Security Choices, Mobile Style

Given that payment security is always a matter of strategic and sometimes philosophical choices, it shouldn’t surprise anyone that that latest hot trends in payment—mobile commerce and in-store mobile transactions—are filled with even more frustratingly maddening choices.
For example, I was talking the other day with a CIO for a Fortune 500 retail chain and he was talking about mobile commerce and mobile payment—two very different things—not merely as sales and marketing tools, but as a way to potentially save a ton of money on interchange fees paid to the various card brands.
Retailers have for years screamed about what they see as exorbitant and potentially monopolistic payment card charges. Through rose-colored POS screens, they hope that something as radically different as mobile commerce would give them the means to escape, or at least seriously reduce, those fees. This particular CIO saw this 3-5 years out, which is when he hoped that most cell phones would ship with embedded encrypted payment chips.
The out? Such devices could potentially access consumer bank accounts directly, not unlike a debit card, sidestepping the Visas of the world. It’s an compelling idea, but there are several reasons why it would likely never work for a major retail chain. First, the risk to a consumer is lightyears (continue reading...)