Michael L. Kasavana, Ph.D., CHTP, NCE5
-
Mobile technology is being adopted by both consumers and hospitality retailers at an unprecedented rate. Smartphones are being used to complete contactless payments, download apps, surf the Web and access coupons, discounts and rewards. Businesses are accepting mobile payments at innovative point-of-sale terminals, hand-held devices, add-on dongles and tablet PCs. For the hospitality industry, could the replacement of traditional fixed-location POS terminals to mobile POS devices be inevitable?
While mobile point-of-sale (mPOS) applications process digital payments at a physical point of purchase, they also enable hospitality management to gain a host of capabilities that add informational value to purchase transactions. While it is not surprising that consumers favor phone-based settlement, the fact hospitality business operators are testing mPOS options is somewhat remarkable.
Consumer mPOS
Currently mobile payments are used more often for bill paying, online purchasing and money transfers than purchases at a physical retail location. When a mobile device is presented at the point of sale (POS), a complex security challenge often ensues.
Juniper Research estimates that between 2010 and 2014, mobile payments will grow from $170 billion to $630 billion worldwide. In the United States, mobile payments will total $214 billion by 2015, with 77 percent of those payments made at a physical location, according to Boston-based research firm Aite Group. The increased volume of mobile transactions at a physical point of sale represents a significant shift in adoption. Hospitality business managers need to be mindful of the impending impact on industry POS hardware and software.
To date, there is no single commonly accepted mPOS standardized processing platform. This fact seriously complicates the evolving mPOS landscape. Mobile payments completed with physical connectivity (proximity payments) have at least three distinct formats. It is important to note that implementation of a payment platform may require additional hardware, software and/or netware on the consumer side or business side, or both.
NFC Payments
For many years, NFC technology has been considered the most promising of the mobile payment platforms. NFC payments, often referred to as contactless payments, are appealing since there is no physical contact between the mobile device and the mPOS equipment. The fact that the device remains in the possession and control of the consumer is also considered an advantage. American Express’ research indicates that NFC transactions are 63 percent faster than cash and 53 percent faster than a traditional credit card. The NFC payment platform allows for the integration of mobile apps dealing with loyalty programs, coupons and gift cards.
A major concern with NFC-enabled settlement is that it requires additional hardware added to the POS. During an NFC transaction, all requisite components to initiate the transaction are directed by the consumer’s smartphone. The user enters a PIN into the device, thereby enabling access to a stored set of accounts. The phone is placed within close proximity of the mPOS device for settlement. This process can be problematic when the transaction is settled away from a POS terminal (e.g., tableside). Additionally, NFC is not a standard component built into all brands of mobile devices available to consumers.
Bar Coding Payments
Bar coding for mobile payments can be designed via the mobile device display of a request for payment linked to a cloud-based wallet or an mPOS device generating the bar code request for payment. When the consumer’s mobile device is used to present the bar code for settlement, a user account must have first been established directly with a retailer or third-party application (usually online). This account structure is akin to a cloud-like wallet-based application and often requires the consumer to download a unique application for each retail establishment. The retailer’s POS device must have a scanner capable of recognizing the display on the consumer’s smartphone.
When the retailer’s POS terminal is the basis of the bar code, the consumer’s mobile device camera application recognizes the bar code and exchanges a message of agreement to pay. No POS scanner attachment is needed. Regardless of the basis of the bar code display, the mobile device and mPOS unit must be capable of interacting. Either format of bar code settlement incurs minimal cost to implement as long as both the consumer’s embedded camera and the retailer’s POS display are compatible of recognizing 2-D bar codes. As a consequence of bar code settlement, both the consumer’s smartphone and the retailer’s POS system must rely on proprietary software.
Numeric Code Payments
Numeric code payments involve text messaging as a basis for transaction reconciliation. The use of texting or short message service (SMS) requires authorizing a third party to complete payment based on the exchange of an authorization code. By entering this authorization code to the retailer’s mPOS device, the transaction is completed.
