Contactless Payment Security
Some laboratory tests have shown that some contactless devices can indeed be accessed from far greater distances than vendors claim. Steeley conceded that, but questioned how practical such data intercepts would be. "These things are powered by the reader. According to the laws of physics, if somebody has an antennae four feet in diameter, that could [grab data] across the room," Steeley said.Much of the purchase information is coded for one-time use, but cardholder identity data also needs to be protected. One approach is making passwords required for transactions. "This way, I can lend you my cell phone so you can make calls, but you cant buy coffee with it," he said. Another aspect of security that could be changed by these devices is physical security in places such as banks, taxicabs and high-security merchants. Currently, for example, some will erect bulletproof glass to protect employees from thieves, but be forced to leave large spaces for the exchange of money or credit cards, punching a literal hole in the protection. With contactless payments, those holes may no longer be needed. "Our contactless units can be read through inch-thick bulletproof glass," Steeley said. MasterCard is also experimenting with ways to enable and deactivate payment capabilities "in the same way that a mobile GSM [Global System for Mobile Communications] carrier can now update your SIMS setting," Steeley said. "You lose the phone, you want the bank to be able to switch off the capabilities. I can switch the phone off for payments over the air the instant it gets lost." A survey MasterCard conducted earlier this year found that consumers would be comfortable making contactless payments using a wide range of devices in addition to cell phones, including wristwatches, normal cards, key fobs, half-sized cards and small cards that hang off key chains. Cell phones were ranked the most popular and wristwatches the least popular, he said, but he stressed that all scored favorable comments from more than half of participants, in an area where MasterCard marketers said 33 percent was the break point for a form factor being considered viable. Demographics played a strong role. Cell phone popularity "was skewed toward the male and the youth market" and watches were popular with "more men than women," he said. The key fobs played well with the slightly older consumer and the traditional card was the favorite of even older consumers. "This is all about consumer convenience, and that means picking form factors that are relevant to consumers lives," Steeley said. "No one is going to buy a cell phone just because they can pay that way." Will contactless payments make a difference for companies like MasterCard? The Nilson Reports Robertson said he thinks so. "Financial issuers and debit issuers today are swapping customers. Contactless could have a buzz or sexiness attached to it. That could make a user have a better feel for a Chase card versus an American Express or Bank of America car they have. And everyone in America whos credit-worthy has more than one card," he said. "Contactless could be the differentiator. Debit cards started offering reward programs because they know the value of retaining their deposit customer. Contactless chips might be the differentiator between card A and card B. Then there are key fobs or watchesany form that creates a buzz. Thats where we are today. And Mastercard is right about cell phones being down the road." MasterCard sees 2006 having some limited public and market trials for cell phone payment units, with proximity payments going "mainstream in two to three years," Steeley said. "Dont cut up your credit card yet. Youre still going to need it for some time." Retail Center Editor Evan Schuman can be reached at Evan_Schuman@ziffdavis.com. Check out eWEEK.coms for the latest news, views and analysis on technologys impact on retail.
He added, though, that MasterCard is working with merchants and vendors to get as much of the data encrypted as possible.