The Internet of Things (IoT) is reshaping the way we interact with the modern world. But there’s another trend that’s gaining traction just as quickly: contactless payments. As the name implies, contactless payments are a way for customers and merchants to make transactions with little to no physical interaction. Rather than having to slide a credit card into a point of sale (POS) terminal, the customer can simply bring their card (or other device) within a certain range of the terminal to process the transaction. Contactless payments are faster and offer a higher level of convenience than traditional card or cash-based payment systems.
While they may seem completely different, contactless payments and the IoT are growing together. Contactless payments simplify the process of transferring money between parties, while the IoT automates and interconnects everyday tasks. The combination of these technologies results in futuristic developments such as clothing that stores credit card details, car key fobs that can pay for a latte at Starbucks, and bracelets that use the wearer’s heartbeat in place of a signature or PIN. Essentially, IoT contactless payments aim to make payment processing faster and more convenient for customers and merchants alike.
Table of Contents
- A Rocky History of Contactless Payments
- Contactless Payment Technology
- Are Contactless Payments Secure?
- What’s the Current State of Contactless Payments and the IoT?
- How Ignite Can Help
A Rocky History of Contactless Payments
Contactless payments didn’t always have a strong start. One example is the VITAband, a combination contactless payment system and medical ID service released in 2011 by U.S. Bank. The VITAband integrated MasterCard’s PayPass as well as an Emergency Response Profile (ERP) that allowed EMTs and first responders to quickly look up the wearer’s medical information. While one of the first of its kind, the VITAband received criticism for its gaudy appearance, limited feature set, and limited support. If anything, the VITAband acted as an early seed for the growing contactless payment ecosystem today.
Even near field communication (NFC), one of the technologies driving contactless payments today, had a difficult start. Even in 2012, experts predicted a period of five to eight years before mobile wallet adoption became widespread in the US. Even the most promising estimates determined that only 10% of smartphones would be used to make a mobile purchase in 2015. The lack of NFC in the iPhone 5 certainly didn’t help the adoption process, and it wasn’t until the release of the iPhone 6 and Apple Pay that contactless payment usage surged among everyday users.
Four years later, more and more companies are focusing on contactless payments. Between Apple Pay, Samsung Pay, and Android Pay, almost any smartphone user can send and receive money without having to have their wallet on them. We’re beginning to see payment services embedded in wearable devices such as the Jawbone UP4 and Kerv. Barclaycard has already released wristbands, keyfobs, and stickers that can make payments through their bPay program. Meanwhile, MasterCard recently introduced a program that promises to bring contactless payments to any consumer gadget, accessory, or wearable. At this rate, 2016 is shaping up to be the year of wearable payments.
Contactless Payment Technology
Although contactless payments have only recently entered the public eye, the technologies behind them have been available for over a decade. How these technologies integrate into contactless payment depends on a variety of factors such as the device’s capabilities and the features supported by the payment processor.
Operating Systems and Software
Companies have begun developing specialized operating systems and software platforms for driving the Internet of Things and mobile payments. Unlike modern smartphone or computer applications, software designed for the IoT needs to be lightweight, low-power, and specialized in order to fully take advantage of the underlying hardware.
Google has already started welcoming developers to the IoT with Brillo, an operating system designed for embedded devices. Brillo supports several commonly used low-power computing architectures while providing features such as updates, analytics, and wireless communication.
A similar project is the open source Contiki, which can be compiled on a device as small as an Arduino. Contiki is designed for compact, low-power, low-memory systems while providing full wireless networking, long-term data storage, estimated power consumption, and even a command-line shell. Contiki claims it’s designed to run systems for years on nothing more than a pair of AA batteries.
Hardware and Wireless Communications
The Internet of Things makes extensive use of low-power wireless communication to exchange data, and wearable payment technology is no exception. Today, there are three wireless communication technologies that are commonly used in contactless payment devices: QR codes, Near Field Communication (NFC), and Bluetooth.
