Mobile payment (m-payment) is a point-of-sale (PoS) transaction made or received with a mobile device.
Mobile payments are gaining popularity with consumers not only for their convenience but also for their security, because with many types of mobile PoS systems, credit card data is not saved on the merchant's PoS terminal. The consumer's mobile device actually becomes a security token that generates a random code for each transaction. Depending upon the technology used, the token may be transmitted over the air (OTA) or entered manually into a keypad by the consumer.
When consumers use mobile payment, the merchant and the mobile payment service provider share responsibilities for protecting the consumer's data. The exact division of responsibility between the merchant and payment processing service provider will vary depending upon the specifics of the device types, software and services in use.
The term mobile payment also includes technologies that allow merchants to use mobile devices to accept credit card payments. In February 2013, the Payment Card Industry Security Standards Council (PCI SSC) released guidelines to educate merchants about the risk factors involved with using mobile point of sale terminals. The guidelines contain recommendations for three important considerations that affect all mobile PoS systems:
- How to prevent account data from being intercepted when it is entered into the merchant's mobile device.
- How to prevent account data from being compromised if it is processed or stored within the merchant's mobile device.
- How to prevent account data from interception upon transmission out of the merchant's mobile device.
Technologies being used for mobile payments include Near Field Communication (NFC), Bluetooth, WiFi, and RFI, a short-range transmission system. As of this writing, companies who provide mobile payment systems include Apple, Google, Samsung, Android, PayPal and Square.