Author: Waew-wow Panichewa
Alternative payment systems are evolving rapidly, driven by high growth in e-commerce. Digital shoppers want the maximum in user experience and convenience; however, security and trust are major issues in paying online. The tokenization that Apple Pay uses may be the future in securing payments, especially if embedded in other payment systems, such as in the Host-Card Emulation (HCE) that Google Wallet adopted and in EuroPay, MasterCard, and Visa’s (EMV) chip-based cards. Nevertheless, the market for payments is still growing and innovating. There will be many players and options, but systems that can overcome security issues and gain mass recognition will become front runners in the payments market.
The payment industry is rapidly evolving, with an increasing shift toward using alternative payment systems, driven by high growth in e-commerce and mobile-commerce.
While traditional payment methods (credit and debit cards) remain the main channels for online transactions, the share of alternative payment methods (such as e-wallets, real-time bank transfers, and mobile payments) is expected to rise from 43% in 2012 to 59% in 2017 globally. Future prospects for the alternative payment market will create ample room for new entrants, given the high 14% growth potential for business-to-consumer e-commerce sales in the coming years. Along with online payments, contactless payment systems through mobile devices are also gaining momentum with Apple Pay and Google Wallet. Samsung also recently collaborated with MasterCard to launch Samsung Pay, which allows in-store transactions via mobile phones. Samsung’s acquisition of LoopPay allows the payment system to have a backward compatibility for older magnetic-stripe card terminals. Nevertheless, the adoption of these payment systems has not grown as fast as many players in the industry expected. Some of the remaining issues concern security.
An innovative payment system that is able to address security issues inherent in online payments will have a competitive advantage in gaining market ground.
Security and data protection are key issues leading to low consumer confidence in conducting e-commerce, especially when using mobile phones for contactless payments. For example, Line Flash Sale statistics in Thailand, a hotbed for mobile commerce, show that 89% of respondents visit e-commerce sites on mobile phones, but when it comes to conducting transactions 42% of respondents actually make their purchases via desktop. A KPMG report further reveals that 88% of respondents prioritized data protection and payment security as their top requirements for future mobile payments. This has prompted payment industry players to innovate in providing secure payment solutions that customers can trust. The use of biometrics for authentication and validation, such as Apple Pay's “Touch ID” or the development of AliPay's “Smile to Pay” are initial moves attempting to enhance the security of their systems. Apple has innovated further by incorporating ‘tokenization’ into their payment system, which is regarded as one of the most secure payment systems in the market at the moment.
Apple Pay’s use of tokenization as their security standard has motivated technology companies to enter the lucrative payments market and caused existing companies such as Google to reevaluate their market position.
Apple and Google are regarded as the two key players with established positions in the payment industry. Both products use NFC, a short-range high frequency wireless communication technology facilitating data exchange between devices within 10cm proximity to enable in-store contactless payments. However, Apple Pay has gained much wider adoption due to their tokenization mechanism, which substitutes the highly sensitive credit card Personal Account Number (PAN) initially used in enrolling in the Apple server with a randomly generated set of numbers or characters. This is then transferred in encrypted tokens to merchant payment processors or e-commerce sites where the data is decrypted and transactions authorized. The encrypted tokens can only be used in a single transaction or context under an expiry value, and cannot be reversed or de-tokenized by fraudsters. Therefore, this system underlying Apple Pay fundamentally reduces security and fraudulent risks associated with online payments, and coupled with Apple’s global presence has led to the system gaining wide recognition and spurring competition in the payments market (such as the launch of Samsung Pay).
Conversely, Google Wallet has been around since 2011 but has not disseminated its payment system beyond US borders. Google Wallet uses Host-Card Emulation (HCE) technology whereby the real card data is stored on Google Cloud servers and transactions conducted via the cloud each time a payment is made. HCE mobile payment functionality can be added to merchants and banks’ existing mobile apps without the need to use the SIM or other secure element within a phone since the mobile operating system will communicate directly using an NFC in-card emulation mode. Google Wallet’s system allows the exchange of non-payment information for managing customer relationships; however, the HCE system is more exposed to security breaches and user privacy has a higher risk for fraud when compared to the tokenization system. After the launch of Apple Pay, Google responded by launching Android Pay, a payment platform for third-party apps that integrates tokenization as a secured mechanism behind the HCE-based payment processes. This payment platform is therefore not only secured, but also gains additional benefits from the HCE-based system with regards to customer relationship management.
The evolving payment landscape is currently in its early lifecycle stage, growing with new market entrants and innovations, but tokenization standards may potentially become the future for payments.
As innovative payment systems gain momentum, tokenization may fill in gaps inherent in EMV and HCE-based payment systems concerning security and data protection and this could potentially become a standardized measure for the global payments industry. The push for HCE mobile payment specifications from Visa and MasterCard will create opportunities for upgrading NFC mobile phones to be compatible with mobile payments with a mere app update. This HCE system, coupled with a secured tokenized mechanism (already incorporated in the Android Pay platform), may significantly change the industry’s landscape when 84.7% of all smartphones shipped globally were running Android OS’ for Q2 of 2014 and these devices are likely to have NFC chip technology, as revealed by IDC Research.
The success of innovative payment systems is highly dependent on the level of mass-recognition as well as acceptance from consumers, merchants, and consumers and merchants.
Customers may be reluctant to use new payment systems unless it is evident to them that many merchants will accept it. Merchants likewise may not invest unless many customers will use the new payment systems because the associated changeover costs may be high, particularly for large retailers. Payment providers must make aggressive moves to drive acceptance from both sides and players that innovate to provide secured payment solutions on top of convenience are likely to succeed in the market and gain wide recognition. Once customers have more confidence in using secured payment systems, merchants will benefit from an expanded customer base, so a new payment system is a win-win for all.
New business models can always be a combination of technologies. Merchants and banks can push tokenization standards to secure their systems and use HCE-based technology to transform their mobile payment service by issuing mobile NFC products without relying on the cooperation of mobile operators. Moreover, while currently most payment processors adopt tokenization for in-store contactless payments, the concept can be implemented on e-commerce sites and platforms. Payment platforms such as PayPal and AliPay may shift the use of email addresses or mobile phone numbers in their standard encryption process to using encrypted tokens. This will enhance customer value and therefore their acceptance, because confidential credit card data stored in the tokenized database system is more secure than being stored locally with merchants.
Figure 1: Alternative payment systems still have low penetration, but are growing in the Asia Pacific region
Source: EIC analysis based on data from WorldPay 2012
Figure 2: Growth of B2C e-commerce sales worldwide and by region, 2012-2018
Source: EIC analysis based on data from eMarketer 2014
Figure 3: Line Flash Sale results in Thailand
Source: EIC analysis based on data from eCommerce 2015