QR codes allow you to perform contactless payments by simply using a device’s screen. Unlike NFC and Bluetooth, QR codes rely on optical sensors that scan a two-dimensional barcode. That barcode provides the information needed to authorize the purchase. The benefit of QR codes is that they require little more than a display and a wireless connection. The drawback is that they won’t work on devices that don’t have a screen, such as a fitness band.
NFC is a more flexible technology that uses short-range radio signals to communicate over distances of less than 10cm. NFC has seen popular adoption from chip manufacturers such as Broadcom, who has integrated NFC support into a variety of embedded devices. This provides product developers with out-of-the-box NFC support in a single package.
Bluetooth allows for greater convenience than QR codes and larger distances than NFC, but is arguably the most power-hungry solution. However, it allows larger and faster data transfers while requiring little to no input from the user. Because Bluetooth is so common, it’s supported by a wide variety of operating systems, architectures, and platforms. Additionally, recent Bluetooth versions have drastically reduced the power requirements, making it ideal for small, low-power devices.
Your payment platform of choice may limit you to a particular technology. Many modern contactless payment processors including PayPass and PayWave use NFC natively. In 2013, PayPal released their Bluetooth-enabled Beacon service, which lets retail stores set up automated wireless payments for their customers. Some companies, such as Digicash, support a combination of all three technologies.
Other companies have opted to release payment management apps on existing platforms such as iOS, Android, and Windows Mobile. Known as digital wallets, these apps let you store loyalty cards and payment methods such as credit and debit cards on your phone. Google Wallet was one of the earliest examples, although it required users to deposit money into their account before it could be used to make purchases.
Vodafone Wallet, on the other hand, was one of the first digital wallet apps from the mobile operator. Users also could then make payments simply by tapping their smartphone against a terminal supporting contactless payments. Android Pay, Apple Pay, and Samsung Pay has since brought that same functionality to widespread use through standard NFC.
Are Contactless Payments Secure?
Any technology surrounding financial data must be secure, especially those that aim to simplify the process of sending money. Traditional magnetic stripe credit cards are vulnerable to a variety of theft methods including card skimmers and data breaches. In order to reduce fraud, the credit card industry is moving away from magnetic strips and towards modern, more secure technologies. As a result, several secure technologies have been implemented to improve convenience without sacrificing user safety.
Credit card information has long been the target of hackers and data thieves. Tokenization seeks to prevent this by replacing sensitive credit card information with a uniquely generated identifier or “token.” This token – which can be re-generated for each transaction – is used to authorize the payment instead of the credit card number, the card holder’s name, and the security code. The merchant only stores this number, while the customer’s sensitive information remains with the card issuer.
Tokenization vastly improves the security of wearable devices since it limits the amount of sensitive data stored on the device itself. Instead of providing private details, the consumer only has to provide a token, which by itself is completely worthless to a data thief. The only way an attacker would be able to use the token is if they knew the original credit card number and the algorithm used to generate the number. In addition to consumers giving out less private information, merchants no longer have to securely store this information, making tokenization a win-win for everyone involved. Tokenization is used for most mobile payment systems including Apple Pay, Android Pay, and Samsung Pay.
Magnetic Secure Transmission (MST)
Magnetic secure transmission (MST) aims to bridge the gap between sliding credit card readers and contactless payments. MST works by replicating the magnetic stripe on a credit card with a signal that essentially mimics swiping the original card. This way, merchants can take advantage of contactless payments without having to upgrade their terminals. LoopPay, one of the earliest examples of MST, contributed towards the development of Samsung Pay after the company was bought in early 2015. In its first month of service in South Korea, Samsung Pay handled $30 million in transactions.
