Mobile Security: Are We Square?

 Author: Lee Wetherington, lwetherington@profitstars.com

I have a confession. I just accepted my first personal credit card payment from a colleague down the hall, and I’m on a payments high. Sure, it was only a dollar, but it was glorious. Not because I used my iPhone, a card-swipe dongle, and a free app to do it. Not because my colleague used his finger to sign for it. But because of what happened next.

Before either of us could recover from the simplicity, elegance, and sheer techie coolness of what just happened, my colleague received an instantaneous text receipt with a link to a map on which the location of the transaction was conveniently marked by a virtual push-pin. Our mouths agape, our payments-geek beanie propellers swirling, we moaned in dumbstruck approval—which immediately prompted the arrival of another colleague.

And this is the real source of my payments high. The experience went viral. Suddenly there were three of us.

Capitalizing on the euphoria, my colleague’s text receipt also included a short, pithy invitation to join…Square. Yes, the same company recently taken to task by Verifone for lax security, Square was the company providing this payments experience.

My colleague tapped the invitation link in his text receipt and signed up with Square in less than 90 seconds. No long forms, no merchant-account setup/approval, no hassle. “Give me that,” he said, taking my card-swipe dongle and inserting it into his phone. “Now you pay me that dollar back.”

“You can’t use my dongle!” I insisted, though not sure why. “Besides, you haven’t even set up and verified the account into which you want my dollar deposited.”

“Let’s just see if it works,” he said. And it did. It worked.

Within 5 minutes, all three of us were planning our next respective opportunities to win friends and influence people with our smartphone card tricks.

Now, depending on where you’re plotted on the continuum of freedom and security, what I’ve just described either frightens or fascinates you. The frightened will ask a series of predictable questions. “Where did the dollar go? Why is he allowed to use your dongle? Could he possibly pay himself, bypass cash advance fees, commit kiting?!”

The fascinated will celebrate the freedom. “You mean you don’t have to be a business to accept a card payment? Anybody can do it? Sign me up!”

As we migrate to a mobile-centric world, payments are the holy grail. Recent announcements by Google, Verifone, and others fuel the long-held hope that ubiquitous wave-and-go, tap-and-go convenience at the point-of-sale is near.

That said, the single biggest barrier to mobile adoption is fear surrounding security. But fear is on the front end of everything new and worthwhile in our industry (credit cards, online banking, remote deposit, etc.). And fear is especially prominent in payments—for good reason.

At the end of the day, however, what moves us through the fear toward better, faster, cheaper ways of engaging and transacting are transformative experiences that compel breaks with old behaviors. Granted, Square has some encryption homework to do, but it has nailed the end-user experience, democratized card acceptance, and raised the bar on usability, without which security is largely moot.

Security must ultimately square with breakthroughs in usability, but usability moves us forward.

So, are we square?