It’s been a busy week on the mobile pay front.
The good news? Most of it has been positive. The bad? There was a breach for one of the newest mobile pay players in the market.
This week, we take a look into the latest and greatest news that came out of the mobile pay ecosystem — including news about Samsung Pay, Apple Pay, Visa Checkout, MasterCard, PayPal, Starbucks and Dunkin’ Donuts. And we’ve gathered up the top mobile payment news of the week for you to keep your mobile pay appetite satisfied.
First, let’s start with the bad news.
Samsung Pay launched less than two weeks ago, but a new report from The New York Times shows that LoopPay — the small mobile commerce platform that was acquired by Samsung in February 2015 — was hacked even before the Samsung Pay launch.
The report indicates that LoopPay, which uses its Magnetic Secure Transmission (MST) patented technology to turn existing mag stripe readers into mobile contactless receivers, was involved in a targeted attack from hackers in China suspected to be linked to a government-affiliated attack.
The latest details show that the attack could date back as early as March and was brought upon by hackers commonly known by hacking trackers as the Codoso Group or Sunshock Group. The reports indicate LoopPay’s computer network was breached, which was thought to have been attempt to go after LoopPay’s technology secrets, specifically MST — the key component behind making Samsung Pay work for more merchants.
Samsung has released a statement following the breach.
“Samsung Pay was not impacted and at no point was any personal payment information at risk. This was an isolated incident that targeted the LoopPay corporate network, which is a physically separate network from Samsung Pay. The LoopPay corporate network issue was resolved immediately and had nothing to do with Samsung Pay. Samsung is extremely committed to securing and protecting user data to the highest industry standards,” Darlene Cedres, Samsung’s chief privacy officer, said in a statement.
The suspicion is that the hackers breached LoopPay’s corporate network but likely not the systems that manage payments, Will Graylin, LoopPay’s chief executive and co-general manager of Samsung Pay, told NYT. He noted that the company has security experts investigating the incident but relayed that there was no evidence the hackers were able to breach Samsung’s consumer data.
The breach, which was only recently identified in August, came to light when a hacking tracker organization found LoopPay’s data. LoopPay and Samsung expressed confidence that the infected machines have been removed and that consumer payment data and devices were safe.
But on the good side…
Playing what might be termed a game of carrier catch-up, it looks like Verizon is coming around to supporting Samsung Pay.
Verizon announced this week that it will support the payments platform through an “upcoming software update.” That announcement comes several days after the Sept. 28 launch of the service. At the time, the carrier had said it was “evaluating” Samsung Pay, a hesitation that did not mark peers such as AT&T, U.S. Cellular and Sprint — all of whom evaluated and approved the mobile payments system as far back as August.
During its unveiling late last month, Samsung Pay got major support across payments companies such as Visa, MasterCard, Discover and American Express. The issuers crowding to support Samsung Pay included Chase and Bank of America.
Samsung is also working hard to promote its mobile payments service through its seven-city tour that will promote Samsung Pay. Samsung will take the opportunity at each location to work with local retailers to promote using Samsung Pay on particular items. It will also offer discounts for those items to encourage consumers to use Samsung Pay.
While Austin kicked off the tour last weekend, the rest of the tour includes Dallas (Oct. 9–11); Atlanta (Oct. 16–18); New York (Oct. 23–25); Chicago (Oct. 30–Nov. 1); San Francisco (Nov. 6–8) and Los Angeles (Nov. 13–15).
MasterCard has rolled out a “Pay By Selfie” feature that will make it possible for merchants to verify the identity of a shopper by looking at a photo of their face. That rollout will continue throughout the United States in 2016 and go global in 2017.
To make the new service work, a photo is taken every time a customer makes a MasterCard purchase via a phone app. The pic is then used to authenticate the user’s identity — on top of the password — through cross-comparison with a photo the user has already supplied to MasterCard.
According to Ajay Bhalla, president of MasterCard’s enterprise solutions division, though EMV chips led to fraud at in-person points of sale being reduced by 80 percent, the smart money is on criminals evolving. “Fraudsters migrate to the digital world,” as he put it.
Selfie Pay is a larger part of MasterCard Identity Check. That service uses a variety of methods, from the complex (like this program) to the simple (like single-use passcodes sent to customers by SMS text message).
Visa has secured a deal with delivery.com to offer Visa Checkout on its website and mobile apps. This will enable its customers to use the service to checkout without the hassle of re-entering shipping and payment information.
“With more and more traffic coming from mobile devices, it’s clear that our users are always on the go,” said Jed Kleckner, CEO of delivery.com. “Visa Checkout offers a great way to minimize the time spent entering payment information and the risk of potential credit card errors so that people can easily order and get on with their daily lives.”
In other mobile payment news this week, Visa and Chevron announced that they are kicking off a new mobile payments program that will allow drivers to pay for their purchases at more than 20 Chevron stations around California with nothing other than an NFC-enabled device. By the companies’ estimates, 80 percent of Chevron customers already use credit or debit cards, which had Jim McCarthy, executive vice president of innovation and strategic partnerships at Visa, bullish on this partnership’s future.
