Accessories
Mobile Payments: Starbucks Finds Success in Simplicity
When we hear of using smartphones to pay for goods, we often think about Google Wallet, ISIS, PayPal‘s new initiatives, or Square, but Starbucks is the rising star and one that has found success in this emerging, yet volatile, market. The retail coffee chain’s app, which is used to pay for beverage and food purchases at many of Starbucks locations, is now driving the bulk of the $500 million worth of transactions in North America.
“The vast majority of these payments were made using Starbucks’ phenomenally successful smartphone app,” a recently published report from Berg Insights reads, “whereas mobile wallets that can be used at multiple merchants have yet to gain traction.”
Part of the reason for Starbucks’ success could be attributed to the app’s simplicity. The app, which works much like a gift card, allows users to show their Android or iPhone at Starbucks, where the phone will display a bar code that can be scanned at the point of purchase. The transaction amount is immediately deducted, and users can re-load the virtual card through their phone or at a retail location at any time. In addition, Starbucks offers a loyalty program that rewards frequent visitors with free drinks, refills, and food.
“Value-added services that enable new shopping experiences before, during and after payments will be what truly distinguish mobile wallets from the traditional payment instruments”, said Lars Kurkinen, telecom analyst, Berg Insight.
But another part of Starbucks’ early success is that it doesn’t require additional infrastructure and therefore could be loaded directly onto any phone.
Whereas Google Wallet and ISIS requires both an NFC radio on the consumer’s phone and an NFC-equipped reader on the merchant side, an app that has either a scannable barcode or QR code doesn’t require additional hardware. Starbucks could roll out incentives too as part of its app experience in real time with push notifications and free iTunes music and app downloads through the iPhone version of the experience. PayPal’s credit card scanners as well as the Square card readers have been enabling small businesses to do more, but lack the loyalty and rewards program that Starbucks delivers as part of its app experience. On the other hard, Square and PayPal Here allows users the use of a single credit card that could be used practically anywhere whereas the Starbucks digital experience is limited to Starbucks locations.
And part of the Starbucks simplicity is perhaps why Apple is still not yet adopting NFC on its phones. By using iCloud and its Passbook service, which is in many ways like the Starbucks app, Appletickets allows users to be able to use their phones without additional hardware and merchants could readily accept loyalty cards, boarding passes, , and gift cards as they already have barcode scanners so no new, expensive hardware is required.
Any as no additional hardware is required, Starbucks and Apple do not have to go through carriers for approval, Most carriers in the U.S. block Google Wallet from accessing the NFC chip on the phone as they want a cut of the profits for handling these transactions, much like how credit card companies get a processing fee from the merchant. Perhaps, if Google initially sold a reloadable Google prepaid debit card, like a Starbucks gift card, that is then tied into the Google Wallet app, and the Internet giant relied on a QR code for scanning rather than an NFC tag, then adoption may be simpler. The risk here is that a QR code isn”t as secure as an NFC tag and may not bode well for more expensive transactions.
Still, while progress is slow on the mobile payment side, the market is expected to balloon to a $44 billion industry within the next 4 years.
William Hugh Murray
06/05/2013 at 3:42 pm
“The risk here is that a QR code isn”t as secure as an NFC tag and may not bode well for more expensive transactions.”
“Nothing useful can be said about the security of a mechanism except in the context of a specific application and environment.” Neither QR or NFC make any security claims. Both have a potential to leak data. However, in a world in which, to a first order approximation, everything is persistently connected to everything else neither needs to send anything that is sensitive.
Let me give you an example. This morning I paid for my coffee at Starbucks with a one-time QR token that I obtained from Square using my iPhone. Square would not even have issued me the token if my iPhone did not tell it that I was near Starbucks. After Starbucks claimed the token, I could have blown it up and posted it on a billboard. While anyone could decode it, no one, not even Starbucks, could use it again.
In fact my coffee was charged to my American Express Card but that was known only to me, Square, and American Express. That information was not in the QR token. My credit card number was not in the token. Starbucks knows that Square will pay them for my coffee but they do not know who will pay Square or how they will do it.
Square immediately told me, via the app on my iPhone, that Starbucks had charged us $1.65 for my coffee. Moreover, I could have reconciled the transaction to my American Express Account using the American Express app on my iPhone. (Because this transaction looks to American Express like a “card not present” transaction, depending upon my security preferences, American Express would confirm the transaction to me by email.)
Hey, Guys, this is a secure transaction. It’s security does not depend upon the secrecy of the communication between my iPhone and Starbucks’ point of sale device. While we used a QR code, the application would have had the same security if it had used NFC.
Off course, anything built by man can be defeated by man. Under some circumstances, I can cheat this system. So far, I have not figured out how to do it efficiently or repeatably.
Our retail e-commerce system is falling apart because of Mag-stripe and PIN. The communication between a payer and a point of sale device using a conventional debit card and PIN pad is every bit as likely to leak as either QR or NFC and what leaks is reusable. Almost anything else we do will be an improvement.