M-Payments Provider Wants to Talk to You, before Accepting Your Payment

I had to read this announcement of the latest mobile payments service to come out of Des Moines, IA twice and to do some additional research to finally be able to figure out exactly what was being offered by Shazam, a debit and ATM card network.

There is a lot of technical and industry jargon to get through in what I read, so I’m not sure if a lay person would be able to make much sense of all that, but here is the essence. Shazam’s mobile payments platform would enable a cardholder to make a payment only after she first receives a call from the payment processor to confirm her identity.

This is a very novel idea, to be sure. But is it a good one? Yes, we are assured that the technology behind the service is very secure, which we have no real reason to doubt. But that isn’t enough to help me make sense of it. Here is why.

Shazam’s Mobile Payments Process

Firstly, though, let’s briefly review Shazam’s PIN-based mobile transaction cycle. A debit card payment would be processed through the following stages:

1. A debit card is swiped through a reader attached to an iPhone or an Android-based device.
2. The system generates a voice call to the customer’s cell phone and the customer is asked to authenticate herself.
3. The customer enters her PIN into her mobile device.
4. If the PIN is successfully confirmed, the transaction is completed and an electronic sales receipt is generated and emailed or texted to the customer.

Shazam’s platform also supports signature-based credit and debit card transactions. I can’t be certain, as I couldn’t find any details about it, but it seems like signature-based payments will be processed in a Square-like fashion. If a Shazam representative reads this post, I hope they will provide some more information about that.

Is This a Good Idea?

The company goes into great pains to convince us that their system is secure, using language like this:

The technology behind the Pentagon mobile payments application is unique to the marketplace as it uses Adaptive Payments’ 5DSecure(TM) five factor-dual channel authentication technology to authenticate PIN debit transactions quickly and securely.

Of course no one knows what a “five factor-dual channel authentication technology” is. What cardholders do know is that PIN numbers are regularly stolen from ATMs, which I don’t think anyone believes are any less secure. The question a cardholder is likely to ask is: “If a hacker can penetrate an ATM system, would a cell phone-based transaction present that big of a challenge?” And my sense is that Shazam may not be able to respond in a convincing, non-technical way.

But that is not the issue here. See, even if people are convinced that their information is securely handled, the whole process is extremely cumbersome. To complete a payment, a customer must first receive a call to her cell phone. I don’t know about you, but I find this excessively inconvenient and unnecessary. I mean, what’s next? Calling my issuer to let them know that I’m about to use my card at Starbucks? Come on!

The Takeaway

The important point that Shazam seems to have completely missed when designing their mobile payments platform is that convenience is valued extremely highly by cardholders. Yes, the security of sensitive transaction data is paramount, but it is also something we take for granted. Of course the companies that process our payments should protect our personal information! That makes sense and it is also required by law. But do they really need to call us before each payment is processed? Well, I know what my answer to this question is, but what’s yours?

Image credit: E15.cz.