Mobile Payments: The New Retail Revolution

There has been much written over the past several years about the new connected consumer. Pressure on retailers may never be greater to deliver on demands to provide better service, more educated sales associates, and merchandise available anytime, anywhere.

The way customers choose to shop is evolving as well. Show-rooming is transitioning to web-rooming, but the one constant that will continue to grow is the use of mobile payment devices to keep the consumer connected wherever they happen to be.

A part of the new retail revolution includes how and where people pay for their merchandise. According to EKN Research, seven in ten millennials indicated that mobile payments were an influencing factor for their in-store purchases.

- Sponsors -

Mobile, Mobile Everywhere, but What Does It All Mean?

Mobile payment, mobile commerce, and mobile POS are three commonly used terms today. For the purposes of this article, we will define the various mobile methods based on descriptions provided by

Mobile Payment. In their most simplistic definition, mobile payment is the payment for an item or service from or via a mobile device. While many today associate mobile payments primarily with “contactless” payments like near-field communication (NFC) or bar and QR codes, SMS, mobile web payments, and direct mobile billing are also included in its broader definition.

Mobile Payment Acceptance. Unlike the broader term of mobile payment, mobile payment acceptance signifies the ability to accept payments on a mobile device, whether it is a smartphone or tablet. The typical set-up includes a free or low-cost attachment that allows for the swiping of traditional credit and debit cards. The device is connected, through the smartphone or tablet, to a credit- and debit-card processing application.

Mobile Commerce. While some interchange the terms mobile payment and mobile commerce, the latter has its own, distinctive definition. Mobile commerce encompasses mobile payment, but also includes a variety of mobile-based activities including content purchase and delivery, money transfer, auctions, browsing, marketing and advertising, and location based-services.

Mobile POS. Mobile point-of-sale (POS) is predicted to be the future standard, even among tier-one retailers. Many leaders are investing in mobile POS—hand-held checkout devices that serve as a payment extension to the company’s larger POS system. While these new mobile POS devices have some of the same characteristics as mobile payment acceptance devices, they are much more robust in terms of features and reliability. These new devices will include the ability to accept mobile gift, NFC, QR/bar code, and include integrated loyalty and reward.

Tablet POS. In today’s marketplace more and more point-of-sale developers are focused on iPad and tablet development versus traditional systems. These new platforms afford developers with more options, more capabilities, and a lower-cost alternative while retailers receive parallel benefits in terms of features and functionality, portability, and reduced cost. In fact, tablet-based POS systems open up a new opportunity for smaller retailers that, due to high cost, were not able to leverage POS in the past for their business.

As mobile payments continue to gain favor with consumers, the market is almost guaranteed to get more crowded with service provider options. Apple Pay, along with future Apple Watch applications, announced last year is purportedly the fastest-growing app for mobile payments. Samsung’s recent acquisition of LoopPay is another reach into the mobile market through Android phones. And as recently reported by The Wall Street Journal, Google has shown renewed interest in Softcard, formerly called ISIS, the mobile payments company that was formed out of a consortium of AT&T, Verizon, and T-Mobile. There is also ConnectC, PayPal, and the Starbucks’ approach with QR codes to name just a few additional options or potential options.

With the growing number of mobile payment applications available to the consumer, associated challenges will also grow for retailers to accommodate the various forms of payments while remaining transparent to the customer experience. There is a real possibility that a consumer might tap their device on a terminal in one store, use a QR code in another, and complete a transaction via a mobile application in another. There will be plenty of room for confusion from both the consumer and front-line employees at retail locations.

And the Research Says…

According to recently released research from J. Gold Associates titled Mobile E-Commerce: Friend or Foe – Cyber Security Survey, over the next two to three years interactions attributed to mobile devices and mobile applications are expected to surpass standard browser transactions. As a result, companies not properly securing mobile transactions face significant risk of fraud incidents overwhelming their businesses. The research was sponsored by RSA and TeleSign and included companies from a number of different industries with retail being the largest segment surveyed.

RSA specializes in providing solutions that give its customers improved visibility into their digital environments and the ability to detect, investigate, and respond to advanced threats; confirm and manage identities; and ultimately, help prevent IP theft, fraud, and cyber crime. RSA’s partner, TeleSign, provides mobile optimization authentication.

• The online survey covered 250 organizations with average revenues of $2.54 billion. Of those surveyed,
35 percent indicated that they lost as much as 5 percent of revenues due to fraudulent activity over the past twelve months,
• 14 percent attributed 10 percent of revenues lost
• 15 percent reported as much as 25 percent of revenues lost.

On average across all organizations, 3 percent of lost revenue was attributed to their mobile channel, which equated to roughly $92 million in annual revenue drain.

