Category: Mobile Payments
September 20th, 2013 by Elma Jane
Citi expands real-time mobile services for banks
Citi is ramping up its mobile strategy for banks, which are increasingly looking for real-time access to financial information such as payment status. CitiDirect BE, the company’s online banking platform for financial institutions, has launched two new mobile applications. The Mobile Payment Advisor app enables users to track the status of a payment at any time from any mobile device while the Payments Directory Mobile app provides a database of institutions worldwide that participate in U.S. dollar clearing.
“In existing scenarios, banks rely on servicing tools set up between different correspondent banks to determine the status of their payments.” Citi’s mission is to provide payment status to a larger group of users by offering readily available access points. The result is an enhanced service experience for banks, delivered by a provider aligned to their own objectives.
Payment Status
The feedback Citi has received from its financial institution clients indicates that real-time access to payment status is an important feature they are looking for. With this in mind, the CitiDirect BE Mobile Payment Advisor enables banks, their customers, or third parties to track the status of a payment at any time and from any mobile device, similar to tracking the status of a package. Users will be able to check the up-to-the-minute status of a payment online within seconds. The app requires no installation or user credentials. Users enter the sender reference, amount, currency and value date to search for payment status. The app will also help Citi streamline internal operations by cutting down on the number of calls service centers receive regarding the status of a payment. Citi reports that currently the majority of phone calls to a given service center are payment status inquiries. Such calls can take several minutes to complete and involve multiple parties.
Next Mobile Frontier
The Payments Directory Mobile app addresses the need to simplify the process of choosing from one of thousands of correspondent banks to route a payment. “Citi has at its disposal a vast repository of information to determine the best route of making a payment successfully, across multiple geographies.” This information is available to clients in physical form, CD-rom, through an electronic banking platform, and making it available on a mobile platform was a logical extension for sophisticated and innovation-focused client base.” Users can quickly search for clearing intermediaries with filtering preferences. With businesses executives having a mobile device nearby almost all the time, Citi recognizes that corporate apps are the next frontier for mobile. As such, the company is mobilizing its online banking applications little by little as part of its overall digital strategy. “In the payments space within correspondent banking, mobile tools have been launched to very receptive and excited clients.” These new channels allow them to harness Citi’s global presence and expect an upward trend in adoption of these tools by significant financial institutions client base.”
Posted in Mobile Payments, Smartphone Tagged with: banking, electronic, mobile, onine, payments
September 20th, 2013 by Elma Jane
“Hardware”: Key to Mobile Commerce’s future
If you thought mobile commerce was about the cloud or software, proof to the contrary is mounting. In fact, four key moves by three big companies over the past week have provided more evidence that software and the cloud are taking a back seat to a significant force in mobile.
OTA VS. Device Access
Without security mobile commerce is dead in its tracks after the first major breach. Two basic elements: Access to mobile apps and over-the -air security. Both necessary but they play entirely different roles. Mobile apps have direct access to our lives. With them we can share our professional story, personal lives and of course move money around with mobile banking and mobile commerce apps. Therefore, ensuring that no one but YOU can access your apps is important. That is why you probably have myriad user names, passwords and PINs. This brings us to our first big hardware move.
Apple’s Touch ID
Apple introduces hardwarebased biometrics with its new Touch ID. Essentially the first commercially product available biometric button, combines the user request (pushing button) and the identity check (scanning the fingerprint) into one action.
Apple correctly presented this feature as an excellent for a personal identification number to activate the phone or complete an iTunes purchase.
Apple’s Secure Enclave
The “secure element” is essentially hardware and software that, when combined, function like a smartcard running on a part of the mobile phone that no other app can access. Apple announced that the highly sensitive fingerprint data from its Touch ID product would not be stored on a remote server, in the cloud or even in the iPhone memory. It will be stored in the “secure enclave” of its new A7 processor chip.
Difference between a secure enclave and a secure element? Probably little or nothing. We don’t know if Apple’s secure enclave uses smartcard technology, we know it is essentially hardware and software running on the part of it’s a& chip that no other app can access.
Posted in Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: Apple, commerce, mobile, secure, Security
September 17th, 2013 by Admin
Payments
“Geofencing” a program that uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical bounderies. It creates the opportunities for new business models and generations. Allowing the use of mobile tools and services to not only interact with loyal customers, but also reach potentially new customers when they come into a geographic proximity, explained by a spokesperson from a Mobile and Wireless Group. So it does open the doors to some interesting new applications.