“Mobile payments are moving into the mainstream in the U.S. because, more and more, consumers see the value of using their personal devices to purchase everyday items like groceries and gas,” McCarthy said in the press release. “Chevron has always focused on giving their customers great experiences by offering convenient ways to pay and being committed to protecting against fraud. For this reason, they are who we want to help us broaden both the reach and consumer understanding of the many mobile payment options in the market today.”
MasterCard also just announced a partnership with P97 Networks that will bring mobile payments to the gas pump.
PYMNTS caught up with Donald Frieden, president and CEO at P97 Networks, and Kurt Weiss, senior vice president/group head of mobile transaction services and emerging payments at MasterCard, who shared their expectations for consumer adoption, as well as their plans to help drive it. In discussing MasterCard’s motivation behind the partnership, Weiss keyed in on global potential as a driving factor.
While consumers may not be thinking about mobile payments at the gas station, Frieden points out that the adoption of new technology “typically occurs at the nexus of convenience and repetition.” Citing that most consumers purchase fuel at least once a week, Frieden attests that “a better mobile experience” will make paying for fuel with their smartphones habit-forming for consumers.
The MasterCard solution relies not on NFC but multifactor authentication and geolocation services to match the consumer to the point of purchase. Weiss and Frieden are in agreement that employing those technologies in the solution enables “a very large marketplace with very secure mobile payment transactions.”
Now, lets move back toward NFC and mobile payments — and the latest device to enable them for SMBs.
Staying ahead of the payments curve isn’t easy in the fast-paced payments market, but PayPal’s latest product helps keep its merchants updated. It officially went on the market late last week.
The reader, which is compatible with iOS and Android devices, accepts chip cards (both EMV chip-and-PIN and EMV chip-and-signature), magnetic stripe and NFC transactions, including Apple Pay, Android Pay and Samsung Pay, along with other NFC-enabled devices and cards.
“Some of the new solutions out there can run on much less expensive hardware and tablet devices. These cloud-based software solutions can be far less expenses, including in some cases free. So merchants have tremendous opportunities to lower their expense. But with these new solutions come advanced capabilities: things like advanced CRM solutions, customer engagement tools and the ability to accept new forms of payments — like mobile payments,” said Brad Brodigan, vice president and general manager of retail for PayPal.
And then, we move onto another big move for mobile payments. This time, to Canada.
Starbucks’ Mobile Order & Pay pilot program was so successful in the Northwest that it was quickly rolled out to the rest of the country. Now, Starbucks is taking its digital experience north.
Starbucks Canada announced this week that about 300 company-owned coffee shops around the Greater Toronto Area would start offering Mobile Order & Pay services on Oct. 13. Jessica Mills, director of brand communications at Starbucks Canada, explained in the press release that Toronto is a unique environment to test mobile order and pay in the Great White North.
Its most recent reported quarterly earnings show that Starbucks’ mobile transactions now account for 20 percent of all in-store sales — more than 9 million mobile transactions a week. In Q3, My Starbucks Rewards membership hit 10.4 million active members, which was a 10 percent increase from the same quarter a year prior.
And, of course, Dunkin’ has its own share of the mobile payments cup.
As most mobile commerce reports have shown, getting consumers to buy in to mobile is all about them actually remembering that that mobile option exists. Even in the case of Apple Pay, consumers who do use it say they love it, but then they forget it’s an option so they end up not using it.
The case for the mobile app can best be told by two retailers that have managed to build brand loyalty via mobile apps that have shown real mobile momentum in the past two years: Starbucks and Dunkin’ Donuts. Those two were highlighted in a new report from comScore about mobile app usage.
In the case of these two special use cases, there’s one common thread: loyal customers who have daily coffee addictions.
Starbucks has seen a 100 percent increase in unique visitors in a two-year period. And on the Dunkin’ Donuts side, it’s seen an astonishing 456 percent increase in the same two-year time period. While it appears Dunkin’ is doing drastically better, it’s worth noting that Starbucks’ app has been around longer and has had more time to establish customers. Following Starbucks’ massive mobile momentum the past couple years, Dunkin’ followed by introducing its own mobile ordering service.
But on the bad side…
Apple has remained relatively quiet on how well Apple Pay is doing, both transaction-speaking and user-wise. A new article provides the latest projections of just how well Apple Pay is doing and how it’s expected to trend over the next 3–5 years.
Citing research from a variety of sources — including PYMNTS and InfoScout’s report about Apple Pay adoption — the conclusion of the Bloomberg article seems to be that Apple Pay is going to be a slow burn over the next few years. Research from Aite suggests that Apple Pay is used for just 1 percent of retail transactions.
“People don’t know why it is they’d use Apple Pay,” said Jared Schrieber, CEO of InfoScout. “They are satisfied with the current methods, and they don’t know how Apple Pay works.”