For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
[The] compliance procedures applied to the current physical process of card issuance become a millstone around the bank’s neck...
I don't disagree, especially as I am one of those who complain that the world has gone compliance mad! However, a good deal of payment card compliance relates to security, and this creates a significant barrier to entry for phone based payments.
If Apple becomes a bank, and the handset becomes a special private wallet, it creates a whole new jungle track along which money changes hands and criminals will find weaknesses. Security challenges and resulting tensions include:
Handset certification: as merchant terminals need to be Visa/MasterCard/EMVco certified, then so will handsets. Certification creates significant bottlenecks in product release cycles. Yes, handsets are subject to telecommunications testing too,
and we might expect the vendors to be comfortable being highly regulated, but their traditional compliance burden applies more to hardware than software, and certified RF modules can remain stable across multiple products. In contrast, payments functionality
is software-based and evolving very rapidly. Every new handset model and software upgrade may need fresh certification.
Platform security: need I say more? Smart phone malware is emerging rapidly, and nobody is sure how inherently secure mobile phone operating systems really are. The nice thing about smartrcards is that their computers are very compact, dedicated
to a small set of tasks, much more testable, much less configurable, and their architectures mostly hark back to security applications, so they're better pedigreed.
Social Engineering: as the Droid09 scare showed, there are limitless new opportunities for criminals to dupe smartphone owners into loading malicious applications. As ever so sexy payment apps flood the markets (especially less regulated ones like
Android's), how will customers sort the sheep from the goats? It's likely to become completely bewildering, with enormous opportunities for good, in joining up payments, loyalty, money-management, e-commerce and bartering. During the development rush, the
quality of well intended third party apps will be very suspect. And criminals will be able to slip in utterly bogus software.
This is going to be a wild ride!
Security will give the banks several years breathing space. A smart strategy to protect their turf would be to hybridise the handset with bank-issued chips is some manner. They could shift the UX from card to phone while preserving the card's intrinsic
Great points, and I think that issues like security and certification are valid concerns.
However, I think what ultimately will drive the marginalization of plastic is that it is certainly no more secure than your phone at the end of the day, and that behaviour will force the hand of banks. Ultimately it's easier to carry all my 'cards' on my
phone and swipe with my phone, than carry physical plastic or use an outmoded method of payment like cheques. Ease of use, technology adoption diffusion, usability and accessibility will ultimately be the drivers behind the mobile payments revolution.
Case in point - mobile NFC payments have already been in use in Japan and Korea for many years, use there is rapidly increasing due to ease of use, and fraud is significantly lower than on traditional physical modality around cards.
Brett King, Author - BANK 2.0
"Plastic is ... certainly no more secure than your phone at the end of the day".
We're talking about a very long day here! The compact, de-featured computing model of the smartcard or SIM will for the forseeable future be intrinsically more secure than any handset.
Yes, convenience and novelty often trump security ... but it's not sustainable. There was a scandal in Australia a few years ago when an expedient suburban bank manager took to transporting cash in the back of his car (hundreds of thousands of dollars)
because of a shortage of armoured vans. His short cut didn't last long.
Yes there will be competition pressure and disruption from non-banks exploiting new technologies, but real banks will copy the innovators, broaden their payment products, maintain superior security, and retain market share. Afterall, security, in all its
dimensions, is what banks are really for.
CEO & Founder
14 Apr 2010
This post is from a series of posts in the group:
A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.