Five big players are slugging it out to win what has proven to be all-too-elusive: consumer and merchant adoption. Here’s a close look at the Big 5’s strengths and weaknesses.
(Editor’s Note: This is the first part of a two-part examination of the current landscape for mobile payments. Look for Part Two, on what’s needed to achieve ROI and adoption, next month).
Mobile-wallet and -payments providers are digging in for a renewed assault on the future of transacting. Flush with the initial excitement of Apple Pay—but struggling with fraud, lackluster consumer and merchant adoption, and a market backlash—the players are hoping to clear the competitive path to mobile-commerce nirvana.
This new phase promises to be a wild one. But what has to be done to get more consumers and merchants engaged is still up for grabs.
That’s because a flurry of developments in recent months has thrown what everyone believed about mobile payments into a cocked hat. First Samsung Electronics Co. Ltd. announced Samsung Pay, a fully manifested mobile wallet for the Android portion of the planet. Then Google Inc. bought the remaining assets of carrier-owned Softcard (formerly called Isis), and prepared for a new wallet launch in May.
Then PayPal Inc. bought Paydiant Inc., reviving its desire to compete for every transaction and raising speculation about the new possibilities for the Paydiant-driven Merchant Customer Exchange (MCX), operator of the CurrentC wallet expected to launch later this year. And then Apple’s honeymoon in the payments world turned sour with revelations of massive initial fraud just as it was poised to usher in its high-tech watch.
The industry could barely catch its breath with a renewed rush to take point-of-sale payments mobile. But after four years of trying to break into a thus-far unavailing marketplace, these powerhouses leave open a fair question: What’s their motivation now? And what’s going to change now that the “big dogs” have upped the ante on this game that’s just getting started?
The major players in mobile wallets and payments continue to wrestle with the seemingly intractable problem of tapping mainstream consumer and merchant adoption. All now know that consumers won’t show up without value drivers, and merchants won’t commit without consumer demand.
The Federal Reserve pinpointed this dilemma in its “Consumers and Mobile Financial Services 2015” report” released in March:
– 22% of all mobile phone owners reported having made a mobile payment in the 12 months prior to the survey, up from 17% in 2013 and 15% in 2012;
– 28% of smart-phone users reported having made a mobile payment in the 12 months prior to the survey, up from 24% in both 2013 and 2012;
– Among mobile-payment users with smart phones, the most common type of mobile payment was bill payment through an online system or mobile app (68%, up from 66% in 2013);
– 39% of all mobile-payment users with smart phones have made a point-of-sale payment using their mobile phone in the 12 months prior to the survey—the same as in 2013;
Unexpectedly slow consumer adoption for mobile payments at the point of sale has been daunting enough that providers besides Softcard have either bailed out or shifted focus elsewhere—as the bank card brands have done.
By supporting Apple Pay and Samsung Pay for POS, Visa Inc. and MasterCard Inc. now focus on the digital-wallet space (for payments from computers and other devices), while trying to lock down mobile payments at POS and online with monolithic tokenization schemes.
But the big five POS mobile-wallet players still in the game are doubling down on their bets to harness payments from mobile devices. Here’s a scorecard.
Apple Pay
Few marketing events stirred as much energy in the payments system as the introduction of Apple Pay last September.
In one fell swoop, consumers were indoctrinated into the supposition that making payments with their handsets was now mainstream, cool, secure, and capable of fixing (in the mocking words of talk-show host Jimmy Kimmel) “the excruciating experience of pulling a card out of your wallet, swiping it, and putting it back in your wallet.”
Apple did figure out how to package an ailing near-field communication (NFC) process with software tokens that masked real payment card credentials stored in a secure element chip in the new iPhone 6 (and some iPads). These tokens are presented to contactless terminals in-store or dispatched in-app to complete purchases.
Enrollment and use of payment cards is managed by the native Apple Passbook application, and nothing transactional happens on those iPhones without the user entering in a thumbprint for verification. Slick.
What Apple didn’t count on was the 500-million-plus stolen payment card credentials in the hands of hackers and thieves, which have been easily enrolled to get secure tokens to commit fraud with. In the first six months after the launch, a number of big bank issuers (which should have known better) experienced 600 basis points or more of fraud—100 times the ambient rate of transactional card-swipe fraud. Oops.
Nor did Apple realize that deploying payments at POS can have such operational complexity. The 220,000 old contactless terminals (which were also used by Google and Softcard) didn’t work consistently, or the merchants who had them sometimes weren’t ready to do Apple Pay.
And some merchants, including a couple of MCX-committed merchants, simply decided to turn those terminals off (for all mobile payments) until they had a chance to assess how this new payment system affected their operations and security.
So market researcher Phoenix Marketing reports growing consumer disappointment with usability, offsetting the fairly high tendency of iPhone 6 users to try the new mobile wallet at the outset. Very carefully worded reports on volume growth leave the distinct impression that even mighty Apple has failed to crack the puzzle of mobile-payment adoption—just like its predecessors.