The participants in the survey also indicated that mobile payment transactions were expected to grow on average 47 percent over the next five years. Assuming that the percentage of loss attributed to the mobile channel remains the same, the overall losses could have the potential to grow by the same 47 percent over that time period.

Seemingly at odds with the significant losses these companies are experiencing from the mobile channel, nearly two-thirds of the respondents felt that they could easily detect this form of fraud and remediate it.

“Many organizations have a false sense of security based on what they have done in the past as it relates to typical fraud prevention,” said Angel Grant, senior manager at RSA. “All too often they are focused on the user experience first and look at security as a secondary priority. We commissioned this report to help educate the market on the inherent risks that are emerging as this channel grows and to help our customers understand how they can build more secure online and mobile environments.”

The survey also found that future measures currently being considered to improve the security of online and mobile payment transactions include advanced analytical tools, with more than 73 percent of participants indicating that they would be adopting the technology for mobile-optimized authentication techniques. This can be attributed to the maturity of the tools and the ability to deploy them more easily, including cloud-based services as well as reduced costs of employing them.

While the initial focus of the research was on online transaction through mobile applications and websites, there are correlations that could be made to mobile payment and mobile POS risks.

One More Consideration…

In October of 2015, the United States will begin the transition to EMV or chip-and-PIN or chip-and-signature technologies. EMV stands for Europay, MasterCard, and Visa and has been a standard form of payments outside the US for several years. This shift is being driven by the fact that the US has emerged as the global capital for credit- and debit-card fraud, with a predicted $10 billion losses in 2015 alone. Chip-and-PIN technology reportedly provides more secure transactions particularly as it relates to card-present, in-store sales. The jury is still out on what its benefits will be as it relates to online transactions. When the technology was introduced in Europe, there were cases where online fraud rose as much as 150 percent.

The biggest change to retailers with the transition to chip-and-PIN card technology will be the assignment of liability from any fraudulent transactions taking place in stores. For retailers that do not upgrade their POS infrastructure to accommodate this new payment form, the liability would shift to the retailer from the card issuer as it has been in the past.

Most loss prevention executives have focused on theft as the biggest contributor to lost profits to their organizations as it can be measured in hard dollars. With the shift in liability, fraud will go from a balance sheet line item to a real drain on retailers’ operations.

“Many retailers have not yet figured out how to handle this new way of thinking about fraud and its impact on their stores once the changes to credit and debit cards take effect, especially for those who cannot afford to immediately comply,” said Joseph LaRocca, vice president and senior advisor on loss prevention for RetaiLPartners and formerly with the National Retail Federation. “The way we handle fraud incidents will change dramatically, not only from a liability standpoint, but also from the way those incidents will be processed through the legal system. Today card issuers can upload their cases in bulk, a process that is not yet in play for the retail community.”

The Good News

Because widespread adoption of these new forms of payments is still in the early stages, there is the opportunity to plan accordingly.

Walgreens. The nation’s largest drug retailing chain with over 8,000 locations, Walgreens has been accepting various types of mobile payment for several years. Walgreens’ acceptance of NFC payments across the chain enabled its first adoption of Google Wallet and the expansion of Apple Pay. Since rolling out the new payment form, Walgreens has seen little to no impact on fraud levels.

The retailer credits it proactive approach to adopting new technology to a successful implementation. For mobile payments that included a comprehensive communication strategy and partnering with key stakeholders within the organization as well as third-party providers, including its credit- and debit-card processor. Setting clear expectations and finding alignment and agreement at the start also helps the transition process to proceed more smoothly.

Walgreens’ asset protection solutions team actively participates in weekly meetings with its IT partners so that any changes being considered or made to the POS systems take into consideration the need for proactive protection against fraud. These proactive measures are then designed into the back-end processes and are systematically included. It also proactively educates its front-end cashiers on how to handle mobile payment. The same basic principles apply to mobile payments as to traditional credit- and debit-card transactions—the card must be present or the mobile phone must be present.

One of the challenges Walgreens faced in rolling out mobile payments was the misperception on the part of the field organization that fraud would be more prevalent. The company put together a comprehensive communication strategy to educate the field to help them overcome this misperception.

“The biggest challenge we faced was the misperception that the risk of fraud would be greater with mobile payments than with the traditional credit- and debit-card swipe,” said Bill Inzeo, who is director, insights and intelligence, asset protection solutions for Walgreens. “We went to great lengths to educate our field organization that, if accepted according to policy, the risk factor does not go up with mobile payments.”

When asked about the coming changes as it relates to EMV chip technology, Inzeo feels that the benefits far outweigh the challenges.

Walgreens upgraded its POS systems a couple of years ago with an eye to future requirements. It made sure that all of its hardware was capable of accepting the new cards. They are now working with their programmers to develop code that will make accepting the new smart cards seamless to the customer and the associate.

“When it comes to adopting new technology like mobile payments or chip-and-PIN cards, you need to approach it from a business and financial perspective without the emotional ties to fraud and loss,” said Inzeo. “We bring an objective point of view, evaluate the risk, and provide recommendations that protect our customers and the company, while delivering the shopping experience our customers and patients deserve and expect.”

eBay. Online retail giant eBay has perhaps the most experience with mobile payments through its PayPal application. PayPal processed $46 billion in mobile payment volume in 2014, up 68 percent over 2013.

“Surprisingly, we have seen very little in the form of fraud attributed to mobile payments,” stated Paul Jones, senior director of global asset protection for eBay and PayPal. “We attribute much of that to a well-thought out and well-executed plan.”

When asked what retailers should consider when entering the realm of mobile payments in their stores, Jones emphasized the need for structured agreements. Like his counterparts at Walgreens, he stresses the need for expectations to be set up front along with alignment and agreement on implementation. eBay offers its retail partners protection against fraud by assuming the risk and liability should a fraudulent transaction occur with its service. He urges others to address this point with their mobile payment service provider, whomever they may be.

Along with designing the interface for maximum ease-of-use for the consumer, retailers need to put network security at the forefront of the process. Echoing Walgreens advice, loss prevention teams need to be involved from the beginning of any new project that has the potential to disrupt business through loss or fraud.

“You need to be present from the start to be effective in the end,” stated Jones.

Heinen’s Grocery Stores. Regional supermarket chain Heinen’s, based out of Cleveland, Ohio, currently accepts mobile payments in the form of Apple Pay and Google Wallet at its twenty-two retail locations. The company is also in the planning and implementation stages of converting its payment terminals to accommodate the new EMV CHIP technology.

According to John Guenther, director of risk management and information security for the merchant, the security challenges that exists between near-field communications (NCF) technologies like those found in mobile payment devices and EMV chip-and-PIN technologies are quite different.

“NFC devices concentrate on masking the consumer credit- and debit-card information from the retailer point-of-sale terminals through tokenization, while chip-and-PIN focuses on a more secure payment transaction by requiring a higher level of authenticating when using the card,” explained Guenther. “Both forms of payment still have the potential to be breached—mobile payments through loading fraudulent cards into the device and chip-and-PIN for online transactions.”

Not unlike other retailers who have transitioned to the new payment technologies, Guenther’s advice is to develop a comprehensive plan and to be able to clearly articulate the goals and objectives behind making the proposed changes to the company’s payment systems.

He recommends formalizing the project with a dedicated team, appointing a project manager to oversee all aspects of the conversion, engaging key stakeholders and third-party vendors, and asking the right questions from the start, such as:

• What middleware applications will be affected?
• What reporting functions will change and how?
• Will this be a standalone, integrated, or semi-integrated process?

These are just a few of the questions that will need to asked, answered, and understood for successful implementation.

“In the end, this journey into alterative payment forms is consumer driven and really not an option for most merchants if they want to continue to achieve a high level of customer service and satisfaction,” said Guenther. “But along the way, it helped us create a heightened sense of awareness for PCI compliance and payment best practices for our organization.”

Prepare for the Future

While the type of mobile payments that consumers will ultimately adopt and the number of options available to them will continue to grow, one thing is certain—mobile payments are here to stay and will only become more prevalent in the years to come. In order to remain competitive, retailers will need to find ways to accommodate mobile payments and provide a seamless shopping environment for their customers while accepting a whole host of mobile payments from a variety of devices.

“Retailers will need to follow the emerging mobile market closely so that they can deliver on consumer demands,” concluded LaRocca. “At the end of the day, if a customer cannot conduct business in the manner that suits their individual needs, they will take their dollars elsewhere.”

Preventing mobile payment fraud will take on a bigger role in the lives of many loss prevention executives with the upcoming shift in liability. But the good news in all of this is the fact that with proper planning, open dialogue with all key stakeholders, advancements in technology, and a comprehensive communication strategy, retailers are in a good position to meet the challenges head-on.

Those who have already ventured into the world of mobile payments have so far seen little to no disruption to their businesses and feel that the goodwill generated among their customer base is well worth the time and efforts invested.

“Technology in the retail environment is always changing,” said Inzeo. “By being proactive, you can adjust to anything. If you are involved from the beginning of the process, you can find success.”

Preventing mobile payment fraud will take on a bigger role in the lives of many loss prevention executives with the upcoming shift in liability. But the good news in all of this is the fact that with proper planning, open dialogue with all key stakeholders, advancements in technology, and a comprehensive communication strategy, retailers are in a good position to meet the challenges head-on.

Stay Updated

Get critical information for loss prevention professionals, security and retail management delivered right to your inbox.