To date, radio positioning signals have been supplied to consumers primarily by the U.S. Military through a constellation called “GPS” or Global Positioning System. Essentially, receivers on the ground…. or in cars….interpret the signals and tell you roughly where you are.
Europe’s Galileo global satellite navigation system is expected to open up a variety of business opportunities. Big changes are in the air as a result of new more accurate systems on the way. One example: geofencing, a highly targeted form of tight, perimeter-based locating.
Galileo
A form of geofencing using the U.S. GPS is already used to monitor stolen vehicles, trucks and delivery drivers, among other things. GPS isn’t particularly accurate, though. With more accuracy, geofencing could be used to create a zone around a store or school, for example…or even a particular vending machine, in the world of commercial applications.
One of the new systems offering fresh potential in this area is Europe’s upcoming Global Satellite Navigation System, or GNSS, Known as Galileo.
“Global Applications”
Where Galileo gets particular interesting for us in the e-commerce world is that, buried deep in the European Space Agency’s promotional descriptions are some telling statements. For example, Galileo will offer a commercial service that will “allow global high-end and innovative applications” with accuracy down to a few centimeters.
For comparison , GPS maker Garmin says its latest GPS receivers are accurate to within 3 to 5 meters. Second, despite being a government project, Galileo will be under civilian control…not government control the way GPS is. It will be fully open to commercial applications. Then too, there’s aunthentication feature Galileo will include…an accurately timed, trusted location factor. The Galileo Commercial Service demonstrator will begin its proof of concept in 2014, with early service reckoned to start in 2016.
Possible Sensitive Transactions
Why do we care about all this? Simple: because of Geofencing.
Geofencing is currently used in mobile e-commerce to deliver ads and promotions based on a geographical region of interest. The GPS is used to define proximity so that an advertiser can know when you’re in the area.
Now add Galileo’s authentication to this mix, plus the microlocations obtainable with Galileo, and you’re in a defferent ballpark…almost literally. Sensitive transactions become possible, along with tracking to the millimeter… when you enter a building, go to the zoo or choose a concert seat. Turnstiles and the cost involved become redundant, for example.
Current location-based access control and payments solutions that use a GPS signal are authenticated through proprietary algorithms.
Security Improved
By virtue of its ability to enable transaction security and access control improvements, in fact, Galileo’s authentication feature will ultimately be perceived by industries such as banking to be a source of added value.
“For example, GNSS-based positioning and accurate timing could be integrated in the encryption algorithms to improve the security and payment process.
Location-based billing using existing GPS is already in use in limited areas including toll-road billing, and it’s being considered for parking as well. However, one of the big problems has been the availability of equipment that’s small enough and power-friendly enough to be practical.
The Technology on the ground…the device in our pocket, in other words…is a limiting factor. If you’ve ever tried to use your smartphone’s GPS chip for more than a few hours, you’ll know it kills the battery, even the the latest phones. Current vehicle geofencing trackers, meanwhile, are large, permanently mounted boxes. New chips will provide portability.
“This Previously Wasn’t Possible”
A mobile and wireless company, recently inroduced a battery-saving GNSS smartphone location chip with Geofence capabilities. The company’s BCM47521 chip lets an application receive an alert when a user enters or exits a virtual perimeter, and uses the current GPS, GLONASS, QZSS and SBAS constellations…all at the same time.
What is unique about this technology is that it’s able to monitor the user’s location as a background task, consuming less power. “This previously wasn’t possible, as the process of continually monitoring for a geofence would rapidly drain a mobile device’s battery”.
Near Field Communications radio standards can be used for the secure payment element, and the more widespread adoption of NFC for mobile payments will also generally help drive adoption of location-based payments.
“Geofencing creates the opportunities for new business models, allowing the use of mobile tools and services to not onl interact with loyal customers but also reach potentially new customers hen they come into a geogrphic proximity.” “So it does open the doors to some interesting new applications.”
“Security and Privacy Crucial”
A networking and connectivity subsidiary is also working on positioning. It’s IZ at location platform is geared towards precise indoor positioning for public places and provides 3- to 5-meter positioning inside.
GNSS will help enable location-based payments, but it’s not everything. “There will certainly be other augmentation technologies that will help to increase the propagation of this in the market. “Security and privacy will also be crucial to acceptance.”
