We've known for a long time that we'd someday be able to pay for things using our smartphones, ditching those dated plastic credit cards and clunky wallets for good. And it seems that day is right around the corner: Apple Pay is now accepted at a growing number of retailers — and with Square moving to enable near-field communication (NFC) payments for all its customers, the number of small businesses that accept mobile payments can be expected to rise dramatically in 2015.
Apple's iOS maintains market share at around 41–42 percent, which means nearly 60 percent of smartphone users will be seeking payment solutions that accept Apple Pay competitors. While Square's system promises to accept all major NFC payment options, including Google Wallet, PayPal and CurrentC, some Apple Pay readers are configured to only cooperate with the iPhone, just like the iPhone will only transmit NFC payments through the Apple Pay app. As always, competitive market battles between manufacturers will produce superior products for consumers — and superior headaches for retailers trying to keep up.
So, do you want to be one of the first to trek into the great unknown?
It's been touted as a safer way to pay, with one-time card numbers created for transactions and biometrics required to activate the NFC beam. Still, some professional hackers have already found vulnerabilities in Apple Pay's Touch ID system that make it seem downright primitive. And it's probably only a matter of time before hackers figure out a way to pull sensitive information using NFC readers, no matter how encrypted that data supposedly is. Build a system holding this much tantalizing, hackable data, and it will attract a lot of the wrong kind of attention.
Computer hacking is like any other industry — if there's money to be made, people will figure out how. Now that NFC seems to be a major player in mobile payment systems, it will be a hotly contested sector for hackers. So be cautious: Any time a ton of money starts changing hands in a whole new way, thieves start drooling over the chance to exploit its vulnerabilities.
And because Apple is a consumer-first company, it hasn't weathered years of ceaseless attacks like the traditional-payment-system companies that serve the financial sector. It's tempting to trust on Apple's reputation alone, but didn't a bunch of celebrities just have private photos stolen from their iCloud accounts? Think about what happens when the potential prize is worth a lot more.
As an enterprise, any time you implement a new system, you are weighing its inherent risk/reward factors. While the payoff from being an early adopter of Apple mobile payments might be tempting, the catastrophe of having customer data breached is a huge risk. Nobody remembers the manufacturer of the card scanner, but they remember Home Depot. Nobody knows the name of the HVAC maintenance company, but they know Target got hacked. If someone sits in your café and mines NFC tokens, it won't be Apple Pay or Square or Google Wallet that takes the heat — it'll be you. While we've been told the single-use tokens are using crypto properly, only time will tell.
As CA Veracode's VP of Mobile Theodora Titonis noted, "If I were to put on a black hat, instead of robbing every house in the neighborhood, I would just rob the bank." An attack surface of over 800 million credit card numbers stored in the iTunes/Apple Pay library across 16 million servers makes for a pretty tempting bank to rob. "If any of these bank servers — or a server connected to the bank servers, or an app that connects to the bank servers — get hacked, that would be a serious jackpot," Titonis said. Do you want your business to be the door that gets kicked in?
As a business considering accepting Apple mobile payments, you should think carefully about your decision. Tech-forward customers might choose your business over a nonmobile-payment alternative if other factors are similar. But until customer demand is sufficiently high, consider letting other enterprises be the guinea pigs. Whatever sliver of sales you lose to people too lazy to pull out their wallets will pale in comparison to the risk of a major data breach.
I salute those who are pioneering this experiment, as they will determine whether digital wallets will disrupt the plastics that disrupted paper some decades ago. But remember what happened to everyone who made a few mistakes in "The Oregon Trail"? Yeah, I might not want to be the first to ford the river, either.
Photo Source: Flickr