EMV (named for the companies that created it: Europay, MasterCard, and Visa) is a standard for creating payment cards with data stored on secure integrated circuits rather than magnetic stripes. EMV was designed to reduce fraud by making it more difficult to replicate credit cards. Since EMV defines a standard, companies such as American Express and Discover have already implemented EMV-compatible wireless payment systems in their respective ExpressPay and Zip programs. Consumers simply need to tap their card, a key fob, or a sticker to a reader in order to make a payment. While similar to NFC, EMV was designed for financial transactions and has already seen widespread global adoption. EMV is also significantly more difficult to forge than traditional credit cards.
To better authenticate users, some payment providers are looking to one of the most unique identification methods available: the human body. Bio verification uses physical attributes such as fingerprint, voice, and heart rate to verify the identity of the wearer. Although biometric readers have been available for several decades, we’ve only recently seen their implementation on mobile devices such as smartphones. One of the most well-known examples is Touch ID on Apple’s iOS devices, a feature that has since been replicated by Samsung, Huawei, and others.
Biometrics provide a secure way of identifying a user because they’re extremely difficult to replicate. For devices that don’t have a screen or input, using a characteristic of the wearer in place of a PIN or password makes it possible to identify the user quickly and easily. Current verification methods aren’t just limited to fingerprints, either. For instance, the Nymi Band is one of the first wearable devices to leverage the user’s electrocardiogram (ECG) as a way to verify the user’s identity. In addition to authorizing payments, the Nymi Band will also be used as an authentication device for computers, smartphones and apps. As the detection hardware becomes smaller and more ubiquitous, we’ll continue to see more bio verification tools in wearable devices.
Verification by Smartphone
For cases where contactless payments open up a possible security vulnerability, payment processors have turned to smartphones to help verify users. MasterCard recently announced a program that will use photo identification to authorize online purchases. When the user attempts to use their card, an app installed on their phone prompts them for verification. The user can then take a picture using the smartphone’s camera, or they can provide a fingerprint scan if their smartphone supports it.
The app provides a tool for authenticating purchases while limiting the consumer’s exposure to fraud. MasterCard has already planned around common fraud tactics – such as using a photo of the victim in place of their actual face – by requiring users to blink or perform certain actions during the process. Although smartphone verification adds an additional step in the purchasing process, it can greatly reduce the potential for fraud without excessively inconveniencing users.
What’s the Current State of Contactless Payments and the IoT?
Contactless payments are a growing trend not only in developed countries. In 2013, the contactless payments market was valued at an estimated $4.32 billion. This number is expected to reach almost $10 billion by 2018, an annual growth rate of 18%. We’ll also see an increase in the use of wearable devices and smartphones capable of contactless payments. By the end of this year alone, 30 million NFC-equipped phones will be used to make a contactless payment at least once a month. This number is expected to skyrocket to 516 million by the end of 2020. The continued adoption of wearable devices and high-bandwidth short-range wireless communications will result in the steady growth of contactless payments and IoT-enabled transactions.
How Ignite Can Help
Contactless payments and the Internet of Things may be modern trends, but they’re grounded in familiar technologies. They represent a merging of wireless communications, secure payment processing, and wearable devices capable of identifying and authorizing users. Over the next few years, we’ll see these devices continue to shrink in size and these processes become more transparent to the user.
Ignite stays on the cutting edge of IoT and contactless payment technologies. Our experience developing point of sales (POS) systems – combined with our experience developing IoT-ready devices – means we can create secure solutions customized to your business’ needs. We can help you:
- Integrate contactless payments into your mobile app using PayPass, payWave, and other services.
- Integrate contactless payments into your existing POS system, or design entirely new payment systems using contactless payments.
- Develop wearable devices for use with contactless payments.
As the IoT and contactless payments spread, we need a way of making payments more convenient while maintaining the customer’s security. With Ignite, you’re working with a team that has experience building strong, secure applications and transaction processing systems. You can learn more about Ignite’s mobile app development offerings here, and our eCommerce development offerings here.
For more information, contact us at igniteoutsourcing.com.