Indeed today, the tested indoor services need to rely on antennas installed outside the target buildings to reproduce the GNSS signal. This requirement causes additional costs, challenging the economic viability of GNSS-based positioning as a means to reinforce the security of access and transactions. Add in the vast amounts of data gained by tracking user movements down to the centimeter, and you’ve got a whole other can of worms.
Posted in Credit Card Security, Electronic Payments, Mobile Payments Tagged with: Geofencing, GPS, payments, privacy, RFID, Satellite, Security, technology, transactions
August 16th, 2013 by Admin
Square credit card processing service was fined $507,000 by Florida’s Office of Finance Regulation for operating an electronic payment processing service without a money transmission license. Some may remember the same treatment in Illinois in March of this year. The order covers two years of operation and processing including Square Register, stored value and prepaid access credit card services.
Square was granted a money transmission license after it paid the fine via wire transfer and is now in compliance. Square neither admits or denies any wrongdoing. Although it’s an emerging field the Florida based fines show that adhering to state laws is a tricky situation that needs extra scrutiny on the processors end. Due to the state by state nature of the laws, credit card processing companies find themselves complying with each state’s independent regulation laws.
In a statement from Square.. “We worked with Florida to resolve our application and receive our license to operate as a money transmitter in the state, We look forward to continuing to help merchants across Florida grow their business with Square.”
Posted in Credit card Processing, Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: account, credit card, Florida, merchant, merchants, Processing, Square
August 16th, 2013 by Admin
Today the PCI Security Standards Council (PCI SSC), an open, global forum for the development of electronic transaction security standards published PCI Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) 3.0 Change Highlights as a preview of the new version of the standards coming in November 2013. The changes will help companies make PCI DSS part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and transaction security as a shared responsibility with merchant account holders.
The seven-page document is part of the Council’s commitment to provide as much information as possible during the development process and eliminate any perceived surprises for organizations in their PCI credit card security planning. Specifically, the summary will help PCI Participating Organizations and the assessment community as they prepare to review and discuss draft versions of the standards at the 2013 Community Meetings in September and October.
Changes to the standards are made based on feedback from the Council’s global constituents per the PCI DSS and PA-DSS development lifecycle and in response to market needs. Key drivers for version 3.0 updates include: lack of education and awareness; weak passwords, authorization, verification and authentication challenges; third party payment security challenges; slow self-detection in response to malware and other threats; inconsistency in assessments.
“Today, most organizations have a good understanding of PCI DSS and its importance in securing credit card data during transactions, but implementation and maintenance remains a struggle – especially in light of increasingly complex business and payment technology environments,” said Bob Russo, PCI SSC general manager. “The challenge for us now is providing the right balance of flexibility, rigor and consistency within the standards to help organizations make payment security business-as-usual. And that’s the focus of the changes we’re making with version 3.0.”
Based on feedback from the industry, in 2010 the Council moved from a two-year to a three-year standards development lifecycle. The additional year provides a longer period to gather feedback and more time for organizations to implement changes before a new version is released. Version 3.0 will introduce more changes than version 2.0, with several new sub-requirements. Proposed updates include:
- Recommendations on making PCI DSS business-as-usual and best practices for maintaining ongoing PCI DSS credit card compliance
- Security policy and operational procedures built into each requirement
- Guidance for all requirements with content from Navigating PCI DSS Guide
- Increased flexibility and education around password strength and complexity
- New requirements for point-of-sale terminal security
- More robust requirements for penetration testing and validating segmentation
- Considerations for credit card data in memory
- Enhanced testing procedures to clarify the level of validation expected for each requirement
- Expanded software development lifecycle security requirements for PA-DSS application vendors, including threat modeling
Note that these updates are still under review by the PCI community. Final changes will be determined after the PCI Community Meetings and incorporated into the final versions of the PCI DSS and PA-DSS published in November.
The change highlights document with tables outlining anticipated updates is available on the PCI SSC website:https://www.pcisecuritystandards.org/security_standards/documents.php
The Council will host a webinar series for the PCI community and the general public to outline the proposed changes. To register, visit: https://www.pcisecuritystandards.org/training/webinars.php
“PCI DSS and PA-DSS 3.0 will provide organizations the framework for assessing the risk involved with technologies and platforms and the flexibility to apply these principles to their unique payment and business environments, such as e-commerce, m-commerce, mobile acceptance or cloud computing,” added Troy Leach, PCI SSC chief technology officer.
