Digital wallets seem to be facing a one step forward, two steps back dilemma.
It captured headlines a few years back as several of the big credit card companies, the major communications service providers via their ISIS effort, and Google with Google Wallet, moved to get into this space early in an effort to grab market share and mindshare in the U.S. Things haven’t exactly taken off as planned, as you’ve probably noticed.
But many important companies have recently begun moving forward on the digital payments front, and attacking it in new ways. However, some of these efforts – namely, Apple (News - Alert) Pay – are in turn also being attacked.
Apple last September announced Apple Pay would be supported in its iPhone 6 and iPhone 6 Plus devices starting in October of last year. Apple Pay was delivered in collaboration with JPMorgan Chase, and supports credit and debit cards from American Express, MasterCard, and Visa, and cards from major banks such as Bank of America, Capital One (News - Alert) Bank, Chase, Citi, and Wells Fargo. The solution, which leverages NFC technology, is supported at Apple’s own retail locations as well as at Bloomingdale’s, Disney Store and Walt Disney World Resort, Duane Reade, Macy’s, McDonald’s, Sephora, Staples (News - Alert), Subway, Walgreens, and Whole Foods Market.
Privacy and security were two key themes Apple pushed when Apple Pay came out of the gate. But reports have recently been circulating that Apple Pay has been a target for fraud.
“About a month post-launch, it seems like fraud has come to Apple Pay (in one case – as high as 600bps for an issuer that I cannot name),” according to a Jan. 5 posting on Drop Labs. “Though what follows was written in the context of Apple Pay, much of it translates to any other competitor – irrespective of origin, scale, intent, or patron saint.”
And today the Apple Pay fraudster story was front page news in The Wall Street Journal, which explained: “The Apple Pay system itself hasn’t been penetrated by hackers. Rather, fraudsters are entering stolen card data into phones, which can then be used to make purchases without a physical card being present.”
According to the Drop Labs posting, card issuer implementations of Apple Pay’s Yellow Path process – which involves authentication and verification – are inadequate.
Elsewhere on the digital payment frontier, PayPal and Samsung (News - Alert) recently have made acquisitions to help them better address mobile payments.
PayPal earlier this month announced plans to buy Paydiant. The deal, reportedly valued at $280 million, is expected to close in this month or next. Samsung earlier purchased mobile wallet solutions provider LoopPay.
Meanwhile, Google continues to work on its digital payments effort, having launched a new framework called Android Pay this week at Mobile World Congress (News - Alert). Noting that mobile payments have reached a new level of importance this year, Google’s Senior Vice President of Product Sundar Pichai at the Barcelona event explained that Android Pay is an API layer companies can use to support secure payments on Android in store and via apps.
The idea of delivering platforms on which businesses can support various payment types and technologies seems to be a developing theme, as PayPal’s comments at Mobile World Congress also fell into this category.