New technologies may make m-commerce more secure than e-commerce, experts say.
Fraud is a problem for all retailers, but unlike in e-commerce, new mobile commerce payment technologies—including mobile wallets, text notifications and image-based credit card verifications—are offering retailers and consumers more ways to ensure their m-commerce activity is secure, experts say.
For example, each time a consumer makes purchases using a mobile wallet, the wallet creates a single-use credential, which is a one-time number representative of the customer’s information, to complete the transaction, says Steve Mott, a payments systems consultant at investment and technology consulting company Better Buy Design. This way, even if an outside party intercepts the transaction and records the number, that number will not be usable, he says.
There may be even more ways that m-commerce transactions will become secure in the future, he says. For instance, some payments industry players are examining the prospect of authenticating transactions based on digital IDs, or pre-authenticated identities backed by banks. Consumers may one day in the near future need only to log in to any web-enabled device and their identity will be verified and preapproved for any transaction, he says.
Payment networks, including Visa, are already testing ways to enroll and secure customer accounts and tie the information to both the web and consumers’ personal devices using encrypted chips, he says. If the trend continues, that means eventually the liability for transactions will shift from retailers to the banks, which are backing the validity of accounts before purchases even start.
Mobile users in the future will be able to keep further tabs on their account information by setting up automatic alerts to their smartphones, Mott says. If anyone tries to use their credentials by logging in to other devices with their digital IDs, they can opt to receive a text message asking them to either approve or report the activity.
Vendors are also testing new ways to verify credit cards from mobile devices. For example, Jumio Inc. has developed a technology that uses a smartphone or computer camera to scan a credit card and verify it in the span of four to five seconds, the company says. The verification process takes into account much more than the number—it looks at the light reflecting on the card, the height of the embossments, colors, shadows and holograms, says Marc Barach, Jumio’s chief marketing officer. Jumio does not store any card data or images, he says. The data is extracted, validated and encrypted before being sent to the retailer.
“Credit card fraud works with massive amounts of purloined credit card numbers,” Barach says. “[Criminals] utilize those numbers to push transactions through, but in this case you can’t do that.” That’s because a fake card would need to replicate all the details of the card, not just the numbers, and get everything near perfect, he says.
However, merchants and consumers are still in the early stage of adopting any new mobile commerce technologies, Barach says, and for now, there are no clear leaders in the mobile payments field. Mott of Better Buy Design estimates that emerging mobile payments systems won’t become the norm for another three or five years, he says.