ePayments Week: How to steal coffee from your friends

Starbucks skips security, Visa wants a cut of those Smurfberries, and Nokia's CEO sets a fire.

Here’s what caught my attention in the payment space this week.

How to steal coffee from your friends

Starbucks mobile payment screenIf you can’t get your friend to buy you a cup of coffee, this week there are helpful hints on how to steal it from them by exploiting some pretty obvious gaps in the security on Starbucks’ mobile payment system (which we tried out a few weeks back). The embarrassing part is that there is no security on the app, other than perhaps keeping it in your pocket.

Update: Thanks to our readers who pointed out that you can set a pass code in the Starbucks app’s preferences menu.

Mobile Commerce Daily explained how to swipe from your friend’s app: wait until your friend excuses themselves to visit the restroom, and hope they leave their iPhone on the table. Then grab the phone, open the Starbucks app, press the touch-to-pay button that generates a bar code, and grab a screen shot of the bar code. After closing the app, mail the screenshot to your own iPhone, remembering to delete the picture from your friend’s. If you manage to accomplish all this before your friend returns from the restroom, you’ve just scored yourself a pass to drain out your pal’s Starbuck’s card. Clearly, it’s a security gap that Starbucks should address. But at the risk of sounding like a socialist, if someone needs coffee that badly, maybe we’d better let them have it.

On the serious side, this story points to two larger issues. The first is obviously security. As we increasingly store sensitive information on our phones, including financial data and the ability to make purchases, we’re going to need to get more serious about security. Pass codes to lock a phone and various apps to find or “blow up” the data in stolen phones already exist, but many people don’t bother with them. Biometric security — the ability to unlock your phone with a thumbprint or retina scan — can’t be far behind. And at least one effort is underway to use “gait analysis” to shut down your phone if someone other than you walks away with it (providing you don’t share the same limp).

The second issue points to convenience. As I noted last month, if every retailer sets up a proprietary purchasing app, checkout will become a ridiculous exercise in pawing through apps. But even a one-app-pays-all solution has to be implemented cleverly if it is to win converts, according to Kevin Woodward, editor of ISO and Agent, which covers payment issues. “It has to be easier than a credit card,” Woodward said in an interview. “You can’t walk around with the app open, and if you need to fish around in app menus to find it, most people are going to reject it.” Woodward cites the lack of uptake for contactless payment with systems like MasterCard’s PayPass a few years back, noting consumer uncertainty and expense for merchants apparently stymied adoption. “Someone has to figure out a way to make it a better transaction experience, not only for the merchant but for the customer as well.”

Visa buys PlaySpan, a virtual goods payment platform

Visa says 45% of the $948 billion e-commerce transactions processed in 2010 traveled through its network. But it doesn’t want to miss out on the growth that’s happening in new markets, like virtual goods. So this week it announced plans to buy PlaySpan, a Silicon Valley company with a payment platform for virtual and digital goods — things like in-game purchases or electronic documents and recordings. Josh Constine at Inside Facebook has a great write-up of PlayScan’s business and its place in the social game industry. The post includes a helpful graph that hints at the complementary skills of Visa and PlayScan.

PlayScan has a development platform called Monetization-as-a-service that helps integrate in-game payments on a variety of platforms. Visa doesn’t. But it has something that PlayScan lacks: name recognition and a piece of plastic in every adult player’s wallet.

Last fall, Inside Facebook asked game players what service they would most like to use when buying virtual goods. Nearly 40% said Visa, a little more than 20% opted for PayPal, and PlaySpan’s UltimateGameCard received a “participant” ribbon. By integrating PlaySpan’s platform as a front-end feeder to its payment network, Visa hopes to catch a larger piece of the virtual goods pie, which Inside Facebook predicts will grow to $2.1 billion in 2011. Now that’s a lot of Smurfberries.

Jump, Nokia!

Oil platform
Nokia’s new CEO Stephen Elop has finished his internal review of the company and come to the conclusion that it’s in deep trouble. In a leaked memo, Elop used the metaphor of a man trapped on a burning platform, making the decision to leap into the icy water in order to survive. Once the leader in mobile handsets, Nokia finds itself under attack from Apple on the high end, overtaken by Google’s Android in the mid-range, and overcome by Asian competitors at the low-end. As if to punctuate the need to jump, Gartner reports this week that Android sales grew 888% in 2010, and Android is now the dominant smartphone operating system, beating out the Symbian systems that Nokia has used in its phones since the Napoleonic Wars.

The leap that Elop wants Nokia to take looks like it will be straight into the arms of his old employer, Microsoft, which has struck a deal to put its Windows Mobile 7 into Nokia smart phones. That news came after rumors that Nokia had also been in talks with Google about a similar deal. A tip that those talks had failed came in the form of a cryptic tweet from Google vice president Vic Gundotra, who told his 5,300 followers: “Two turkeys do not make an eagle.” Nor could they escape a burning platform without plunging into icy water.

Got news?

News tips and suggestions are always welcome, so please send them along.


If you’re interested in learning more about the payment development space, check out PayPal X DevZone, a collaboration between O’Reilly and PayPal.

Related:

tags: , , , , , ,