Bump Bump!

Bump Pay Will Let Users Exchange Money by Bumping Smartphones

The startup Bump Labs threw its hat into the crowded mobile payments ring on Thursday, launching an app that allows people to exchange money by tapping their phones together.

Similar Articles:

• 
  Bump, Throw, and Catch Files Between Mobile Devices
• 
  Bump
• 
  Android 2.3 Will Do Mobile Payments and Lots of 'Bump'
• 
  Angry Birds Are Real, Take Flight at 2012 Toy Fair
• 
  Android Doubles iPhone in New Smartphone Sales
• 
  Bump

The app, called Bump Pay, builds on the company's core technology, which enables two smartphones using Bump apps to transfer data by being tapped together. Unlike NFC (near-field communication), which Google and others are promoting for mobile payments, Bump requires physical contact between devices. The company's current app, called Bump, allows users to transfer contact information and photos.


To use Bump Pay, a user types in how much money he or she wants to send and then bumps phones with the intended recipient. Bump's software determines which two phones collided. The app then transfers funds from one user's PayPal account to the other's. Both users must have previously downloaded the app and linked it to their PayPal accounts.

"Bump Pay is interesting because of its novelty, which may spur trial, but being within arm's reach of the person you're paying back is not always convenient and will limit its usefulness," said Denee Carrington, an analyst with Forrester Research.

But Chris Silva, an Altimeter Group analyst, sees proximity as the right approach in the U.S., "where people are just so paranoid about using any type of technology where there's a transaction taking place and you're not actually exchanging funds or a card."

"I think it makes sense for what people are going to feel comfortable using," Silva said.
As for the security of the app, Silva noted that some Bump Pay users could claim that they had accidentally tapped another person's phone, and thus attempt to recoup their funds. "There's a risk, but it's almost completely borne by the credit card issuers and the banks who are going to be stuck arbitrating those disputes."

Bump Pay will compete with Venmo, Square and PayPal Here, among other companies.

Bump Pay is initially available only for the iPhone

EMV in Limbo

The journey to align U.S. payments processing security standards with those in most of the rest of the world has all the appearances of progress: "inevitable" is the word most often heard in connection to EMV, and MasterCard and Visa have set what seem to be migration deadlines. Yet for card-issuing banks, there's still a frustrating lack of clarity that's requiring a U.S. migration strategy reliant on contingencies and agility. The banks know the standards are coming, but still don't know exactly what they'll look like.

What is clear is that the magnetic stripe-dominated payment system is on its way to the museum and will be replaced by a standard to be named later that links mobile, Web, point of sale and contactless payments requiring vast IT adjustments that impact both processing and security.

"Mag stripe is 50-year-old technology," says David Porter, a general manager for JPMorgan Chase. "We look at the swirl of things going in payments, such as RFID, ISIS, Google Wallet, Visa Wallet, etc. ... However long it takes, it will settle on the next universally updated payment methodology in the U.S., which we still don't know at this time."

Successfully navigating the new processing maze depends on harnessing the growth of two payments components that feed off one another - near field communication-enabled contactless payments; and pressure from retailers and card networks to apply EMV payment card security in the U.S.

EMV refers to Europay, MasterCard and Visa - a global standard for security chips in payment cards that is widespread in other countries, but just beginning to make inroads into the U.S. after years of reluctance due to the cost of changing payment terminals to accept chip payments. EMV is not regarded as foolproof - studies have shown EMV cards to be susceptible to man-in-the-middle attacks - but is considered safer than mag stripe cards because the cards are harder to counterfeit.

While EMV migration creeps into the U.S., NFC-enabled payments are also starting to take shape as card networks, telecoms and handset manufacturers target the market with mobile wallet solutions. The conversions of payment terminals to accept contactless payments in the U.S. are expected to include EMV migrations.

The problem is that no ubiquitous NFC model and EMV model for all merchants and issuers to use for processing payments has emerged, impacting interoperability, slowing conversion and requiring IT execs like Porter to engage in multiple strategies - continuing old payment methods while preparing for contactless and EMV in some future form. "It's not clear how it will evolve," Porter says. "We have to be sure to be prepared in the back office and make sure our systems can process mag stripe, EMV or contactless payments."

