Could mobile payments replace your plastic?

By Michael Lloyd

Mobile payments are grabbing headlines, and they certainly have the potential to revolutionise the way people pay for goods and services -- but could they oust plastic as the preferred purchase method? Perhaps in some places, but pickup in the UK will likely be slower, experts believe.

Several firms have unveiled mobile payment solutions, including Vodafone UK and a partnership between Samsung and virtual payments giant PayPal. However, Apple Pay, which went live in the US mid-October, is the service that many believe could popularise mobile payments. According to Apple, at least 200,000 retailers were ready to accept payments via iPhone 6 and iPhone 6 Plus handsets when the product went live.

Security questions may hinder popularity
Apple Pay isn't expected to launch in the UK until 2015, but it's already had teething problems in the US. Days after the service officially got off the ground, some Apple Pay users complained that their cards were charged twice for one purchase. This, coupled with the reputational damage done to Apple's general mobile security by the iCloud hacking debacle (in which a number of racy images from celebrities' cloud storage accounts made their way online), could be enough put people off entrusting their card details to big tech

However, Apple claims its Apple Pay service is more secure than using plastic, and that there would be no chance of it suffering the same type of breach as iCloud because users' card details are not stored on Apple servers. Instead, the service works by creating "a unique Device Account Number" for a handset owner's credit card, which is used with a separate "transaction-specific dynamic security code" every time a purchase is made, according to the Apple website. This means that Apple does not share or transmit card numbers during a transaction.

Reassuring as this sounds, Kaspersky Lab's principal security researcher David Emm reckons Apple Pay could still be susceptible to security breaches.

"Unfortunately, you can never guarantee 100% security," Emm said in an emailed response to questions. "There will always be people determined to try and find holes in systems. For example, after the launch of touch ID in the iPhone 5, hackers in Germany were able to find a way to compromise the fingerprint technology."

Emm agreed, however, that Apple is taking Apple Pay security very seriously, noting that Apple has put a number of security measures in place, such as not storing data on the device, and encrypting all data.

Pickup will likely be greater in non-chip-and-PIN countries
Catalin Cosoi, chief security strategist at Romanian security software firm Bitdefender,  believes that adoption of mobile payments will be driven more by cost and convenience than security. But he and Emm agree that adoption will move quickest in countries that do not have a chip-and-PIN credit card system in place.

"It's worth noting that at least in the US, the new systems are replacing the old and horribly insecure mag-strip cards," Cosoi said. "Adoption in Europe, where chip-and-PIN is in general use might be slower, specifically because the perceived security benefit is lower."

"The adoption of mobile payments is likely to be the same as it was for online banking," Emm said. "People were initially wary, but now it's hard to find people that don't bank online. There will always be early adopters of new technologies, but in time, mobile payments will become mainstream. Apple Pay is essentially a chip-and-PIN solution, so it's probably an improvement in payment security for those countries where it is implemented."

See related: How payments will evolve in the next decade, Digital wallets slowly gathering momentum

Published: 28 October 2014