Trusting a Retailer with your Payment Credentials
2014/01/14
For some time now I have been talking about importance of payment acceptance in the digital world. I have been arguing that, by implication, in the war of digital wallets, there can be no single winner; the contexts in which consumers need to pay have become so diverse, that no single solution can hope to cover all bases. As a result, we are seeing the proliferation of open digital wallets. We are also observing the emergence of apps developed by retailers, restaurants and other service companies which focus on adding a digital layer to their primary service (i.e. shopping, serving food, hailing a taxi, etc.) with payment capabilities embedded within the app. I call this "contextual payments"; the concept is discussed in more detail in my upcoming annual report on Top Trends in Retail Payments. There are different ways how a service app (e.g. retailer's app) can call on payments capabilities. One of the simplest ways is to ask the customer to provide and store their payment credentials (e.g. card, bank account, etc.) at the time of registration - think of Amazon and their "one-click" purchasing. In this case, a customer has to trust the service provider that their payment credentials will be stored safely and securely. That trust has just had a few big knocks. In December, Target, a large retailer in the US announced a data breach, and the latest estimates are that over 100 million customers have been affected. This was followed by a smaller-scale data breach announcement from Neiman Marcus, and apparently, there are a few other retailers that haven't gone public yet. Debates are going on now about the impact on the industry and the effectiveness and relevance of EMV, PCI and other measures in reducing the risk of such attacks. These debates are obviously important, but another issue fundamental to the success of mobile payments is the trust that customers have (or don't) in various third parties asking for their payment credentials. I know people who refuse to open a PayPal account, as they are not willing to trust the company with their cards details, let alone bank account numbers. News from Target, Neiman Marcus and others can only do further damage to that level of trust. No wonder banks and schemes have started work on tokenization standards; tokenization by itself won't be the answer to all the problems, but it's a step in the right direction. The big question is what it will take to convince customers to trust mobile payments and companies that enable them.