As mobile wallet technology continues to evolve, security remains a key concern among retailers and consumers alike. Retailers who have been making the transition to EMV need assurances that the technology does not open them up to liability, while consumers want to be sure their mobile transactions are safe. Samsung Pay, a new mobile payment technology using tokenization technology, addresses these concerns with industry-leading security, keeping sensitive payment information encrypted and safe.
According to a 2015 study from Juniper Research, the contactless mobile wallet marketplace is growing rapidly and should reach 200 million advocates by the end of 2016. This represents an increase of more than 100 percent since the end of 2014. For retailers, not all mobile-payment technology is created equal, however. Before you start accepting mobile payments, brush up on the different payment technology standards, and how they keep your information safe.
Understanding the Mobile Payment Landscape
With the increased number of cyber-attacks targeting retailers, Eurocard, Mastercard, Visa (EMV) technology became one of the most anticipated payment security remediations that promises better data security and insulation from liability costs incurred from data breaches. Known as the EMV Liability Shift Mandate, retailers were required to be compliant with EMV guidelines by October 1, 2015. These included remediations that enable brands to accept EMV cards containing microchips that create a unique code for each transaction — a practice that protects consumers’ payment card information. Noncompliant retailers are liable for any fraud that occurred on their systems.
The transition has not been an easy one. Just a month prior to the EMV deadline, 59 percent of consumers reported that they had not yet received a new chip-enabled card, and 67 percent explained they hadn’t received information from their credit card issuer or bank explaining what EMV meant and how it would impact them, according to a 2015 survey from ACI Worldwide.
While the industry and credit card issuers continue to educate consumers about the value of chip-based cards, retailers must keep their eye on the larger prize when it comes to championing secure mobile payments. Most current mobile payment services utilize near-field communication (NFC) technology, which wirelessly transmits data via radio waves to an NFC-equipped payment terminal. To authorize payment, typically a password or biometric authentication — such as a fingerprint — is required. While effective, NFC technology currently lacks interoperability with most payment terminals, meaning costly upgrades for retailers and limited availability for consumers.
Another form of payment is magnetic secure transmission (MST), which wirelessly transmits data using magnetic fields. MST uses this electronic conduit to transmit payment data from the user’s mobile device directly to the magnetic stripe reader on traditional point-of-sale (POS) terminals. A vast majority of POS terminals are compatible with MST today.
Samsung Pay Security Stands Out
Introduced in 2015, Samsung Pay enables consumers to pay electronically at thousands of retailers using all terminal types — magnetic stripe, NFC and EMV. What makes Samsung Pay stand out from its competitors is that electronic payments can be transacted at retailers using newer payment terminals with NFC or EMV technology, as well as those with older magnetic stripe readers by using MST technology.
For security, Samsung Pay system architecture features several innovative security design components working together to protect transaction information from being compromised by malware, hackers or a data breach. First, payment tokenization technology masks card numbers for added security, ensuring that actual card information is not made available to merchants as part of the transaction. Users’ credit and debit card numbers are never stored on their mobile device. Only tokens are stored on the device. Each time a token is used, it generates a cryptogram, which is an authentication code computed over transaction details. Second, Samsung’s newest Galaxy smartphones incorporate the Knox security platform, keeping user data locked and secure. Samsung’s secure hardware-based TrustZone environment provides data protection through an additional layer of security.
Finally, Samsung Pay also offers several enhanced user interface features that enable users to take additional security steps through the phone’s touch screens. Either a user’s fingerprint or four-digit PIN is required to authorize a payment. And, if a phone is ever lost, the Find My Mobile function allows users to remotely lock Samsung Pay or wipe all card data for even more protection.
Rather than choosing between these options, Samsung Pay‘s mobile payment security proposition incorporates all of these processes, ensuring that both retailers’ and consumers’ security concerns are addressed.
As mobile payment options continue to evolve, retailers need to stay one step ahead of competitors. And in a world riddled with cyber- and identity-theft threats, mobile payment providers need to step up their mobile payment security measures if they want to remain viable competitors. Samsung Pay’s security platform is doing just that.
