PayPal Inc., the payments arm of eBay Inc., says it will process 1 billion mobile payments in 2014, and this experience means it knows something about mobile-payments security. That’s one message PayPal hopes comes across in a new ad campaign appearing in newspapers and online just days after Apple Inc.’s introduction of its Apple Pay mobile-payment service.
But, does that message come with a cost, one that might prompt consumers to wonder about the security of mobile PayPal transactions? Some observers, too, see the ad campaign as a not-too-subtle swipe at Apple. PayPal was not included among the Apple Pay partners announced last week. PayPal did not immediately respond to an inquiry.
One print ad, which debuted this week, reads: “We the people want our money safer than our selfies. PayPal protecting the people economy.” Tucked into a corner is this: “Download the PayPal app now and securely buy almost anything with just one touch.”
The ad hints at Apple’s embarrassment last week when some celebrities reported their photos stored on Apple’s iCloud service were wrongfully accessed. The campaign follows Apple’s Sept. 9 announcement of the Apple Pay mobile payment scheme that relies on near-field communication to complete transactions.
With NFC, mobile devices can link wirelessly to merchant terminals to transmit payment data. In the case of Apple Pay, users will be able to select a payment card from their Passbook wallet and send payment credentials, masked by tokens and one-time cryptograms, to the point of sale. As with any NFC transaction, it all takes place in the blink of an eye.
PayPal’s ads have so far met with a mix of derision and support. Forbes contributor Mark Rogowsky said PayPal’s “biggest mistake was calling into question the security of mobile payments.”
Payments analyst Rick Oglseby’s analysis of the campaign is bit more tempered. “This is a case of PayPal getting a bit too cute,” Oglesby tells Digital Transactions News in an email. “PayPal was probably just trying to generate extra consumer interest by linking its promotional activities and advertising to high- profile recent events. This can be a good way to generate lots of extra brand exposure.”
However, he cautioned that PayPal mustn’t take the campaign too far.
“That being said, doing so via direct attacks on other companies that could eventually acquire your company, or be a strong partner, or be a strong competitor, can be a mistake,” he says. “The goal here appears to have been to generate and support consumer interest, and it has probably been successful in doing that. However the unintended consequences could be significant downstream.”
And analyst Brian Kilcourse, at retail consulting firm Retail Systems Research, lauds the campaign’s allusion to mobile-payments security. “The people at PayPal see an opportunity to exploit consumer concerns about the ability of retailers and payment networks to keep their data secure. And why not?” he notes in a blog. Acknowledging that traditional payment card data security is constantly tested, and often bested, “it seems past-due to talk about viable alternatives to traditional credit cards, even if e-commerce is not addressed,” he says.
“Card-based systems that put consumers’ sensitive information on the card are inherently static (because they depend on physical distribution of the cards), and even when the cards are protected with some onboard security, the design is still basically just an improvement on the same old way of triggering an electronic payment,” Kilcourse says.
Mobile-payment schemes such as Apple Pay, PayPal, or host card emulation (a form of near-field communication) can aid that effort, he said. Host card emulation appeals to banks and other issuers because it lets them provision mobile devices without working out access arrangements on terms dictated by the organization—often the mobile carrier or handset maker—that controls the NFC secure element.
“Digital-payment platforms, whether Apple Pay or PayPal (or [host card emulation] for that matter), offer new ways of getting the job done,” Kilcourse says. “The Apple announcement—even though currently it is only intended for Apple Pay—moves consumers one big step closer to a new, and hopefully more secure, result.”