Will Retailers Get In Line For Mobile Payments?
Apple Pay, Google Wallet, Paypal and other services that let shoppers use their smartphone at the checkout line require retailers to invest in modern payment terminals, but solution providers and other industry experts tell CRN that the convenience and security improvements are not yet enough to spur widespread adoption.
There are simply too many mobile payment technology alternatives and no method gaining broad acceptance of consumers.
Despite the industry momentum behind Apple Pay and its ability to shed the magnetic stripe data coveted by cybercriminals, most retailers are not necessarily ready to deploy the payment terminals and other infrastructure needed to support the service, said Kevin Grieve, a payment industry veteran and partner in consulting firm Strategy&, who leads the firm's payments consulting practice.
[Related: Making Sure Crime Doesn't Pay: How The Channel Is Key To Helping Retailers Modernize Payment Systems]
"The value proposition of Apple Pay will be challenged because merchant acceptance will not be ubiquitous," Grieve said. "You'll see top-tier merchants getting on board to move the ball, but there are millions of small merchants and it's unclear that they will have the same level of sophistication."
Some retailers already spent on terminals that support near field communications (NFC), the communication protocol being used by the mobile payment services. Others haven't opened their wallet and won't until customers demand it and a clear winner emerges, Grieve said.
In addition, there are a number of issues that have to be addressed before merchants widely adopt terminals that support mobile payments. The technology was invented for low-value, high-volume merchants such as fast food restaurants and gas station convenience stores, said Andrei Charniauski, a research manager at IDC Financial Insights.
"Most importantly, retailers are not able to integrate NFC payments into their own mobile apps, so they cannot benefit from the extra layer of consumer engagement," Charniauski said.
IDC projects a modest compound annual growth rate from new chip-and-PIN terminals and NFC-enabled terminals of 2.3 percent from 2013 to a total of $9.5 billion by 2017. Charniauski is also not convinced that IT spending will surge in the retail sector. Merchants stick to standard refresh cycles, he said. Some equipment can last as long as seven years.
Ripping out and replacing terminals also doesn't necessarily require a major modification to payment software and infrastructure, Charniauski said, adding that he expects servers and software supporting payment systems to be replaced or updated during standard refresh cycles.
"Most retailers wishing to upgrade front-end systems in the light of NFC and tokenization would be able to do so using existing back-end infrastructure," Charniauski said. "However, those retailers coming to the end of their replacement cycles for back-end systems will see this as an opportunity to overhaul their full infrastructure for the newly defined landscape."
Merchants also will calculate the fees associated with accepting mobile payments. A current disincentive to broad adoption of certain payment technologies is the interchange rate paid by merchants to accept mobile payments. Some smartphone payment schemes are treated as card-not-present transactions, which merchants pay a premium to accept.
Mobile payments may be the kind of payment mechanism that replaces the credit card in the future and help bolster security, but it's going to be a long transition, said Chris Camejo, director of consulting and professional services at NTT Com Security. Retailers have always been slow to invest in new equipment and the industry hasn't yet standardized on any form of alternative payment method, Camejo said. The hesitation to invest in new payment technology may also slow adoption of security improvements, Camejo said.
"The real solution is to encrypt the data in the hardware as it's swiped," Camejo said, adding that the reaction from Target and Home Depot to deploy new smartcard-enabled payment terminals in the face of recent breaches is one that doesn't address the core issue. "Nobody seems to be adequately monitoring their own networks to identify intrusions," he said.
Next: Merchant Customer Exchange
To make the mobile payment waters murkier, Walmart is betting on an alternative to NFC. The company and a number of other big names, including Gap, 7-Eleven and Dunkin' Donuts, created a method called Merchant Customer Exchange, or CurrentC, which doesn't support NFC. Like Apple Pay, CurrentC also uses tokenization for each transaction. Customer credit card data is stored in the cloud.
Coffee retail giant Starbucks uses yet another mobile payment scheme to engage its customers. Its simple barcode service is supported on the major mobile platforms and enables customers to pay with their mobile phones and leave tips for baristas.
Retail tends to be a more challenging sector to sell into, say solution providers. Not all merchants are created equal under the Payment Card Industry Data Security Standards, they say. High-volume merchants receive the strictest treatment, and must obtain compliance validation from a qualified security assessor. Merchants that process more than 20,000 transactions are required to fill out an annual questionnaire. Retailers are often small business owners who don't have the budget to spend on upgrading IT systems, said Stuart Maskell with San Diego-based managed services provider NWTech, a longtime McAfee partner.
"The problem we see with retail is that a lot of the retailers are actually franchises, so the franchise owner isn't necessarily obligated to acquire the level of security that large corporate retailers have," Maskell said. "There are a lot of issues in retail that need to be worked out before security becomes adequately addressed."
This article originally appeared as an exclusive on the CRN Tech News App for iOS and Windows 8.