Mobile payment

With mobile payment apps, your smart­phone becomes your wallet. In the future, retail customers will be able to forego coins, bill­s­notes, and or cards since it will be possible to pay quickly and easily with your mo­bile­cell phone instead. At least this is what providers such as Google and Apple promise, who are also present on the American UK market with mobile payment solutions.

In recent years, the UK has been favouring card payments over cashMany consumers, on the other hand, are skeptical. Americans, in par­tic­u­lar, prefer to use coins at the cash register, which makes up roughly 31% of consumer trans­ac­tions, more than elec­tron­ic, credit, debit, or checks. Almost two-thirds (63%) of people in the UK now use con­tact­less payments, which is a big leap since they weren’t very popular when first in­tro­duced a decade ago. But Mobile payment could be a solution. But to what problem? wWhat added value does this re­l­at­ively new payment option offer the user? And what are the reasons for retailers to accept apps for mobile payment?

We take a close look at current mobile payment solutions, explain the un­der­ly­ing technical processes during the trans­ac­tion, and highlight the hurdles that tech­no­logy has to overcome in the UKS.

Mobile payment is a vague term that broadly defines all processes in which financial trans­ac­tions are carried out using mobile tech­no­logy re­gard­less of location.

We define mobile payment more narrowly as a payment al­tern­at­ive where consumers use their smart­phone to pay directly at the point of sale (POS) – for example at the su­per­mar­ket, res­taur­ant, or box office. It is an al­tern­at­ive to paying by cash or bank card.

As far as consumers are concerned, the technical re­quire­ments for mobile payment are already in place in many cases. All consumers need in order to pay with their mobile device in shops is the following:

1. Mobile phone  
2. Pay app
3. Credit card/debit card if ap­plic­able

Mobile payment functions are now supported by all modern smart­phones and by numerous tablets and wearables. The con­tact­less data transfer between mobile device and the POS terminal is realised with one of the following tech­no­lo­gies depending on the app:

• NFC
• QR
• MTS

NFC (near field com­mu­nic­a­tion) involves an RFID-based trans­mis­sion standard. Data is exchanged by elec­tro­mag­net­ic induction. Data trans­mis­sion via NFC is limited to a few cen­ti­metres. A mobile phone that is to transmit payment data via NFC must therefore be connected directly to the sender of an NFC-enabled POS terminal. Today, NFC is part of the standard equipment of modern mobile phones. A cor­res­pond­ing chip is built into all Android smart­phones from version 4.0 onwards. Apple has been using the local radio standard since the iPhone 6, but has not yet opened the NFC interface for third-party ap­plic­a­tions.

Optically-based mobile payment solutions, on the other hand, work with so-called quick response codes (QR). A QR code is a two-di­men­sion­al matrix of black and white squares that represent the coded data in binary form and can be read by a smart­phone’s camera. However, QR-based processes are in­creas­ingly being replaced by NFC tech­no­logy when it comes to mobile payments.

MST (magnetic secure trans­mis­sion) is a com­par­at­ively new tech­no­logy that enables a suitably equipped mobile device to emulate the magnetic strip of a classic payment card. MTS was developed by LoopPay – a company that now belongs to Samsung. The tech­no­logy is used for trans­ac­tions via Samsung Pay.

The switch to mobile payment al­tern­at­ives doesn’t involve much effort for retailers. All you need is a POS terminal that supports the trans­mis­sion standards listed above and a cor­res­pond­ing card ac­cept­ance agreement. Your company will already have the latter if your company accepts cashless payments.

The market for mobile payment apps is quite confusing. Therefore, our com­par­is­on consists of market-leading ap­plic­a­tions that enable payment at the POS; we don’t mention smart­phone apps that only support peer-to-peer trans­ac­tions (trans­fer­ring money from one user to another). The same applies to digital shopping com­pan­ions with mobile payment functions, such as the apps from Asda or Tesco.

As a pioneer in the mobile payment sector, Apple launched its payment app in the UK as early as July 2015. In other countries, e.g. Germany, users have only been able to pay with Apple Pay in par­ti­cip­at­ing shops since December 2018.