PCI DSS and PA-DSS 3.0 will be published on 7 November 2013. The standards become effective 1 January 2014, but to ensure adequate time for the transition, version 2.0 will remain active until 31 December 2014.
For more information and to register for the 2013 Community Meetings, please visit:https://www.pcisecuritystandards.org/communitymeeting/2013/
About the PCI Security Standards Council
The PCI Security Standards Council is an open global forum that is responsible for the development, management, education, and awareness of the PCI Data Security Standard (PCI DSS) and other standards that increase payment data security. Founded in 2006 by the major payment card brands American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., the Council has more than 650 Participating Organizations representing merchants, banks, processors and vendors worldwide. To learn more about playing a part in securing payment card data globally, please visit: pcisecuritystandards.org.
Connect with the PCI Council on LinkedIn: http://www.linkedin.com/company/pci-security-standards-council
Join the conversation on Twitter: http://twitter.com/#!/PCISSC
Posted in Credit Card Security, Digital Wallet Privacy, Mobile Payments, Mobile Point of Sale, Point of Sale Tagged with: credit card, DSS, e-commerce, m-commerce, mobile, PA-DSS, PCI Compliance, Security, transaction
August 16th, 2013 by Admin
Facebook is doing early testing of a payment system to store credit card data and processes transactions through PayPal or other merchant service providers including Stripe or Braintree. Facebook would store credit card data for use in purchases in Facebook Gifts and games played on Facebook. The thought behind the move being that it makes it easier for people to make mobile transactions on third party apps giving strength to their advertising platform.
In a statement, Facebook said…
“We are working on a very small test that gives people the option to use their payment information already stored on Facebook to populate the payment form when they make a purchase in a mobile app. The app then processes and completes the payment. The test is designed to make it easier and faster for people to make a purchase in a mobile app by simply pre-populating your payment information. It will be a very small test with 1-2 partners. Additionally, this test does not involve moving the payment processing away from an app’s current payments provider, such as Paypal. We continue to have a great relationship with our payment processing partners, and this product is simply to test how we can help apps provide a simpler commerce experience.”
This marks a bold move whether or not Facebook is actually conducting the transaction itself. Higher conversion rates on their advertising for app developers and advertisers. Mobile Wallets have a proven success for the likes of Amazon, Apple and Google where repeat transactions are the norm. The move could signal that Facebook is looking to move further into e-commerce and digital transaction payments and to buy or build their own payment processing division. It’s also a signal that digital identity and verification could be on the horizon.
Combined with the data Facebook already knows about its users, the company could store things like clothing sizes, shoe sizes, travel itineraries, music or event preferences and much more. This could be a catalyst to send that data automatically to vendors at the point of sale. Things like email addresses are already shared to third party apps if you allow them to. Loyalty rewards might be offered to users to allow the data to be shared with vendors for deeper demographic information.
In addition to mobile payments, Facebook has experimented with virtual currency transactions with its Facebook Credits initiative. They exited the strategy because mostly because developers moved to other virtual currencies like BitCoin and LiteCoin. Recently Facebook Gifts lets users send one another physical gifts and presents a gift suggestion when it notifies users of a birthday. Pulling down the barrier and simplifying a complicated transaction could make it a boon to retailers looking toward mobile payment processing.
Posted in Digital Wallet Privacy, Electronic Payments, Mobile Payments, Mobile Point of Sale Tagged with: digital, electronic, Faceboo, mobile payment, mobile wallet, PayPal, Stripe
August 13th, 2013 by Admin
MasterCard who has endorsed Google Wallet on the Sprint network will now endorse the ISIS network for mobile wallet solutions. Both Google and Sprint have not joined ISIS and it is interesting to see card issuers invest in both platforms. With Verizon, AT&T and T-Mobile in alliance with ISIS, could Sprint be next? Google? Well count Visa and MasterCard as Isis partners. After securing American Express both Visa and MasterCard will now have their credit cards available in Isis’ Wallet. What will be in your mobile wallet?
Many mobile wallet providers are looking at the various options for electronic transaction processing. Will NFC beat out all the others? It’s hard to say but with Apple having yet to release an iPhone model with the chip on board, it could be a yet unseen technology that wins out. QR Codes and Carrier billing are gaining traction for devices without NFC installed and SmartSD cards are coming equipped with NFC to extend devices that have a card slot available.
