What are mobile payments and mobile digital wallets?
The 21st century saw the birth of Smartphones, and with them, our phones became so much more than a device to text or make phone calls. Cameras, games, and an app for just about anything you may want or need. So, it was only natural that mobile payment also emerged in a world where we are rapidly moving away from physical money. We have already taken a look at Apple Pay in a previous article and today we’d like to expand our scope to mobile digital wallets and other options currently available.
What does mobile payment imply?
Mobile payment includes mobile digital wallets (mobile digital wallets where you add and store your card details) and money transfers. Through it, you can digitally pay for just about anything. Mobile digital wallets work with near-field communication (NFC), a form of contactless communication that allows two devices in close proximity to connect through electromagnetic radio fields. You can use mobile payment for point-of-sale and in-app purchases.
What are point-of-sale and in-app purchases?
Point-of-sale or POS purchases are quite simply those you make at a store, while in-app purchases are extra features or products you can sell through an app.
Regarding in-app purchases, there are two main types: consumables and non-consumables. The first ones are used only once and can be purchased again, such as gems in a game, while the latter, which can be extras features, are only purchased once and do not expire.
Which are the available mobile payment methods?
The most popular mobile digital wallets are Apple Pay, Google Pay, and Samsung Pay, with rapidly rising numbers over the last couple of years. However, PayPal, MasterCard, and Visa also have their own. Let’s take a look at the available options:
Apple Pay is a mobile payment solution developed by Apple to make payments at point-of-sale terminals. It works with Apple devices such as iPhone 6, iPhone 7, Apple Watch, and more recent models.
Apple Pay replaces credit and debit cards with NFC and a two-factor authentication solution. It works with any POS terminal that accepts contactless payment. No extra apps are necessary to use Apple Pay, it is all accessible from your Wallet and you can make both point-of-sale and in-app purchases. As a bonus, in the US -and on select Apple products-, you can also use it for person-to-person payment to send and receive money and pay for just about anything. Regarding security, Apple uses tokenization and a secure element, which we’ll mention in more detail below.
Furthermore, it is available in thirty countries and regions, including the United States, the UK, China, Switzerland and Brazil, and over a dozen networks support it, including Visa, MasterCard, and American Express.
You can take a look at how it works for developers in this article.
Back in 2015, Google launched Android Pay, which turned into Google Pay at the beginning of 2018. You can access a list of supported devices here.
With Google Pay, you can use your card details to make purchases in stores, apps, and websites, as well as buying Google products and sending money to friends and family (though the latter is limited to India, the US, and the UK). You can sign up to use it from your computer as well as downloading the mobile app. Moreover, you can use it with your debit or credit card, or your bank account, and in some countries, you can also use it with PayPal, among others.
Google Pay uses host-based card emulation (HCE) instead of a secure element like Apple, and the countries in which Google Pay is available will depend on the type of purchase you would like to make. There are around 26 included for point-of-sale purchases and over 80 for in-app ones.
If you wish to add it to your app you will be required to simply review the developer documentation, get access to the APIs, and integrate and test it before going live.
Samsung Pay, a mobile digital wallet, was also launched in 2015 and works with these devices. You can include credit, debit, gift and membership cards, and it works in-store, in-app and online. It functions with several technologies and a wide variety of payment providers, including BBVA, American Express, and Wells Fargo, as you can see on their website.
The app will also send you notifications on discounts and coupons near your location, and as an extra feature, you earn points with every purchase, which can be redeemed for gift cards or instant-win game entries.
Regarding safety, Samsung states that they use Samsung Knox and tokenization, in addition to each transaction being covered “by your bank’s fraud protection and authenticated by your fingerprint, pin number or iris scan”.
If you wish to add it to your app, you will need to sign up to become a member, agree to Samsung’s terms and conditions, select your country, complete the registration form, and submit your sign-up request. A Relationship Manager will then review and approve your request and you will be notified once this is done. You can get more information about the whole process here.
Now that we’ve covered the big names in the mobile industry, we’d like to share some basic details of some lesser known, but not necessarily less popular alternatives.
PayPass works with MasterCard and Maestro cards, uses encryption, which is unique to each purchase and has a more comprehensive implementation plan for merchants. You can search where this method is accepted by using the PayPass Locator app.
Regarding One Touch, it has over 50 million users and you can activate it within the PayPal app. It has no purchase cost within the US and works on both iOS and Android phones and tablets.
Finally, launched in 2014, Checkout is available for e-commerce sites and apps, and users need only an Internet connection on their phone to be able to access it. It also has over 20 million users and is supported by 1500 issuers. In order to add it to your business, you will just need to register, verify and login to your account, and choose the APIs that are most suitable for you.
Tokenization, Secure Element and HCE
Each of these apps has its own security guidelines and protocols, although the technology used does not vary that much among them. Up next, we’ll give you an idea of what each of these security features means.
- Tokenization: this is the process through which a sensitive data element is replaced with a non-sensitive one, which is called “token”, and has no exploitable meaning or value. It is merely a reference that maps back to the sensitive data through a tokenization system. Here, your PAN (Primary Account Number) is replaced with a token through this method and, instead of using the original card number in the transactions, this token is used. Tokens by themselves are of no use and it is impossible for criminals to reverse engineer the PAN from them.
- Secure Element: this is a hardware component (a microprocessor chip), which holds sensitive data and is able to run secure apps. As Apple explains on their support website, “After your card is approved, your bank, your bank’s authorized service provider, or your card issuer creates a device-specific Device Account Number, encrypts it, and sends it along with other data […] to Apple. The Device Account Number can’t be decrypted by Apple but is stored in the Secure Element […] on your device.” Furthermore, “The Device Account Number in the Secure Element is isolated from iOS, watchOS, and macOS, is never stored on Apple servers, and is never backed up to iCloud.” As per carrier demands, the SE is usually embedded on your device’s SIM card.
- Host card emulations (HCE): this is a technology that allows you to emulate a card on an NFC-enabled device, without the need to rely on a secure element. In the latter case, the data is routed from the reader to the secure element. Here, however, it is led directly to the host CPU on which the Android app is running.
All these methods (mobile digital wallets) cover a variety of features and devices. Their functionality is quite similar, with some of them having some extra features (like Samsung’s reward program), and the main difference is, of course, the specific devices or operating systems they are available for. Therefore, the best fit will mostly depend on your target audience.