To be able to make con­tact­less payments, Apple Pay stores user in­form­a­tion for the (supported) bankcard, prepaid card, bonus card, or gift card in the app.

The following table lists just a small sample of the co­oper­at­ing partners in the UK and the bankcards they offer with Apple Pay support.

Users who want to add a bankcard, prepaid card, bonus card, or gift card to Apple Pay should do the following:

1. Open the wallet app
2. Click on the plus symbol
3. Scan the top of the card and tap “Next”
4. Wait until the bank or card issuer has verified the card (you may need to install an app to do so)
5. If the veri­fic­a­tion was suc­cess­ful, the card can now be used with Apple Pay

Card data read by the camera is then trans­mit­ted by Apple to the card issuer in encrypted form and is neither stored on your mobile device nor on the server. Apple also states that it does not collect any trans­ac­tion in­form­a­tion that iden­ti­fies you per­son­ally.

After suc­cess­fully verifying your payment card, the card issuer sends Apple an encrypted device account number, which is stored in the secure element of the Apple mobile device. This token replaces the actual bankcard in­form­a­tion such as the credit card number and enables payment at the POS terminal.

Users, who want to use their iPhone, iPad, or Apple Watch to pay via Apple Pay when shopping, can unlock the mobile device via Face ID or their fin­ger­print and then hold it against the sensor of an NFC-enabled POS terminal. If the trans­ac­tion was suc­cess­ful, a con­firm­a­tion will appear on the smart­phone screen.

The mobile payment app Google Pay has been available to American customers since September 2015 – at that time still under the name Android Pay. It has enabled users to be able to con­veni­ently pay at par­ti­cip­at­ing locations using the Android smart­phone.

Like Apple's competing product, Google Pay only works with selected bankcards from co­oper­at­ing banks and financial service providers.

In the US, Google Pay co­oper­ates with the following providers.

The card issuer decides which bank card can be stored in the payment app.

Trans­ac­tions at POS terminals in retail are carried out via the NFC interface. The pre­requis­ite for this is an NFC-enabled smart­phone. In addition, the terminal must support con­tact­less payment and accept the bankcard stored in Google Pay.

Follow these in­struc­tions to add a bankcard to Google Pay:

1. Open the Google Pay app
2. Click on the plus sign under “Payment”
3. Enter card in­form­a­tion either using the camera or by typing
4. Wait for the card issuer to send the con­firm­a­tion code either by e-mail, SMS, or telephone (al­tern­at­ively, veri­fic­a­tion can be performed via the card issuer’s mobile banking app)
5. Enter the con­firm­a­tion code in the field provided
6. If the veri­fic­a­tion was suc­cess­ful, the card will be available in Google Pay

With Google Pay, sensitive card in­form­a­tion is not stored on the mobile device but encrypted on a Google server and is not trans­mit­ted to the merchant’s NFC terminal during the trans­ac­tion. Instead, Google protects payment in­form­a­tion similar to Apple by using token tech­no­logy. Instead of the card data, the merchant receives an encrypted number (a token), which enables the trans­ac­tion to be assigned and therefore the stored card to be debited.

To pay for your shopping with Google Pay, all users have to do is unlock their Android smart­phone and hold it close to the NFC terminal. The Google Pay app starts auto­mat­ic­ally and displays a con­firm­a­tion on the smart­phone screen after a suc­cess­ful trans­ac­tion. Paying with Google Pay is as fast and con­veni­ent as using an NFC-enabled credit or debit card – provided your mobile device’s NFC interface is enabled.

Google Pay is available as a payment option in apps on your smart­phone, provided they support the Google Payment API. This is indicated by the button “Pay with Google.”

Samsung is another global player in the field of mobile payments. Samsung Pay was launched a month before Google Pay in the UK. In the States, “magnetic secure trans­mis­sion” (MST) tech­no­logy is used, but in the UK Samsung Pay only works via NFC (near field com­mu­nic­a­tion). MST-enabled mobile devices are capable of gen­er­at­ing a signal that mimics the magnetic stripe of a tra­di­tion­al payment card. This enables con­tact­less payment even at terminals that have not been converted for this purpose.

