The popularity of mobile wallet apps – such as the ones by Apple, Samsung, and Google – seems predestined to grow. Convenience and smartphones are consumers’ two big loves, and no one can argue with the benefits of using a device that’s already glued to our palms for all sorts of other purposes to pay for goods and services as well.
But the advantages of mobile payments go beyond ease of experience. With added safeguards against fraud and the improvements in reporting they could make possible, business travelers stand to benefit from mobile payments at least as much as average consumers, and maybe more.
Despite their obvious attraction, mobile payments are still a novelty in North America. Jennifer Petty, head of global corporate card for Bank of America Merrill Lynch, estimates that less than ten percent of all consumer payments are made via mobile devices, and adds that corporations aren’t using mobile payments at all. “Processing systems and things are getting ready,” she explains. “It’s just not what clients are screaming for, so that’s not what we’re investing in yet.”
Perception vs Reality
In part, security concerns are fueling the choice to use plastic, even where mobile payments are accepted. Amid all the well-publicized security breaches at large retailers, consumers recoil from technology they believe could present new opportunities for fraud. And corporations have voiced worries, too. A survey of managed travel buyers in 2012 by AirPlus International found that 30 percent thought mobile payments were less secure than plastic.
But in reality, according to security specialists mobile payments use a tokenization process that makes them more secure than plastic, not less. None of the three major mobile wallets shares the buyer’s real credit or debit card number with the merchant during a transaction. Instead, the wallet creates a virtual code to represent the real number, and sends this “token” to the merchant’s terminal. The user pin or thumbprint required to authorize the transaction, along with features like Android device manager, which allows the user to disable a phone from anywhere, add additional layers of security.
By contrast, swiping a credit card sends true account information to the merchant. Even with reputedly more secure chip and PIN technology, fraud can be a serious threat.
It can even happen to people who work in the card business. Clive Cornelius, senior director, global card products at Carlson Wagonlit Travel, relates that on a recent trip to Texas, he received a call from his bank asking whether he had also used his credit card in London that day (he hadn’t). Which, Cornelius says, underscores the advantages of tokenized transactions. “Not having a physical card that can be cloned, or somehow fraudulently used, there’s nothing to really intercept,” he says, which makes mobile payments inherently more secure.
Today’s mobile wallets still require that a traditional credit card exist somewhere, however, even if only to be loaded onto the phone. And, notes Michael Boult, vice president of business travel resources at Travel Leaders, a corporate travel management company, “The idea that a permanent number is still available is a problem.” It’s not hard to imagine a mobile wallet security threat in the form of a virus that finds its way onto the phone, say through phishing e-mails. Cornelius cautions that “the trouble with anything that anyone declares as secure, is that then those rather lovely people out there – hackers, etc. – take it upon themselves to try and prove how it isn’t.”
Enter the single use virtual credit card number (VCN).
Living in a Virtual World
Virtual payments have made huge inroads in business, says Dave Lukas, vice president and co-owner of travel data solutions provider Grasp Technologies, because of the greater control and protection they offer. With mobile payments, he says, “it’s basically your credit card on a phone. So, not to get morbid, but if somebody cuts your finger off, they can open your phone and go spend your $10,000 credit line.” Conversely, a single use VCN can be limited to use for a defined duration, with a specific kind of merchant, for a transaction of a specified amount.
The logical next step, then, would be mobile single use VCNs. “I don’t think anybody has cracked that code yet,” says Lukas. But he predicts that mobile single use VCNs would work much the way single use VCNs do now. “Instead of having that full credit line accessible from a credit card on your phone, it becomes basically a mechanism in your phone that generates a card at the time of purchase.” The whole transaction – communication between phone and terminal, VCN generation, and payment – would take place in an instant.
According to both Boult and Cornelius, there’s no question that mobile single use VCNs would be more secure than traditional plastic cards, because they would all but eliminate fraud. Lukas agrees. The question, he says, is not how hackers would breach the technology, but why they’d want to. “What are you going to do? Steal the card for the Hilton Toronto and go impersonate someone and stay there for two nights? Why waste your time?”
Technology providers are actively working on bringing mobile single use VCN products to market. In fact, Boult notes that travel payment provider AirPlus already has a prototype for sale in Germany and Australia: mobile AIDA, which generates a single use VCN to pay for hotel stays and other select travel purchases.
Minimizing fraud is paramount, but mobile single use VCNs would also facilitate filling out those pesky expense reports. Not only can this help the company with back office processes, but mobile payments could improve traveler satisfaction. Instant reconciliation would free up time travelers previously spent on expense reports. Mobile payments will allow travelers to use technology at work they’re already happy to use at home. “Time is a precious commodity,” explains Lehi Mills, senior vice president of technology at Corporate Travel Management. “The more I get back, the happier I’ll be.”
Get Ready, Get Set
Mobile payments might be a real boon for business someday. Unfortunately, few merchants in North America have the near field communication (NFC) technology to accept them, and the rest aren’t rushing to get it. Mobile payments are much more prevalent in Asia and the UK.
With so many players in the value chain – Apple, Android, credit card networks, banks, merchants, and payment terminal providers – Boult says it’s not yet clear who will make money from this process. The lack of alignment leaves a fragmented marketplace, where a merchant might accept Android but not Apple Pay; Android Pay works with some banks but not others; and Samsung Pay works only on select devices. The end goal, of course, is a set of standards that benefits everyone: providers, banks and consumers.
Clearly we’re not there yet. But with the recent shift of credit card fraud liability, merchants continue to update their terminals to accept safer chip and PIN cards. Awareness of mobile payments’ superior security could spur them to upgrade even further.
Any such transition could take around two years or so. In the meantime, companies need to start thinking about how to adapt their travel policies for mobile payments. For example, if travelers currently use their personal phones for business, Petty says companies must ask: “Are we OK with a corporate card account being tied to a personal phone?”
In many cases, for a variety of reasons the answer to that question might be no. If that’s the case, a corporate card loaded onto a personal phone could require limits on how the phone can be used, which could cause friction.
When choosing a mobile payment provider, Petty says, the corporations will want to select one that is accepted in all locations. The alternative, implementing a patchwork of solutions, would negate some of the efficiencies that mobile payments are supposed to provide.
Companies are looking at what causes them pain today, and how mobile payments might alleviate the suffering, Cornelius advises. “A lot of them, it might be fraud. I’m sure they’ll read up on it themselves, but for me, mobile is a much more secure method of payment,” he says.
Or, he adds, “it could be the fact that their travelers are calling for it. It’s uncanny how people’s lives revolve around their mobile devices. They use it for everything in their personal life, so they want that same capability in their corporate life, as well.”