This out-of-the-box reality has come as a surprise to the fawning set of legacy payments-system players—led by Visa, MasterCard, and American Express Co. and a number of early-adopting big banks, which practically fell all over themselves at the opportunity to re-instantiate their role in payments.
But eventually, merchants—like banks—will feel compelled to accept Apple Pay: iPhone users represent 42% of smart phones, but produce two-thirds of total consumer spend. And Apple walls out everyone else, so it’s the only way to get to those well-heeled consumers.
And Apple Pay 2.0 is on its way. Many reports indicate it will support the critical loyalty applications inherent in all other mobile wallets, as well as private-label credit cards through a pending deal with Discover. For early-adopting merchants like Nordstrom’s and Kohl’s, which reportedly do more than half of their card volume on their own cards, this support is essential.
For now, though, merchants have legitimate concerns. These include how to deal with Apple Pay’s sudden influence on reinvigorating card-network programs—including EMV chip, NFC, tokenization, and 3-Domain Secure online authentication—which many merchants still do not trust or value at this point.
Samsung Pay
The newest entrant to the mobile-payments wars, Samsung, represents the rival mobile operating system/device contender to Apple Pay. Samsung Pay is based on the new Samsung Galaxy S6, which debuted several weeks ago, and has a market launch scheduled in June.
In many respects, Samsung Pay mimics Apple Pay, and serves as a buffer to defend Samsung from competitive conquests in terms of customers switching from its handsets to iPhone 6s.
The biggest difference is that Samsung Pay purports to work on 80%-90% of existing mag-stripe POS terminals through the magnetic secure transmission (MST) technology of LoopPay, a 2-year-old mobile-wallet startup that Samsung invested in late last year (along with Visa and Synchrony Financial), then bought outright in February.
MST mimics a mag-stripe swipe by passing magnetic pulses from a copper loop in a mobile handset hovering over the card reader. LoopPay is also developing and testing a form of brand tokenization for added security, and working on support for a form of EMV cryptograms through use of seven characters in a discretionary field in the mag-stripe Track-2 data format.
The LoopPay premise for enabling mass acceptance on existing terminals at scale remains to be vetted. A large majority of mag-stripe card readers are located behind checkout counters, requiring consumers to get permission to reach over to hover the handset over the reader, or get the checkout clerk to do it for them.
And while LoopPay has proven to work on a wide variety of POS terminal types, many of those terminals must reportedly undergo adjustments on a terminal-by-terminal basis to process the magnetic-resonance signals properly.
Google is not a big fan of the incipient Samsung Pay or of Samsung’s intention to market its own operating system, according to several reports, setting up a third nexus of rivalry among mobile OS providers. And it has (endlessly) deep pockets and technological prowess to do anything it wants in the mobile-transaction space.
As well it might try: With an estimated 1.2 billion Android users coming onstream, the click-through ad business from mobile is thought to be four to six times bigger than the $64 billion advertising business the company has already built online!
The problem, of course, is that its monolithic (some would say obsessive) ambition to wire itself into all the data around a transaction (in order to sell to advertisers) makes it do goofy things. Exhibit A: the interim version 1.5 of the wallet, where Google offered merchants a card-present transaction while staging it as a middleman incurring a card-not-present interchange premium.
That aside, the data-protection issue has kept many merchants (and some consumers) from embracing its various offerings.
Google’s purchase of Softcard’s assets sparks a return to NFC (the host card emulation, or HCE, version that does not use the secure element) for a re-vamped Google Wallet 2.0. Google will compensate the three Softcard carriers (AT&T, Verizon, and T-Mobile) for loading its wallet when consumers get their handsets.
Whether Softcard’s AmEx Serve prepaid option will be loaded automatically is not certain, given Google’s predilection to use its own prepaid services. Softcard’s somewhat arms-length relationships with JPMorgan Chase & Co., Wells Fargo & Co., and other issuers also remains in question.
But Google gets a foothold with some important merchants, including Subway, McDonald’s, and Whole Foods. There’s been a lot of talk about Wallet 2.0 supporting a variety of loyalty and rewards programs—something that Softcard had focused on leading up to the acquisition by Google.
Like Passbook for the Apple Pay offering, the Google generic wallet is aimed at becoming a front-end application for Android devices called Android Pay. Google provides Android Pay deployers (other than Samsung) a suite of application programming interfaces that reportedly enable handsets to pull payment credentials/tokens and authentication data via the HCE workaround that Google pioneered (with startup SimplyTapp) in late 2013.
HCE is a much more flexible, software-based environment that can support a myriad of user applications that operate without the need for a chip-based secure element. With appropriate levels of tokenization, Android handsets can be both flexible and technology-agnostic. But the jury is still out on how secure HCE will be out-of-the-box.