Although a numeric code payment application requires no new hardware or software systems, it does require modification to an installed POS system that enables mobile authorization as well as necessitating the retailer to develop a proprietary promotional program to enlist consumer enrollment (source mobilepaymentstoday.com).
mPOS Transition
More than half of U.S. adults believe digital wallets either have already, or may within the next five years, replace physical wallets, according to an October 2013 Visa survey (“The Way We Pay: e- and m-Commerce Trends”). Already, 40 percent of respondents carry less than $20 in cash, and 26 percent carry between $20 and $50, with the remaining 34 percent carrying more than $50. One appeal of the digital wallet may be that consumers avoid entering payment information multiple times. The survey also noted that 49 percent of respondents said the most annoying aspect of online shopping is setting up separate accounts with each e-tailer to make purchases. Moreover, 27 percent of U.S. smartphone owners and 24 percent of tablet owners have used those devices to make a purchase within the past year, and 15 percent report having scanned a QR code with a smartphone prior to making a purchase. The Visa survey also found that consumers would be willing to use a smartphone or tablet to pay for public transportation and parking meters, as well as to pay back friends, tip restaurant services and pay at the gas pump.
When a mobile device serves as a method of payment or as a payment terminal (mPOS), it must be connected to a secure network environment. Since a cellular handset contains multiple downloadable applications, including access to the Internet, retailers were initially hesitant to engage in mobile settlement. Fortunately, there have been numerous technologies developed that fortify mPOS, including smart cards (chips), encryption, tokenization and authentication and identity management.
Traditionally, point-of-sale terminals provided encryption at the point of purchase, but not always for transactional account data. The Federal Reserve claims that the major driving force behind the POS to mPOS movement is the convergence of online, mobile and POS payment channels at a time of significant growth in smartphone and mobile app (discounts, coupons, rewards, etc.) development. Digital marketing and commerce leader eMarketer estimates that domestic smartphone ownership in 2013 eclipsed 56.8 percent; more than double the penetration rate of 2006 (26.9 percent). Additionally, eMarketer projects domestic smartphone ownership will exceed 75.3 percent in 2016. As of March 2013, 52 percent of the smartphone operating systems in use belonged to Android™; 39 percent were iOS; 5.2 percent from BlackBerry; 3.0 percent for Windows; and .5 percent by Symbian, according to comScore.
One recognized challenge to mobile payment adoption is the assumption that mobile devices are not secure. There is the perception that a mobile handset exposes the entire network to fraud, and that component links need to be secured to prevent the entire eco-system from collapsing. To address this challenge, suppliers are working to implement a new protocol referred to as the Trusted Execution Environment (TEE) that resides in the mobile device. Customer authentication, whether making a payment at the physical POS, online or using a mobile phone/app, is a critical component of security that minimizes the potential for identity theft and data compromise. For mobile POS payments, authentication can be enhanced using a number of methods including encryption and/or tokenization. The goal of any security method is to protect transaction data, end-to-end, through reconciliation.
Current practices focus on end-to-end security and database parsing in the form of PCI compliance standards. Similarly, security experts advocate point-to-point encryption for mPOS settlement to avoid possible weaknesses in mobile contactless payment networks. Hardware-based encryption is also a critical mPOS component to overall risk prevention addressed by PCI compliance.
mPOS Platforms
mPOS paying consumers frequently express concern that mobile wallets need to do more than just transact payments to persuade users to replace a physical card with a digital payment platform. While this concern is significant, from a transaction processing perspective, a more critical issue is determining a technology platform to control the processing of mobile payments. There are at least three broadly defined candidate platforms: near-field communication (NFC), cloud computing and quick response codes. It is likely one of these platforms may eventually be designated the mPOS standard. To date, NFC-related technologies have received the majority of focus.
Fragmentation in the mobile payments ecosystem and little traction with any one mobile platform continue to drive many industry stakeholders to experiment with all three technologies because they do not know which solution will ultimately prevail. NFC is still struggling because its value proposition to incentivize consumer adoption for mobile beyond payments.
NFC Processing
NFC is a wireless communication standard that allows data to be exchanged between devices that are within a few centimeters of each other. NFC-enabled mobile phones contain a smart chip as a secure element that allows the phone to securely store payment application and consumer account information and use the information as a virtual payment card. NFC payment transactions between a mobile phone and a POS terminal occur when the phone emulates a physical contactless credit/debit card. The path to NFC adoption may require a slow phase-in to build consumer comfort with tapping and waving versus swiping at POS.
Some merchants have been reluctant to adopt NFC because it is a complex process. Adoption requires merchants to upgrade existing POS terminals or purchase new, NFC-enabled POS terminals that have been tested and certified. Furthermore, merchants must train staff to use the new terminals as well as generate consumer awareness and adoption. This is an investment in time, resources and money without any guarantee that consumers will use NFC-enabled mobile devices to make purchases. Additionally, merchants are struggling with how and when to migrate to EMV.
NFC card emulation is also available through the EMV (Europay, MasterCard and Visa) application. EMV is a payment standard focused on chip card technology that ensures interoperability between chip-based payment cards and terminals by requiring compliant requirements. EMV chip cards contain embedded microprocessors that provide strong transaction security features and other related capabilities. EMV specifications include contact and contactless card and mobile payment transaction protocols. A significant dimension of EMV is that it uses chip-based cards to perform payment transactions that store encryption data for authentication. As part of the transaction authorization, the card uses the data to prove it is authentic, thus preventing the use of stolen or cloned cards.
NFC-enabled POS terminals in the U.S. represent about 10 percent of the largest retailers. Preparing to deploy EMV may also affect this low penetration. Interestingly, even though more than 20 million phones are certified for the Isis Mobile Wallet®, adoption of NFC mobile payments remains slow. The fact that Apple has not included NFC on the iPhone® 5S also impedes growth of this protocol. Given that 39 percent of smartphone owners have iPhones; while 52 percent have Android™ smartphones, does not contribute well to NFC utilization. While Isis is only currently available for Android handsets, there are plans for it to be available on iOS (Apple) and Windows Mobile phones in third quarter 2014, or sooner.
Hoteliers and restauranteurs are concerned about the large investments in hardware and software already made during recent years in the interest of PCI compliance (fraud prevention). Given that conversion to an NFC platform requires additional investments in mPOS terminals, it can create added roadblocks to adoption. Before committing to future investments for heightened security and payment acceptance, retailers should be concerned with ongoing costs as well as upgrading requirements (e.g., migration to EMV and PCI-DSS compliance.).
Many POS suppliers claim that the transition to mPOS would be seamless, holding that NFC compliance devices are software upgradable to enable the application of newer versions of NFC as well as cloud or QR code payment acceptance. Despite this claim, many do not support the assumption that most legacy POS terminals are sufficiently software upgradeable.
Fortunately for NFC supporters, Google recently announced host card emulation, which allows NFC transactions to occur on NFC-enabled devices. In fact, NFC mobile payments can be accepted wherever MasterCard PayPass®, Visa payWave, American Express expresspay and Discover Zip are taken. In addition, both Google and Isis’ mobile apps also enable contactless mPOS payments with NFC-equipped smartphones. As a combined platform, leading digital security firm Gemalto, claims there are more than 200,000 domestic retail locations accepting NFC-based payments.
Cloud-based Processing
Perhaps, the most direct and simplest approach to mPOS processing may be achieved through cloud-based processing, as it features easy implementation for a minimal investment at most POS terminals. However, potential risks should be factored into this mPOS platform decision. Cloud computing may appear even more appealing as it is a mobile payment platform that does not store consumer data on the mobile device. Basically, this configuration helps businesses comply with PCI DSS (the cloud service provider is responsible for PCI DSS compliance).
Loop, Inc., the first m-commerce platform provider with a mobile wallet solution claims to work at nearly 90 percent of existing retail mPOS locations. The platform allows consumers to securely and conveniently purchase items using a smartphone while enabling the retailer to broadcast promotional and actionable deals to enrolled (opt-in) consumers. In essence, Loop is capable of providing advanced mobile POS checkout that seamlessly integrates with a mobile wallet system.
Traditionally, industry icon Google has stressed cloud-based integration using a form of NFC labeled Isis. Isis is a relatively new m-payments solution supported by Verizon, AT&T and T-Mobile. Isis requires NFC to function and since NFC to date has not been present in iPhones, this limits accessibility. Google Wallet emphasizes offers, loyalty and payment transfers.
In the current environment, cloud-based mobile payments appear to be the easiest and quickest way for merchants to accept mobile payments at the POS. Investment at POS is lower than the cost to upgrade terminals for NFC and changes to the POS system are nominal. However, use of a cloud provider that stores customers’ payment credentials must be factored into the cost and risk.
While NFC solves larger, complex and more critical problems (such as security), it has yet to demonstrate how it will enhance the user experience at the POS. According to some marketing experts, for NFC to stand out against competing solutions, providers have to incent consumers to pay using an NFC-enabled mobile phone at least once per day. To accomplish this, they need to transform the overall payment experience by integrating new capabilities that the mobile phone offers into the payment/purchase process.
mPOS Examples
Starbucks has successfully implemented a closed-loop mobile payment model. Starbucks enables consumers to pay using a mobile app that generates a QR code on the user’s mobile device that can be scanned at a store POS reader. Industry statistics indicate that Starbucks processes approximately 4.5 million mobile transactions per week. For every mPOS transaction, the consumer receives added value in the form of a loyalty program. In this way, Starbucks is able to collect valuable consumer analytics relative to consumer item preference and purchase behavior. Mobile phones account for more than 10 percent of Starbucks’ transactions; while Starbucks cards are used to settle about 30 percent of total transactions. The Starbucks loyalty program is used for 25 percent of transactions. A similar closed-loop program has been implemented by Dunkin Donuts using QR codes and loyalty relations.
