Comment: Security concerns holding back MPoS in retail

In-store use of mobile point of sale (MPoS) terminals continues to rise across all territories, but not as quickly as it could. One of the main issues is payment.

Although you can buy online through pretty much any territory in the world and pay with your bank account or via PayPal in a consistent manner the same is not true with offline (in-store) transactions unless you adopt the same process, i.e. drive a customer not present transaction whilst the customer is in fact present. This is something the banks are not happy about and importantly passes fraud risk back to the retailer in most countries.

The situation with secure payments for MPoS transactions in unsatisfactory with not enough secure solutions PCI and P2PE accredited and few real cross territory solutions on the horizon.

In the UK secure Chip & PIN payments have blanket adoption and are well understood. In the US the situation is worse. Although MPoS has a higher adoption rate there, it was recently reported that of an estimated installed PoS base of 13.9 million, 1.7 million of these are MPoS. Also the US is a few years behind the UK in terms of in-store payment security.

The US is the last major market to still use the old-fashioned swipe and sign system, and it's a big contributor to why half of the world's credit card fraud happens there! The US is slowly implementing their own EMV security based on a mix of Chip and Signature and Chip & PIN, which should keep the major focus on credit card fraud that side of the pond for some time.

Across Europe, Chip & PIN adoption is maturing strongly with a 60% increase in the last quarter of 2013. According to a study into the acceptance of new payment solutions published by Visa Europe recently, MPoS usage by small businesses (including micro-merchants) in Europe will take off dramatically in 2014. MPoS ease of use is cited as a unique selling point by the majority of small businesses (74% of those in France, 73% in Germany, 63% in the UK and Poland and 59% in Italy). Security was noted as the most important feature.

More payment providers are entering the market but this only seems to be bringing more confusion as to which platform will best suit a retailer's needs and how best to integrate these new platforms within their existing payment infrastructure. For the retailer looking for all the requirements of PCI, tokenisation across channels and certified P2PE, there are few MPoS solutions. And contactless, which would speed up many MPoS transactions, is even rarer.

Of course, there are many new entrants into the MPoS and mobile payment arena but no clear winners yet – and, again, most solutions are country specific.

In January a cease-and-desist order was filed against Square by the state of Illinois, claiming that the MPoS provider must obtain a licence for transmitting money, which it had not done. One feels that situations like these will become more prevalent. This situation does little to build retailer confidence in emerging payment providers.

Cardholder data specifically must be securely protected by MPoS platforms. In 2012, 96% of all data targeted by fraudsters and hackers was cardholder data. Credit card fraud reportedly cost an estimated $5.5 billion dollars globally.

In Europe, where payment platforms must be PCI compliant, Visa blocked the use of iZettle across Denmark, Finland and Norway, affecting about 15,000 merchants and impacting iZettle's growth trajectory.

To become ubiquitous, MPoS platforms will need to be capable of accepting a wide range of credit and debit cards across multiple territories, ideally globally, in a certified fully secure manner.

PMC's Huw Thomas is a regular columnist for Essential Retail, and you can read his views on mCommerce every month.

Click below for more information: