The risks and rewards of digitizing your wallet

At what cost do you value convenience? As the hype around Near Field Communications (NFC) or contactless payments intensifies one technology analyst wonders if we're inching toward a dangerous mobile security situation.

Some have suggested paper money is going the way of the square wheel and that by 2016 mobile payments could replace cash. But challenges remain before widespread adoption unfolds, notes a recent IDC Corp. blog, including contactless terminals that are often out of service and/or the under-trained store staff unfamiliar with the payment option.

NFC is the short-range communications standard that enables credit cards with an embedded NFC chip and mobile phones to transmit payment information to a contactless payment terminal such as those commonly found at gas stations and at some retail locations.

Visa Inc. announced Tuesday that NFC-enabled smartphones from Samsung Electronics, LG Electronics and Research In Motion have been certified for use with its mobile application for payments at the point-of-sale (POS), known as Visa payWave.

The Samsung Galaxy SII, LG Optimus NET NFC, BlackBerry Bold 9900 and 9790, BlackBerry Curve 9360 and 9380, have all been added to the list of Visa-compliant payment products available for commercial deployment by financial institutions.

Visa says its certification of these smartphones paves the way for mobile device manufacturers, mobile operators and retailers to partner with financial institutions to offer Visa mobile payment functionality to consumers globally.

"We've certified these devices from an NFC perspective," explains Derek Colfer, business leader, global mobile product innovation at Visa Canada in Toronto.

"What that means is, there are 200 different POS terminals out there or more. What we're doing from a certification perspective is ensuring those devices can speak to the POS terminals. This brings consumers one step closer to allowing them to use a mobile device at the point-of-sale."

But don't expect cold hard cash to be declared obsolete anytime soon. Visa Canada anticipates at least a decade will pass before ubiquity in mobile payments is realized.

"2016 is pretty aggressive. I think NFC is going to have a pretty long runway," he says. "It took 10 years to transform the (credit card) market from a magnetic stripe to a chip."

But, he adds, Visa Canada found through its research in 2011 that two out of three Canadian consumers say the concept of mobile payments is "very appealing."

Apple left out in the cold?

When asked why the Apple iPhone wasn't included on Visa's compliant payment products list, Colfer was vague in his response.

"That is our list to date, those six devices. There's also a microSD (secure digital memory) card which is an approved device that allows you to retrofit older devices for mobile payments," he remarks. "There's a plethora of mobile device manufacturers out there. There will be future approvals and we're very excited to work with everybody in the value chain to make this happen."

There are several big-name players vying for supremacy in the mobile payment space that includes the likes of PayPal, Google, Apple, Amazon, Microsoft, AT&T, Verizon, and T-Mobile. But the true key players for contactless payment via NFC-enabled smartphones are Visa, MasterCard, and American Express.

Warren Shiau, director of research, Technology & Consumer Insight at Leger Marketing in Toronto, says regardless of what any of the tech firms do, it's the financial institutions that are the key players in contactless payments.

Shiau also tells Yahoo! Canada that the big players in the space all feel credit and debit card contactless payment will be the main market for quite a while, with smartphone contactless payment being a market for future mainstream adoption.

"The research always points to big financial institutions and the main credit card firms as the key players for pushing contactless payment to consumers, not tech firms or carriers," he adds. "That makes sense because it's the big banks and credit card companies that consumers use and trust to process payments."

Risk and rewards

Will NFC-enabled smartphones actually become Canadian consumers' main preference with respect to contactless payments? It depends on how much risk the consumer is willing to take when it comes to convenience.

"The consumer reward for contactless payment is convenience: But only one involves your smartphone which layers on security risk, phone/data use, and potentially making yourself more of a marketing spam target," Shiau says. "I think the real reward is going to be for high customer volume merchants who'll be able to speed-up checkout times."

Visa Canada's Colfer says smartphones, compared to a plastic card, is a far more intelligent device on which users can leverage greater levels of security.

"Your payWave contactless card that you can wave in front of a terminal is always-on. You can't switch it off or put a password on it or any number of other features to increase the security of that card," he says. "If you put that card into a mobile device and leverage that device's intelligence, you can password-enable that device and the NFC antennae doesn't even switch on without the required password.

"There are a lot of opportunities with regards to mobile as it relates to security. That's a good thing for consumers, for merchants, as well as for our issuing partners."

But James Quin, lead research analyst at Info-Tech Research Group in London, Ont., suspects that we are on the verge of a potentially troubling scenario.

Mobile device security is not on a par with the security on traditional desktop or notebook operating system platforms. In fact, it is far worse primarily because security controls, such as anti-malware, are far less ubiquitously deployed.

Even those that are deployed seem to be less effective, he says, adding third party reports show infection rates on protected mobile devices to be higher than those of protected laptops/desktops.

"The leading cause of the increase in mobile threats though is that we are beginning to see a dominant market presence by one platform coupled with an open applications environment for that platform," he says. "It is easier to distribute malware for Android (Google's mobile operating system) due to the open Android Marketplace; concurrent with this Android has become the most popular platform meaning that malware writers can potentially impact more devices by writing malcode for Android."