS) where the merchant’s till is contained within a smartphone or tablet and IoT app on the merchant’s device and the user’s device can talk to each other through a common platform in order to process a transaction. Finally, through the integration of the user’s own device within the payment process, it enables a more secure method of mobile payment for the user in that transactions can be personalized to use the user’s preferred factor authentication. Factors that aid the delivery of IoT technology in the mobile payment arena include seamless WiFi connectivity. The literature identified that for mobile payments to work effectively, higher levels of internet connectivity are needed. It is suggested that in terms of big data and mobile payment processing, the technological challenges of implementing wide-scale IoT are largely focused around developing a stable real-time network. Such a network must ensure constant connectivity between the vast array of devices that would be in use at any one time so that payments and data transactions are carried out. It is this sort of environment that is seen as the pathway to developing real-time data-fueled mobile payment processing systems. The research concludes that, “with the advent of advanced digital payment technologies, provision of infrastructure platforms like Hadoop, Spark and data-intensive cloud environments such as Google Big Query, etc. as well as investment into seamless WiFi national connectivity.”
4.3 Voice-Activated Payments
Although Google introduced hands-free payments to the market in 2015, the rise of virtual voice-activated assistants such as Apple’s Siri, Amazon’s Alexa, Microsoft’s Cortana, and Google Assistant has likely solidified the future of this form of mobile payment. Voice-activated payments are based on the use of secure sockets and asynchronous cryptography. When a user wishes to create a payment, they will activate the payment system through a voice command. Instead of a password being entered, the user will request to use voice control, and their microphone will be enabled. A DPS hosted window will open on the payer’s device, and the intended recipient will be assigned a secure session ID and an RSA public key. The recipient’s public key is used to create an encryption for a unique code that can only be decrypted by the recipient’s private key. This unique code and the session ID are then encrypted by the user’s private key and then again using the recipient’s public key. The encrypted unique session code and the encrypted session ID will be sent to the recipient, who will use their private key to decrypt both items. After providing the payment amount, the recipient will send back both the unique code and another unique session ID, encrypted using the user’s public key. This means that digital signature and asymmetric encryption methods are used to ensure the security and confidentiality of the payment. When the unique code is successfully verified at the DPS, the payment will be processed in accordance with the desired payment method, and the user will receive a confirmation of the transaction. This kind of payment is ideal for Internet of Things (IoT) based appliances, as it saves the user time and effort when making small “micro-payments” as part of the IoT. A further time-related benefit over more traditional payment methods is that the voice recognition techniques used for authorization are constantly improving. This means that as this technology is developed, the need for passwords or alternative methods of verification will reduce, saving even more time.