Since adding mPOS to a business’ infrastructure may require additional funding, there must be the potential for value-added services. When customers use mobile features such as location check-in, facial recognition or location-based services that generate customer data for analysis, the retailer is provided data to enhance customer relationships as well as improve transaction experiences. Line-busting works well in high-throughput retail locations as the consumer does not have to stop and pay at a POS terminal. Such mobile apps allow consumers to place and pay an order directly from a smartphone having identified a location and pickup time. The consumer then arrives at the eatery, picks up the item and leaves; no waiting in line. While improving the overall customer experience, these applications create consumer loyalty and assist in managing peak traffic.
mPOS Potential
POS technologies emerging in the mobile payment ecosystem have some challenges. The three most significant challenges to mPOS are the lack of security and privacy standards, lack of interoperability standards and lack of regulatory direction.
In the report, “IHL, Mobile POS: Hype to Reality,” researchers project a 380 percent increase in shipments of mobile devices between 2013 and 2017. Correspondingly, mobile POS solutions are expected to experience increased development, deployment and attention by retailers, transaction facilitators, payment acquirers, hardware vendors and software providers. While swiping a credit card through a mobile point-of-sale (POS) payment system is expected to remain a popular practice, financial institutions are focused on providing additional value resulting from tapping, touching, presenting or scanning a mobile device to pay at the POS.
Security issues and consumer habits are thought to minimize the use of tap-and-pay. As mPOS-based retailing evolves, it is proving to be an effective data capture platform with strong processing capabilities that replaces more expensive, bulky, fixed terminal register units with an integrated tablet solution. Many financial transaction specialists have documented that during the last year mPOS has shifted from payment reconciliation for the guest, to a value-added proposition with components designed to assist businesses with data processing. Hospitality management must be mindful that mPOS decisions need to be driven by factors that surround payment gateways, real-time reporting and consumer analytics.
Interchange is the term used to bundle handling fees that businesses pay to credit/debit card processors to cover the cost of processing transactions. As interchange rates are increased, retailers typically increase product prices to cover the incremental increased cost of interchange. During the past three decades, interchange fees have been steadily increasing, although it appears this trend may finally be reversed. As mPOS system suppliers evolve they are offering alternative payment options that are outside the control of the major card-branded interchange processors. While both Visa and MasterCard historically have taken the lead in establishing interchange rates, the mobile payment providers are starting to alter the structure of transaction processing fees by capturing a growing share of payment volume. What mPOS settlement offers retailers a different method for reconciling transactions by providing both payment processing and adding value through data collection at the same time.
While many of the new technologies mirror capabilities previously available only to larger businesses, mobile payment processing enables smaller retailers to gain access to transactional information. Mobile payments can provide an innovative solution to provide more than just payment processing; by providing a unique method for connecting with clientele.
The mPOS platform is more important than the payment supplier. Given the changing landscape of mPOS payments, there is much uncertainty surrounding the feasibility of supplier companies in both the short and long run. As a result, retailers must be aware of the mPOS platform offered by each supplier and select a supplier based on that criterion as well as the requisite processing fees and communication costs.
Summary
While there are technical and security issues to be resolved, including reducing card-present fraud, the general consensus is that mobile contactless payment solutions for POS payments can be successful. Implementation complexities such as multiple components and participants sometimes result in misleading news reports that forecast success or failure before the solution has time to evolve. Pilots should be viewed as positive developments that provide education and support progress. Enhanced industry collaboration could help address some of the commercial challenges and reduce the friction around some technologies that are perceived as hurdles. Many industry stakeholders believe that there is an opportunity for enhanced authentication using the smartphone. Broadly demonstrating the security opportunities afforded by the mobile device could further advance mobile contactless payment adoption.
Michael Kasavana, PH.D., NCE, CHTP, is a NAMA professor in Hospitality Business for the School of Hospitality Business at the Michigan State University. He can be reached at kasavana@msu.edu.\
©2014 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.