As consumers, we all dream of making purchases as easily as possible. That’s why the increasing ease of mobile payments is so exciting. Who wouldn’t welcome the prospect of using that magic glowing square already surgically grafted to your dominant hand to easily transfer funds and get items in return?
But how about actually buying products through mobile phones? mBlox, which provides mobile commerce services and technologies, released a study February 22 which showed that while 18% of consumers between 18 and 24 actually prefer to make purchases over their mobile phones, a larger segment of them—27%—would not make a purchase on a mobile device due to security concerns.
And those security concerns will become even more prevalent with the advent of NFC to power digital wallets in Android phones and, as rumored, the iPhone 5.
The problem with most security measures, however, is that they can be aggravating for consumers. Swiping your phone at a payment kiosk—which you probably had out anyway because you were texting—might retain a slight convenience advantage over digging your over-stuffed wallet out of your skinny jeans, opening it, finding the one credit card that isn’t over-extended, dropping it, scraping it off the filthy floor and finally swiping it.
Unfortunately the more security measures implemented into NFC, the less convenient it truly is. Will mobile payments prevail if users have to, for instance, enter a PIN and password? One can argue such a scenario is more secure than using credit cards which require neither PIN nor password, but it certainly isn’t more convenient and, besides, do consumers really want to have to remember and extra PIN/password combo?
Biometrics—leveraging the user’s voiceprint, retina/iris, or fingerprint as a security measure—is also an option, but the implementation of these technologies is incredibly difficult. Here are some higher-level issues:
- Security: This means a false positive, in which the technology allows access to a spoofer or somebody who shouldn’t have access.
- Reliability: A false negative—which would lock a legitimate user out of his account. This isn’t going to win hearts and minds either.
- Convenience: First the user would have to scan his voice/eye/fingerprint, which isn’t exactly the embodiment of convenience. Second, that information would have to be processed on some remote server before sending back the OK.
But NFC is definitely coming. Google already uses it for its Google Wallet application and Apple is rumored to be incorporating the technology in the iPhone 5. Google’s current security measure is to compartmentalize a user’s payment information and to enable only one-way access: in other words, information (read: money) can come out, but nothing can go in.
In theory, this sounds nice. But is such a security measure good enough to show users their financial information is secure; and more importantly, is it actually secure? After all, for every security measure developed by Google, or any other technology provider, scammers will always work to develop a countermeasure. I can easily envision a scenario in which a thief walks around a crowded retail outlet, casually bumping into people, while the device he has in his pocket gleans credit card data from NFC-enabled handsets.
Of course that’s not an issue today, for the same reason why, for the longest time, Macs were safe from viruses: most victims used Windows.
