ePayments Week: Is "0000" your passcode?

Bad passcodes, in-app payments for all, mainstreaming mCommerce.

Here’s what caught my attention in the payment space this week.

Most common iPhone passcodes

Really bad passcodeOne of the obstacles to mobile commerce is the sense that it’s not secure, but there’s a dead-simple action that can make things a little tougher for the bad guys: consumers can choose original passcodes. App developer Daniel Amitay took a look 204,508 iPhone passcodes and found that the 10 most common (“1234,” “0000,” etc.) accounted for 15% of all passcodes. Amitay also found a whole lot of codes based on year dates from 1980 to the present. Number 3 on Amitay’s list — the code “2580″ — stumped me until I looked at a keypad and saw it’s a vertical line down the middle. Likewise, I needed to look again to see what “5683″ spelled out: LOVE (or LOUD, but I’m guessing love).

MFoundry CEO Drew Sievers cited Amitay’s results in his blog this week, and he also added a few things banks should do to educate their customers — like telling users to never respond to a request for a password via SMS text.

Google In-App Payments

This week, Google made its In-App Payments system available for developers to deploy on any web app. In-app payments rolled out at the Google I/O developer conference in May, but it was initially limited to apps distributed through the Chrome store. Now it works anywhere on the web. It’s similar to PayPay for Digital Goods in that it aspires to offer a seamless purchasing experience for users engaged in games or content. And it’s similar to Apple’s in-app payments for games and subscriptions, except that Google takes a 5% cut compared to Apple’s 30%. (PayPal’s cut is a close second at 5% plus a nickel.)

Mobile payments mainstream in 4 years? How about 2

It finally happened to me this week: the moment where mobile payments crossed the line from an intriguing novelty (at Starbucks, usually) to a serious questioning of why we’re still waiting for this. I found myself out running errands with my phone, but no wallet. Without thinking too hard about it, I had left the house carrying the item that was more essential to me (the phone). Back home, a folded piece of leather stuffed with plastic and paper sat on my dresser. As I groped for a credit card that wasn’t there, it seemed odd that with all of the things I can do with my smartphone — conduct business, keep up with friends, research topics, read news or books, watch any movie I could think of, play games, edit videos — I still can’t pay for a gallon of gas.

That’s changing, of course, and rapidly. Auditing firm KPMG released survey results this week reporting that 83% of 1,000 executives surveyed expect mobile payments to be mainstream within four years, and about half of them think it could be as soon as two years. I’ll be surprised if it takes that long.

Isis takes credit cards

ISISIsis, the telecom-backed consortium to put NFC payment technology and standards into mobile phones, said Tuesday it has signed agreements with Visa, MasterCard, and American Express to let buyers and sellers use those credit cards in Isis’ future system. (Isis launched last November with the No. 4 credit card company Discover as a partner.) Original consortium members AT&T Mobility, T-Mobile, and Verizon Wireless guaranteed near ubiquitous backing among U.S. carriers, but the credit card provider angle seemed a little thin with only Discover enlisted in the effort before this week. These new agreements with virtually the entire credit card industry would seem to be a major vote of confidence in the consortium’s ability to drive a standard for NFC payment that handset makers can get behind.

That leaves the major mobile OS operators out own their own — where they presumably want to be. Back in May, Isis invited Apple and Google to join their consortium, but so far both appear to be content with their solo efforts.

Got news?

News tips and suggestions are always welcome, so please send them along.


If you’re interested in learning more about the payment development space, check out PayPal X DevZone, a collaboration between O’Reilly and PayPal.

Related:

tags: , , , , , ,

Get the O’Reilly Programming Newsletter

Weekly insight from industry insiders. Plus exclusive content and offers.

  • http://www.phonetransact.com Cliff

    Someone will likely make using your phone to pay for things easier than just pulling out a credit card.

    I’m guessing biometrics will come into play to bypass the whole unlock phone, start payment app, enter payment app pin, authorize transaction step.

    Until then don’t expect mass adoption except by techies.

  • David Sims

    Cliff,

    I’m hoping for the same thing, maybe a combination of fingerprint + voiceprint would do the trick.

    That’s a good suggestion for a future post. Here’s a report I missed a few weeks ago, predicting strong growth in the biometrics market for mobile phones:

    Biometrics for mobile phone market to grow 500 percent by 2015
    http://www.homelandsecuritynewswire.com/biometrics-mobile-phone-market-grow-500-percent-2015

  • http://vasilydernis.tumblr.com Vasily Dernis

    David,

    everything is relative, 500 percent growth from a non-existant market is a large percentage yes but in real terms it could still be a small market