With device limitations, mobile wallets are still in flux. There are approximately 5 different types of mobile wallets today. There are digital bank accounts similar to prepaid credit cards offered by banks and mostly used for person to person or P2P payments. Mobile payment apps that link payment accounts like those offered by Starbucks or PayPal. Card containers like Apple Passbook store credit cards and loyalty rewards card information and can even fill in forms requesting that information. Similarly, Credential and Card containers store credit card and loyalty rewards but also store identity credentials.
True mobile wallets directly mimic a physical wallet and allow the customer to chose between various credit cards, debit cards even electronic benefits transfer or EBT cards at the point of sale. These wallets are typically app based for both iPhone and Android smartphones and tablets. These wallets can link account information to a point of sale terminal via NFC or other methods for a secure electronic transaction.
Branding and Banks
In recent times Visa, MasterCard and American Express signs at the point-of-sale was a branding element designed to instill confidence for the consumer. With digital wallets becoming the interface for payments, this branding may fade into the background. Yet payment card issuers find themselves in a precarious position. The big three are participating in multiple digital wallet programs in order to not be excluded. This early in the game there are multiple movers and shakers like Square, PayPal, Lemon, Google and now banks and cellular carriers getting into the game, no one knows who consumers and merchants will eventually prefer over the others. It’s like a wait and see game that forces them to play. As banks enter the arena they are favored to win because of the solid loyalty they enjoy from their customers. Though they may not be fair in other categories, they win the security of their customers.
Posted in Credit card Processing, Digital Wallet Privacy, Electronic Payments, Mobile Payments, Mobile Point of Sale, Near Field Communication, Point of Sale, Smartphone, smartSD Cards, Visa MasterCard American Express Tagged with: American Express, Android, Apple, AT&T, google, Iphone, ISIS, MasterCard, PayPal, Square, Starbucks, T-Mobile, Verizon, Visa MasterCard American Express
August 12th, 2013 by Admin
Small businesses are gaining traction in the mobile payment landscape. Mobile credit card readers attached to a smartphone or tablet now account for billions of dollars in m-commerce sales. “Together, mobile and social are transforming the way SMBs acquire and retain customers, With the heavy use of social media, SMB marketing is quickly becoming a two-way engagement rather than a one-way promotion.” Said Steve Marshall of BIA/Kesley. As more people switch to and upgrade their smartphones, AT&T, Verizon and T-mobile are looking to partner with digital wallet provider Isis. Read more of this article »
Posted in Credit Card Reader Terminal, Credit Card Security, Digital Wallet Privacy, Electronic Payments, Mobile Payments, Near Field Communication, Smartphone Tagged with: American Express, biometrics, electronic payments, iPhones, m-commerce, mobile, PayPal, recognition, Smartphones, Square
August 1st, 2013 by Admin
With mobile payment services clamoring for space in the digital wallet domain movers and shakers are positioning themselves for growth opportunities presented in mobile commerce settings. Google Wallet has been live for a while but now a new player is entering the arena. ISIS is rounding the ninth month of it’s pilot program in Austin Texas, and Salt Lake City Utah using near field communications based mobile payments. AT&T Mobility, T-Mobile. and Verizon Wireless have partnered with ISIS and will be providing the electronic wallet services later this year. Read more of this article »
Posted in Mobile Payments Tagged with: Coca-Cola, contactless, Digital Wallet, Google Wallet, ISIS, mobile, near field communications, nfc
Travel online is an industry that has seen heavy activity as mobile users employ their tablet or smartphones booking their travel destinations. Now travel agency agents are looking to up the ante with more innovative mobile options like ticketless travel. Many last minute patrons are turning to their mobile devices and the agencies m-commerce site to place their bookings and that trend is growing. Therefore it makes sense that the hotel and hospitality industry are looking to whet that appetite. Marriott is looking to fulfill this by making their e-commerce site more m-commerce friendly as well as adding features for travelers that have already booked hotel rooms with them. Read more of this article »
Posted in Mobile Payments Tagged with: Airlines, Hotel Businesses, m-commerce, Mobile Apps, Mobile Check, mobile commerce, Mobile Devices, payment gateways, Smartphones, Travel Online