UNDER PRESSURE
While the scant U.S. EMV adoption so far has been for travel cards, substantial migration will eventually come from card network and retail pressure.

Wal-Mart has been pushing for EMV adoption for years, and Visa and MasterCard are also pushing EMV in the U.S. By October 2012, Visa says any merchant that accepts 75% of its yearly Visa transactions via contactless and contact chip transactions will not have to validate compliance with Payment Card Industry Data Standards.

By April 2013, acquirer-processors and subprocessors must support chip transactions, and by October 2015, liability for fraudulent transactions on chip cards will mostly fall on merchant acquirers instead of issuers, if the merchants don't have chip-accepting terminals. For MasterCard, ATMs in the U.S. will have to accept EMV cards as of April 19, 2013.

Discover is also pushing EMV migration - though there are differences. MasterCard and Discover are pushing Chip and PIN, citing security, while Visa's Chip approach says online processing removes the need for the offline authentication of Chip and PIN.

"The changes in liability will push the risk back out to retailers and will force them to react by accelerating the swap-out in the terminals," says Ron Shevlin, a senior analyst at Aite Group.
While uncertainty surrounding consumer demand and prevailing tech models for NFC mobile payments and mobile wallets remains, the argument is that merchants that upgrade payment terminals to accept mobile payments will add EMV acceptance capabilities at the same time.

"The contactless part is very important," says Zilvinas Bareisis, a senior analyst at Celent. "The link between contactless terminals and EMV payments ensures that not only are these terminals accepting chip payments, but it's a way to ensure they are paving the way for mobile payments as well."
But both contactless and EMV standards are being hamstrung by the fact that in the U.S they really aren't standards in the way that word is usually used.

The lack of collaboration among stakeholders in the NFC payments market is well documented, as telecoms and handset manufacturers both have their own preferred method of delivering mobile payments. But Porter says there are lingering differences on the EMV front. Issuers, merchants, card firms and regulators in the U.S. still aren't on the same page - mostly over liability, the burden of terminal conversion and simple politics.

What made EMV work when it was rolled out in the U.K., for example, was the joint effort of a government mandate, bank users and the associations, which collaborated on an aligned system," Porter says, adding that these groups worked with merchant associations and hardware manufacturers to put EMV in place. "Those are four or five different disconnected bodies, but there was momentum to push it. The alignment of interests right now in the U.S. is not apparent, for whatever reason. For the final standard to emerge there will have to be alignment."

The expense of conversion is also a hindrance. Firms such as Javelin Research have estimated the cost of terminal and card migration as high as $12 billion, enough to cause haggling among stakeholders about who will shoulder the brunt of that cost, while attracting attention from overseas tech firms.

For now, travel-related EMV cards, which are not expected to spark broad U.S. migration, are still where most of the U.S. innovation is.

Chase is offering EMV in the U.S. in a manner similar to institutions such as Wells Fargo, the United Nations Federal Credit Union, and card technology firms like Gemalto: as a perk for international travelers. Frequent travelers are being offered cards that work in the U.S. as mag stripe cards and overseas as EMV cards.

In March Chase upped the ante to include a partnership with Hyatt Hotels. The Hyatt Credit Card will have EMV chip and signature technology, an industry first for a U.S. hotel credit card. The card will have a microchip and a mag stripe to accommodate merchants in the U.S

Global Payments Systems Breach

02 April, 2012 - 09:52

Global Payments breach affects up to 1.5m cardholders

US transaction processor Global Payments says that "less than 1,500,000 card numbers may have been exported" as a result of a systems breach.

Following media reports, the company was forced to confirm on Friday that it had identified and reported unauthorised access to its processing system in early March.

It is thought that only North America cardholders are affected, with 'Track 2' data - including account numbers - compromised but not names, addresses and social security numbers.

News of the breach saw trading in Global Payments shares halted after their price plunged by as much as 13.7% on Friday.

Visa has also removed the company from its list of approved service providers, telling it to revalidate as PCI DSS compliant.