Bank crossroads ahead: build or buy mobile payment applications

November 23, 2015 - 

This is a guest post by Rajesh Sharma, VP Mobile Banking & Payment Apps at INSIDE Secure.

Commerce has evolved over the 10,000 plus year history of society. The Internet age introduced online banking 20 years ago and now 80 percent of bank consumers in the developed world are using it. In addition, in the span of just the past four years or so, mobile banking has grown to 52 percent of smartphone owners. And now, mobile payment applications (apps) have taken the market by storm and are the hottest area in commerce today.

Today most bank and major card issuers are at a crossroads and asking themselves a question, whether to launch a standalone payment app or add mobile HCE (Host Card Emulation) payment capabilities to an existing bank-branded app. Although this integration may not necessarily bring an instant success for mobile payments, it does offer some indication as to how mobile payments are evolving. In the midst of all this mobile banking hoopla, some of the banks are contemplating whether they have to participate in third-party wallets such as ApplePay, AndroidPay, SamsungPay, CurrentC etc.

Key Factors for Decision Making

In this article, we are considering some of the key factors that bank and card issuers need to think about before making a decision to participate in third-party wallets or to build their own standalone HCE payment app or possibly have their own wallet app. Key factors that must be considered are security, trust, privacy, innovation and consumer relationship.

Mobile banking serves three major functions i.e., Informational, Transactional, and Marketing. Informational functions are balance and transaction history and ATM & branch locators. Transactional functions include bill pay, peer-to-peer payments, amount transfers and remote deposits. Marketing functions include consumer retention & acquisitions tools such as new product introductions, consumer service, help information, and alerts.

Similarly, mobile payment serves two major functions – i.e., online or in-app payments and in-store payments. Online or in-app payments correspond to digital purchases on mobile devices, which in most cases is part of payment options embedded inside the retailer apps. And in-store payments covers payments made in physical store through Near Field Communication (NFC) built into the phone, using HCE (Host Card Emulation) or a similar technology used by AndroidPay, ApplePay and others. We will be focusing on the in-store and in-app features of the mobile payment apps, where credentials are stored on the mobile device itself and need to be secured.

Given the very personal nature of mobile devices and the “always on” aspect of consumer use, makes mobile particularly appealing to offer a new and broader range of services. Thus, expectations to enrich the experience of both mobile banking and mobile payments are higher than ever, as more smartphones are making their way into more hands.

Security Issues

Interestingly, one of the recent Consumers and Mobile Financial Services 2015 (pdf) survey results published by the Federal Reserve, reported that the majority of the non-users of mobile banking or mobile payments apps (62 percent and 59 percent respectively) do not use these apps, as they are mainly concerned about the security of the mobile technology.

On top of this, the analysis of top mobile banking apps for iOS and Android devices from around the world has revealed that most apps have been vulnerable to various attacks and subsequently exposed sensitive information. Researchers found that all the tested applications could be installed and run on compromised devices. This poses a greater security risk in itself, as these hacks circumvent device-provided protections and allow malicious apps to access sensitive information in other apps that would normally be protected on non-compromised devices.

Based on the various market reports, we have every reason to believe that hackers are increasingly redirecting resources to attack mobile banking. We are about to see significant increases in the number and sophistication of attacks on mobile devices. Protecting mobile devices and transactions will be imperative for banks. This is just not only security issue, but it also links directly to their brand equity as well.

Thus banks themselves need to ensure that their banking & payment app is secure enough, irrespective of mobile OS type or version, to protect the sensitive data of their consumers as well as to protect their own brand reputation too. And this can be possible only when banks manage the security of their own app containing banking and payment credentials, rather than relying on third party wallet provider to protect their consumer data.

In short, if a better and more secure option exists, then why trust the third-party wallet providers, who can’t protect their own data?

Easy Breaches

As you may be aware, during its beta release earlier this year, CurrentC was breached. Just imagine, if a wallet loses credit card information, consumers will panic and this destroys both wallet and a card providers brand. Last but not least, when some banks have already decided to embed the security technology to protect their mobile payment app, the same technology can be used to protect the mobile banking app as well, if integrated. This proposition makes even a stronger case for banks and card issuers to having their own secure, integrated mobile banking and payment app.

