A recent survey commissioned by Capital One has found that nearly one quarter (24%) of respondents are using mobile wallets in some capacity, with 16% leveraging the technology to make purchases.
Of the 24%, more than 63% confirmed the use of a mobile wallet for less than year. As Mobile Payments Today notes, the above-mentioned figure illustrates the rapid acceptance and deployment of the technology during 2016. Indeed, 49% of mobile wallet owners said they use the technology at retail stores while 41% have paid with mobile wallets at grocery stores. In addition, 37% have purchased fast food with a mobile wallet, with 26% using the technology at drugstores and 27% employing mobile wallets for travel-related purchases.
The survey also found that current mobile wallet users seek a range of features, including the ability to store a photo ID (35.4%) along with digital coupons (41.3%) that are automatically applied. Meanwhile, 28% of respondents stated that they are interested in receiving fraud alerts when suspicious account activity is detected. Perhaps not surprisingly, more than half (54.9 percent) of those not currently using a mobile wallet said they would be open to trying the technology if they felt it made their current credit cards more secure.
As we’ve previously discussed on Rambus Press, physical credit cards are frequently compromised through theft or loss, tampering, transaction spoofing, capturing authentication data and skimming magnetic track data. In contrast, mobile wallets can be secured with device-specific cryptograms, two-factor authentication and tokenization via trusted services management (TSM) and host card emulation (HCE). It should be noted that tokenization was named by Isaca as one of the primary mechanisms empowering advancements in mobile payment technology. To be sure, tokenization plays a major role in securing both Apple Pay and mobile payments for Android smartphones.
Essentially, tokenization protects payment credentials by replacing them with a randomly generated number that resembles the customer’s primary account number (PAN). The unique identifier, known as a ‘payment token’ or ‘tokenized PAN’, is worthless if stolen, as it essentially acts as a reference for a consumer’s original card data which only the card networks and/or the consumer’s bank can map back to the original account. This means any fraud attempt only impacts a specific token (or domain), meaning re-issue is only required for that specific token (or domain).
According to Steven Anderson of PaymentWeek, tokenization is a critical aspect of the mobile payments revolution.
“It’s one of the best ways to protect mobile payment information and some believe that tokenization is so critical to the mobile payments concept that [mobile payments] can’t reach its full potential without tokenization,” Anderson explained. “Basically, thanks to the growing number of mobile payments options there are out there—not just in platform, but also in places that accept said payments—there are as a result more potential failure points for security and more points where data can be intercepted, stolen and misused.”
As Anderson points out, while major breaches seem to be on the decline, there are still plenty of examples out there that will give any user pause.
“Tokenization works to protect data both in transit—being routed between platforms and agencies—and at rest, where a payment record is being stored for later referral or the like,” he continued. “Plus, with that data safely stored, there’s a clear value for things like loyalty programs and big data analysis, which are useful for the companies that accept the payments as they can use this data to offer new options.”
In addition, says Anderson, tokenization helps facilitate other technologies such as host card emulation, which provides a bridge between the point-of-sale (POS), the remote SE and service provider, such as an issuing bank. Put simply, HCE is a technology that emulates a payment card on a mobile device using only software. HCE also allows consumers to make contactless payments, even without an internet connection, by using preloaded tokens.
Interested in learning more about mobile payments? You can check out our ebook on tokenization: