The results of Deloitte’s Nordic survey indicate that nearly 50 percent of people lack enthusiasm for mobile payment and feel that it would not benefit them, as contactless payment cards already serve the same purpose for many. However, the second-most common reason for not jumping on the mobile payment wagon is concern for data security.
This concern is groundless for Android and iOS devices, and Apple Pay in particular. Apple Pay clearly states that it does not store card data, not even on the phone’s secure element or Apple’s servers, but only relays it to the banking system. Only the device-specific ID encrypted by the bank is saved on the phone. In mobile payment, the phone sends a single-use token, i.e. a number sequence, via NFC to the payment terminal, and the terminal verifies the token. This means that the actual card details are not used at all during the payment.
“Card details saved in Apple Pay cannot end up in the wrong hands, even if someone would steal the device and be able to crack its physical secure element”, says Qvik’s Head of Design Matias Pietilä. “By using mobile payment, you can also prevent card skimming, or the copying of cards. This problem that has plagued service stations, for example, is solved by mobile refill solutions such as the St1 Way application implemented by Qvik.”
In addition to the security of card details, some users are worried about their shopping information ending up in the database of a major corporation. This is not the case either.
“Apple does not receive purchase information. Even the car details are not sent to Apple’s servers. The payment process is meticulously isolated and no information ends up where it doesn’t belong”, Pietilä says.
Card payment comes second in security
Mobile payments are more secure than card payments. Spying out someone’s PIN and stealing their wallet is not rocket science, contactless payment cards can be used without fingerprint IDs or other security measures, and lost credit cards are easy to misuse. Mobile payment, however, always requires the authentication of the user.
It can also be seen as an indicator of trust that credit card issuers are prepared to pay a small commission to be allowed to use Apple Pay instead of card payments. Using Apple Pay reduces the credit risk, so companies are prepared to pay for it.
Apple Pay is also reliable for in-app purchases. The application knows which Apple account it is connected to and goes directly to the payment verification step when the user makes a purchase. At that point, all the user needs to do is enter the code, give their fingerprint or otherwise authenticate themselves on the device.
Greatest risks related to the carelessness of users – not gaps in data security
The most concrete risk related to mobile payments is probably phishing. If a thief is shopping online and manages to send the payment verification request to another user’s phone, and the user is careless enough to accept the request, the user may end up paying for that individual purchase made by someone else.
“That is why sending payment verification requests is not simple. In Apple Pay, for example, simply knowing someone’s number is not enough to send a verification request – you have to be signed in with a specific Apple ID to do so.”
For those used to card payments, however, mobile payments can first seem strange and complicated, and therefore unreliable. So far, approximately one-fifth of Nordic people have used mobile payments when shopping, but the figure is expected to rise as use of Apple Pay becomes more common.
“Maybe some people will only start to trust mobile payments after they have been around for some time and nothing has happened to anyone. Attitudes will gradually change once people see that it’s working for others.”