While discussing the third party wallet provider, it is important to note that they all want a cut of the transaction. Obviously, they are here to make a profit and is quite apparent when looking at some recent acquisitions in 2015. Looppay, touted to be most accepted mobile wallet, acquired by Samsung. Paydiant, a white label platform for mobile payments, loyalty, offers and more, acquired by PayPal. Finally, SoftCard (formerly ISIS), an NFC wallet offered by MNOs, acquired by Google.

Privacy Concerns

Privacy is another key concern, because third party wallet providers ask for transaction data for each consumer to calculate their cut. Banks unwillingly are forced to share the transaction data of their consumers, which can be used for other purposes by third party wallet providers. This is one more reason third party wallet provider can play “frenemies” with the bank and card issuers, today, to take over when the time is ripe. Right now, most third party wallet providers are new in the payment market and need banks to extend their reach.

This brings the discussion to another interesting factor: the consumer relationship. If a bank owns the wallet, it increases their chances to expand and offer services such as mobile coupons/incentives, barcodes, and new product information that allows consumer research and cross selling & acquisition directly, which is not the case when they subscribe to third party wallets. Direct consumer relationship also allows banks to innovate around their own product & service offerings that directly impact their own consumers. However, if banks and card issuers choose to go to market via third party wallets, they will be restricted to innovate and communicate, not own the relationship, in comparison.

Consumerization of IT Issues

Another important consideration is user experience because most mobile OS providers except iOS, have announced support for HCE functionality, so they need to know how to offer a secure, consistent and uniform user experience on different types of OS and versions. As we know, consumerization of enterprise IT represents the growing trend of employees bringing their personally owned mobile device into the work environment – bring your own device – (BYOD) which causes stress to the IT organizations by employees demanding access to the Enterprise environment through their devices.

To have consistent user experience along with the security layer, irrespective of Android, Blackberry or Windows mobile OS and versions, banks will benefit by having their own wallet app to serve their consumers more effectively. BYOD is particularly relevant for the internal apps for bank employees as well as significant enough for its customers, as many of them own multiple mobile devices, and often are loaded with different mobile OS and versions.

Conclusion

In today’s world, a digital wallet is a natural extension of the trusted relationship between a consumer and its bank. Besides payments, the integrated wallet app can offer more valuable features that help consumers to monitor their financial position by accessing their balance and transaction history as well as manage their spending, including real-time notifications for all transactions and instant rewards redemption options. The integrated wallet app also allows bank to offer a clear differentiating factor, to leapfrog its competition.

The integrated wallet app may allow users to collect, collate and access various rewards and coupons on debit and credit cards offered by its bank. Such a solution would offer choices to people and making their consumers’ lives easier. In comparison, third party wallets has sole access to the consumer and charges banks a transaction fee for facilitating purchases using its technology. So as banks reach this major crossroad, it seems the obvious, wise and now realistic solution in terms of security is for banks to build their own payment application.

DISCLAIMER: BiometricUpdate.com Brand Focus articles are submitted content. The views expressed in this article are that of the author, and don’t necessarily reflect the views of BiometricUpdate.com.

Leave a Comment

comments

About Rajesh Sharma

Rajesh Sharma, based in San Jose, California, serves as VP Mobile Banking & Payment Apps, INSIDE Secure. Rajesh joined INSIDE in 2007, to manage Technical & Professional Services group in US. He also led product marketing activities of Mobile Security Division, managing NFC, SE & HCE products. During this time, he has played instrumental role in making INSIDE the leading provider for payment contactless chips (more than 250 million units) in the US market. INSIDE Secure is the brand financial institutions worldwide have come to trust to solve their biggest banking card and mobile security challenges. They have the broadest security offering for payment technologies from smartcard to virtual payment card for mobile devices, leveraging over 20 years of experience to meet the evolving security and certification needs of the traditional and emerging payment markets. Just today they are announcing 3 of the largest companies in their space that have selected INSIDE Secure to help secure over 200 mobile applications for their employees and mobile customers, which number in the tens of millions.