Just like Apple Pay, Samsung Pay uses token­isa­tion, which means that card payments are made secure by creating a number or token that replaces your card details. This token is stored within a secure element chip on your device, and when a payment is initiated, the token is passed to the retailer. This way, the retailer never has direct access to your card details.

Follow these in­struc­tions to add a bankcard to Samsung Pay:

1. Open up Samsung Pay on your phone
2. Touch the plus icon in the top right of the home or wallet tab
3. Touch “ADD PAYMENT CARD”
4. Follow the in­struc­tions in order to add your card

Samsung Pay also offers ARM TrustZone as ad­di­tion­al pro­tec­tion for trans­ac­tion in­form­a­tion.

Mobile payments are steadily becoming more popular in the UK. China has the overall largest mobile payment market worldwide with around 77.5% of the pop­u­la­tion using mobile payments for retail goods and services in 2018 – with just over 22% in the UK for the same year, there’s some catching up to be done.

The mobile payment trend in the UK is picking up speed, although there are still many people who feel more com­fort­able paying with either a credit card or cash instead of their cell phone. The growing number of users could be down to the fact that more retailers and res­taur­ants are accepting mobile payments.  To get an im­pres­sion of the mobile payment trend: It’s been predicted that by 2021 mobile payments in the US will reach $282 billion, which is three times the figure for 2016.

The apps are improving by the minute and many now offer peer-to-peer func­tion­al­ity, meaning elec­tron­ic money trans­ac­tions are done from one person to another through an in­ter­me­di­um source. Apple Pay Cash was released in December 2017, which gives iPhone holders the op­por­tun­ity to reimburse each other.

WhatsApp, the market-leading messenger in the western world, has also tested payment functions on selected users in the past. If the company, which has belonged to Facebook since 2014, came up with its own mobile payment function, experts expect it to be a great success. In the western world, WhatsApp is installed on almost every smart­phone. The entry barrier for users to also use Messenger for payment would therefore be extremely low.

The security concerns as­so­ci­ated with mobile payment solutions relate primarily to three questions:

• What happens if the smart­phone is stolen?
• How tamper-proof are con­tact­less trans­ac­tions?
• Who guar­an­tees data security and privacy?

In principle, mobile payment is no less secure than other cashless payment methods. Under certain cir­cum­stances, the new tech­no­logy may even offer more pro­tec­tion than the es­tab­lished systems.

If the smart­phone is lost, it’s virtually im­possible for someone to complete any unwanted trans­ac­tions. All common payment apps require the display lock to be activated. An un­au­thor­ised third party would first have to au­then­tic­ate them­selves as the owner to be able to use the device’s payment functions. In addition, bank data is only stored in encrypted form (if at all) on the end device. The situation is different with the classic credit card, where the card numbers are stamped directly onto the card for everyone to see.

It is also unlikely for a user to ac­ci­dent­ally initiate a trans­ac­tion on a mobile payment app. Trans­mis­sion via NFC only works over a distance of a few cen­ti­metres. If you want to pay with your smart­phone, you have to hold it directly over the POS terminal. In addition, the user must have activated the NFC chip and usually also the payment app. The short range of the NFC tech­no­logy also protects the user against access by third parties. In addition, all trans­ac­tion data is trans­mit­ted ex­clus­ively in encrypted form and is therefore worthless to un­au­thor­ised persons.

As far as data pro­tec­tion is concerned, the eval­u­ation of mobile payment solutions varies from provider to provider. However, all of the providers in­tro­duced in this article encrypt the trans­ac­tion data and at least hide it from the retailer whose POS terminal is used by the app. In this respect, mobile payment offers sig­ni­fic­antly better pro­tec­tion than classic card payments. However, users should know to what extent the app provider has access to the data and how it is processed. For example, while Apple claims that it only sends trans­ac­tion data to its payment service provider in encrypted form, Google reserves the right to collect extensive trans­ac­tion data and use it to operate its own services in ac­cord­ance with the Google Payments Privacy Notice. This includes the following data:

• Date
• Time
• Amount of the trans­ac­tion
• Dealer location and de­scrip­tion
• De­scrip­tion of goods purchased
• Names and email addresses of buyers and sellers
• Payment method used
• Reason for the trans­ac­tion

Trans­ac­tion-related offers