Waiting in long lines at store registers could soon be a thing of the past. The Payment Card Industry Security Standards Council (PCI SSC) has been focusing on a new and increasingly used form of technology that could eliminate the need for traditional payment terminals in the near future. Mobile payments allow merchants to use technologies such as smartphones, tablets and other mobile devices as Point-of-Sale terminals in addition to the payment applications already in the store/restaurant.  With Near Field Communication (NFC) technology, this method can also allow customers to use their smartphones to initiate payment, as opposed to physically swiping a payment card.

Android phones and the most recently released iPhone 4S have incorporated this technology. This means that use of consumer tools like Google Wallet (which allows consumers to store credit card/loyalty card information in a virtual wallet) will continue to increase as consumers begin to use their NFC-enabled phones at terminals that also accept MasterCard PayPass transactions.

Many nationally known retail stores have already started to incorporate mobile payment terminals. By doing so, employees also have the ability determine product availability through the mobile terminals without having to leave the customer’s side. This can lead to a reduced loss in sales due to walk outs and increase units-per-transactions by having a personalized sales environment. 

With a growing number of merchants turning to mobile payments, the PCI SSC has started to take a serious look at how to secure this new payment method. Troy Leach, Chief Technology Officer of the PCI Security Standards Council stated, “Mobile technology offers exciting potential to the payments space, to help realize this securely, the Council is working with its global stakeholders to develop the industry standards and resources necessary for the protection of cardholder data across all payments channels, and for the reduction of fraud for consumers and businesses globally.”

Stores such as Apple and Sephora have experienced great success with integrating mobile payment technology into their stores. Apple employees are equipped with iPhones or iPod touches, this allows them to be with a customer from the moment they enter the store to when they are ready to make a purchase. In September 2011, Sephora introduced mobile point-of-sale terminals into their flagship store in New York City. The mobile terminals were such a great success that Sephora decided to replace traditional point-of-sale terminals with mobile terminals at some stores.

“When customers come in and are ready to pay, they don’t need to stand in line. The sales associate who has been helping them all along can process their purchase and wrap up package,” said Aaron Hagler, Vice President of Retail Solutions Delivery at Agilysys Inc, which is the company that provides Sephora with their mobile terminals. “The sales associate is helping them select product, doing their makeup and working very closely with the customer anyway…This makes a much nicer shopping experience for the customer.”

Seeing the success of mobile payments in the retail store environment, quick service restaurant operators have started using the technology and are also receiving positive results. Starbucks Coffee has had tremendous feedback from their mobile payment system. Starbucks created an app to allow customers to place their order from their phone and pay when they pick up their items at the store. Subway has also adopted mobile payments with the hopes of integrating mobile payment terminals at 7,000 subway locations by the end of first quarter 2012.

As it is with any new technology enhancement, the desire to have the latest and greatest in payment options has made the mobile payment market very appealing to many business owners.  However, with new methods of paying for goods and services, come new risks and opportunities for hackers to steal valuable cardholder information.  This makes setting compliance standards in relation to the mobile terminals essential.  To that point, the PCI SSC is taking a proactive approach to minimize the risk to merchants and consumers by making mobile payment security a topic of discussion at this year’s Annual Community Meeting scheduled for September 12-14 in Orlando, Florida.  But even before that, updates to the PIN Transaction Security (PTS) requirements were made at the end of 2011 and last June the Council issued guidance on the types of payment applications that use mobile technology.  Ultimately, by the end of this year, the Council expects to provide a document that details best practices for securing mobile payment transactions.