With mobile payment technology at our doorsteps, consumers have yet to be convinced that tapping their smartphones at the cashier is a secure payment method.
According to a recent ING Direct survey, two-thirds of respondents pointed to security as their greatest concern about banking via smartphone. In response, the Canadian Bankers Association - an assemblage of Canada's largest banks - has made a list of safeguards for users who are expected to use these mobile payment products.
So how exactly will these new guidelines protect the Canadian consumer? Here are some of the safety measures announced by the CBA.
Mobile wallet safeguards
User-defined passwords are mandatory, both for automatic mobile wallet locking and user verification of high-value payments. There are also stringent rules to ensure that only one mobile payment application is turned on at a time, thus eliminating inadvertent payments from multiple accounts.
Smartphone payment software must also encrypt user credentials and payment transaction data so that unauthorized parties cannot view money-related information. For non-encrypted data, only the user and governing financial institution will be able to access details such as a credit card number or cardholder name. The merchant may only access this information when processing a payment.
Lost or stolen smartphone wallets
The guidelines also contain security provisions that address many consumers' greatest nightmare, namely having their virtual wallet end up in the hands of a stranger. Should this happen, users will be able to inform both their mobile network operator and financial institution in order to remotely lock their smartphone. Financial institution will also be able to block any payments from the missing device.
In order to get a new mobile wallet, customers must fulfill the initial setup activities again. This includes proving their identities to the financial institution by answering a series of challenge questions. David Robinson, vice president of emerging business at Rogers Communications, says that since all of your information is saved through your bank and mobile carrier, losing a mobile wallet will be a lot less painful than losing a leather one.
"As soon as you get a new phone, you'll download an application from the CIBC who'll ask ‘Who are you?'" Robinson says. "You'll have to pass the challenge question, of course. But as soon as you do that, you get to repopulate the mobile payment app over to the new phone in real time."
Returns and receipts
The CBA says that shoppers who pay with their smartphones must still receive paper receipts just like any other point-of-sale transaction. Additionally, if the seller chooses to provide a receipt digitally, only the merchant and user will be allowed to access those specific electronic proofs of purchase.
Consumers will be able to collect and store electronic receipts in their smartphone wallets. Both the user and financial institution must grant permission before those digital transaction records can be shared with another party.
Show me the mobile payment security
Though Rogers and CIBC are the only bank and mobile carrier that have teamed up so far, with over 10 million smartphone users in Canada, mobile payments systems are expected to take off. Already Canadians use mobile banking to check account balances (63 per cent), pay bills online (19 per cent), transfer funds (15 per cent) and email money (2 per cent).
But even with these safeguards, some Canadians are waiting to see practical proof that mobile wallet payments are completely safe.
"I suspect it will take time before people feel secure that this technology will not increase their exposure to the possibility of theft of their banking and credit card information," says Scott Hannah, president and CEO of Vancouver-based Credit Counselling Society.