Evan Schuman writes a story for his StorefrontBacktalk about mobile payment checkout. He provides four choices, all of which "have serious drawbacks..."
A Mobile Retail Quagmire: The Checkout
Written by Evan Schuman and Fred J. Aun
August 13th, 2009
Nothing
will kill a potential Mobile Commerce customer’s enthusiasm faster than
an onerous checkout process. But retailers have to balance security
versus convenience in a way that is radically different from E-Commerce.
Going through the ritual of filling out shipping and payment forms on a regular E-Commerce site is annoying enough, but being forced to do that same dance on a mobile device can be downright cruel. But a true M-Commerce site must allow visitors to not only find products with their mobile devices but to also buy them.
Related Story: U.S. Retailers Tip-Toe Through Mobile Commerce Minefields
There are primarily four ways for a retailer to handle mobile transactions: (Editor's Note: There's another way)
- Force consumers to type in full payment card numbers, card verification value (CVV) [to be precise, the CVV-2 for Visa, the CID for American Express and CVC2 for MasterCard] and their full address for each and every time they checkout. (Editor's Note: Ouch!)
- Allow for that data to be stored on the mobile device, presumably encrypted. (Ouch!)
- Allow for that data to be stored on the retailer’s server, typically requiring a password and some other authentication. (Ouch!)
- Use a third-party financial service to store that data and make it available to participating retailers. (that's the best of the four...)
All of these approaches have severe drawbacks. Forcing consumers to type their data into their phone with each and every purchase session is the safest route, but is also highly impractical. It’s most likely to send transactions to a rival site that is more considerate of a user’s time.
(Editor's Note: I'd like to hear someone logically explain to me how that is safe...let alone "safest? Presumably he is saying that of the four choices, it's the safest, but that does NOT make it safe)
There is one more option. Have the customer "swipe their card" ONE-TIME (and enter PIN if it's PIN Debit Card) into a PCI 2.x certified device, whereby it is instantaneously encrypted, send the encrypted data to a secure HSM which then stores the card holder data for future purchases. They can enable as many cards as they wish for their mobile e-wallet and when they are done, they can pass along our device to a friend or a family member to allow them to do the same. (click picture above right to enlarge)
Continue Reading at StorefrontBacktalk
Learn more about HomeATM's Mobile Checkout Solution: (click to enlarge) or go to web page here
![Reblog this post [with Zemanta]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sFt_Yj2Ot1uGFxQpv0Dbc3UtWTZIhL_lLudDFmqkb2gSeANRbC-bwU7lMCF2kXYwf0xXgFMRqclrkaE3EyEJfI9dBuCLFHCHwdZS0xb00nwmuGifPVzD46f8quSJRJxl8sv-NPB4qJqA5mCQ4mgKbC=s0-d)