PayPal
With a reported $46 billion in 2014 sales volume launched from mobile devices last year (the vast majority via standard online Web-site connections), and more than 15 years’ service as the first really big digital wallet, PayPal looms as a major player in mobile commerce.
After splitting up with Google on the eve of Google’s extravagant introduction of its initial mobile wallet in 2011, PayPal pivoted away from NFC, and introduced mobile transacting via cards, PINs and mobile numbers, card swipes from handset audio jacks, and POS checkouts based on consumer facial matches.
PayPal enlisted more than two dozen major retailers for mobile commerce, integrating their existing POS systems to the new mobile-transacting modes. But none of these initiatives to promote mobile purchases at POS have produced any meaningful new transaction volume.
When the consumer simply didn’t show up, the company shifted its strategy by mid-2013 to developing, testing, and spawning consumer applications that drive significant value-add—like the Jamba Juice order-ahead/pay-ahead model, McDonalds’ mobile rollout in France, and its new partnership with Shell Oil Co. to pay for fill-ups from a mobile handset.
Following a successful trial in the U.K. in 2013, Shell Drivers’ Club members can drive up to a pump, select it and the gasoline type by reading a QR code, and execute the payment (at a discount), with the receipt pushed to the phone.
PayPal’s purchase of white-label wallet provider Paydiant offers a tantalizing new start on POS, with Paydiant’s issuing and merchant customers—especially MCX—reassured that the company’s mobile-payments and loyalty platform will now be sustained by a digital venue player with very deep pockets.
As well, PayPal is updating its mobile wallet for NFC, and likely EMV and HCE as well. As a result, many smaller banks and credit unions will take a new look at this combination to protect their brands and avoid the Apple Pay problems (Paydiant works on just about any handset).
PayPal’s big opportunity with Paydiant and MCX lies in the chance to bring the MCX merchants into the fold (35-plus companies with 80-plus brands and $1.2 trillion in consumer spend). In one fell swoop, MCX merchants could join up with a digital player with deep pockets, and even forgo deployment of their own consolidated wallet. Instead, they could get Paydiant to customize their individual mobile apps to fit their individual business models—and still have a broader choice of merchant-friendly payment options.
The logical (and inevitable?) decision for MCX to fold into PayPal in some way becomes more plausible when taking into account some of the consortium’s biggest merchant owners, whose businesses require ever-bigger allocations of Apple products to sell. That commercial reality makes acceptance of Apple Pay certain—likely before the end of this year. So we should expect PayPal to be rifle-focused on how to co-exist (or engage in battle) with Apple.
In this quest, PayPal enjoys a potentially significant head-start over Apple in terms of payment-account penetration.
MCX
The Merchant Customer Exchange (MCX) has had the rare opportunity to view the wallet wars from behind the lines. Its merchant members can observe the mistakes and frustrations of the other providers while crafting and contouring an evolving value proposition that has the prospect of moving the marketplace forward as much and more than Apple did.
Meanwhile, however, the longer the development and testing go on, the more the merchant consortium encourages skeptics.
Supporting an array of payment options—especially low-fee alternatives such as a rumored decoupled-debit and a multimerchant private-label credit card with an open-loop mode outside the consortium—remains a primary driver for MCX’s CurrentC wallet. Another substantial advantage of private-label, closed-loop offerings is the ability to view and protect all of the data around a purchase transaction.
Recent market pilots, which are expected to spread steadily throughout 2015 but with no big-splash national launch likely, are testing a configuration for loyalty and rewards that aims at monetizing a consumer’s aggregate business with a consortium that accounts for more than 20% of total consumer spend.
This coverage, and other nuances in rewards programs, moves the industry needle significantly beyond everyone else’s merchant-by-merchant or issuer-provided rewards alternatives.
The MCX wallet is also expected to enable consumers to have a conscious, controlled, and predictable experience from beginning to end. One critically important aspect of this experience is ensuring payment choice as an array of in-transit security tokens make their way into the marketplace.
MCX uses the Paydiant transaction token, which generates and passes a unique reference number or ID to link up with the cloud for access to and submission of the real funding-account credentials. This contrasts with providing an account-number substitute and forcing the transaction through token-service-providing facilities prospectively provided only by Visa, MasterCard, and American Express.
By syncing up even more with Paydiant (and now PayPal), MCX merchants can gain direct access to a plethora of nuances to support their individual business models. For example, Paydiant is testing Beacon technology for order-ahead/pay-ahead and expedited drive-through at Wendy’s restaurants in select locations—an innovation that trumps NFC contactless.
And, since Paydiant supports NFC, HCE, and EMV, it becomes a powerful, comprehensive engine for payment type (and rewards) integration—with the added prospect of all those Paydiant deployments using the same API connectivity.
So the next phase of the mobile-wallet/payment wars promises to be a much bigger battle than anyone expected just a few months ago. The outcome of this new phase will hinge on just how quickly these big gladiators can figure out how to drive consumer value, while accommodating expanding and diverse needs of merchants.