Imagine a world where the shopping experience at a grocery store is completely digitized.In this world, your mobile phone has already mapped out an augmented reality version of the entire indoor space and identified the location of products that you may be interested in based on your purchase history.When you add milk and cereal to your RFID-enabled shopping cart, the items on your virtual shopping list mobile application are automatically checked off as you follow your custom guided route to checkout.Cash registers don’t exist anymore and your shopping cart automatically charges your bank account by linking to your phone as you stroll out of the store.While this vision may seem distant, the payments industry has been steadily moving towards this goal as it readily embraces online and mobile payments.

Mobile payments have seen several exciting developments over the past year with incumbents and entrepreneurs aggressively battling for control.This week, the launch of Google Wallet made a big splash on the mobile payment scene and likely will spur significant competitive response by current incumbents.In addition, new entrants have created disruptive innovations such as Square’s announcement of Square Register, a payment product that attacks the old-fashioned cash register industry by replacing existing registers with an iPad payment service.Credit card companies such as Visa have attempted to propel themselves into future payment platforms by developing their own versions of the digital wallet.Even wireless carriers have banded together as Verizon, AT&T, and T-Mobile have done with their $100 million investment in Isis, a new mobile payment network.Apple and Paypal have both remained ominously silent on their long-term plans for mobile payments, but I expect both to respond in the next few months.

Despite the heavy investment in mobile payments, effective mobilization of the technology will be challenging given the large number of competitors.However, a couple of key mobilization strategies will be important in determining which players will emerge victorious.

First, the presence of key complements will greatly enhance the value proposition of mobile payments.For instance, Google Wallet’s integration with Google Offers will enable loyalty programs and discounts to make adoption of mobile payments much more compelling.Similarly, credit cards such as Visa will be able to leverage loyalty programs that they have developed for decades through their primary credit card business.

Second, many new entrants have competed head-on with current payment incumbents such as credit card companies and Paypal, but I expect the most successful payment innovations to first target customer niches and then expand to the general population.The main problem with competing directly in the biggest market is that this elicits an immediate competitive response due to the incumbent’s perceived threat of its primary revenue stream.On the other hand, a new entrant that targets an underserved customer segment may cause incumbents to ignore them while they refine and improve their technology.For instance, Square Register is an innovation that is targeted towards a specific customer segment that is composed of merchants who don’t currently own a cash register because it is either too bulky or expensive.This strategy enables Square to avoid direct competition with cash registers since Square is not threatening the cash register manufacturer’s primary customer base.Square can use this positioning to its advantage by eventually improving the technology and expanding to large merchants.This could be disastrous for cash register manufacturers who will not be able to respond effectively because the cost structure of building a traditional cash register will not allow them to be price competitive with Square.

The mobile payment space is likely going to be a “winner take all” market for a few reasons.First, there are strong, positive network effects.Credit cards, merchants, and wireless carriers are more likely to partner with mobile payment solutions when there are many users signed up.Similarly, more users are likely to sign up with a mobile payment solution if many credit cards, merchants, and wireless carriers have already partnered with that solution.Second, there are high multi-homing costs.Having more than one mobile payment solution defeats the value proposition of having a single digital wallet.In addition, different technology installations for different solutions at the merchant site greatly increase the cost of supporting more than one mobile payment solution.Third, there is limited demand for differentiated products.Mobile payment solutions are unlikely to be vastly different from one another since, at the core, they help to purchase goods in a streamlined way.Loyalty programs and discounts will be important in the mobile payment space, but these complements will also be very similar since they are created at the merchant level.

The next couple years will likely see the resolution of a couple of key battlegrounds in the payment space.The first is near field communications (NFC), a short distance wireless transmission technology, versus pure digital technology.Google Wallet has embraced NFC and uses it exclusively to power its digital wallet solution.However, Square has effectively relied on digitally identifying individuals through the phone and charging an individual’s account through Square Register.The second is how credit cards, technology companies, wireless carriers, mobile phone manufacturers, payment processors, and entrepreneurs will shape the mobile payment value chain.Each one of these parties had attempted to enter mobile payments in their own way, but none have emerged a clear winner to date.

There is no doubt that mobile payments will eventually become prevalent, but there are many barriers that prevent widespread mobile payment adoption in the near term.First, consumers have been accustomed to swiping plastic credit cards for decades and most of them do not trust mobile payment technology.Second, merchants have adopted NFC and other mobile payment technology at a slow rate, thus limiting the user rate of adoption.Third, the mobile payment solutions and partnerships have been heavily fragmented.Google Wallet’s initial availability only with the Sprint Nexus S 4G and Citi MasterCard illustrates the level of fragmentation that will prevent a single product from dominating in the near term.

In conclusion, the mobile payment industry is still far away from the vision I painted at the beginning of this article, but the innovation in mobile payments over the next couple of years will be very exciting to watch.

By: Kenneth Sim

Generally speaking, the goal of any online business is to make money. To do so effectively often requires the business to accept credit cards. However, when a business signs a merchant agreement with a credit card network they also agree (often unknowingly) to maintain compliance with the Payment Card Industry Data Security Standards (PCI DSS). PCI is an industry group made up of the major credit card companies that regulates the usage of credit cards. They created and enforce the PCI DSS, which is a set of standards aimed at securing customer credit cards against theft and fraud. These standards require any company that processes, stores, or transmits credit cards to maintain a secure environment for these transactions to take place. This includes everything from installing a firewall and anti-virus software to ensuring the doors to the server room are locked at all times.

When most small businesses sign their merchant agreement with a credit card company, they do not read the fine print of the agreement, and do not realize that they must be compliant with PCI DSS. Often the PCI DSS clause is only a sentence or two long and if the business does not have a lawyer who is familiar with this clause, they are likely to miss it. This leads to the unfortunate result that if the business ever suffers a security breach where customer credit card information is lost, and the business is found to be non-compliant with PCI DSS, they are subject to heavy fines. These fines can be anywhere from $1 to $100 per card that is compromised partially due to the fact that it costs the credit card companies up to $25 to replace a lost or stolen card. One of the most costly credit card breaches was that of TJX Companies Inc., the parent company of T.J.Maxx, where over 40 million credit cards were compromised and the total cost of investigation and PCI fines was over $200 million.

For smaller online businesses, it is unlikely that they would lose this many cards and would generally be subject to much lower fines. However, considering how cheap it can be to comply with PCI DSS, it would be foolish to not do so even if the business only processes a few transactions a month. PCI DSS classifies merchants based on the number of transactions they have, and companies with the lowest transaction rates only need to submit a self-assessment questionnaire and have a quarterly vulnerability scan of their environment to maintain compliance. Compared to the potential fines they would face if a breach occurred, maintaining compliance is very cheap.

When forming an online business, founders should be aware of, and maintain compliance with, PCI DSS requirements from the very beginning to avoid massive fines if they are breached. Alternatively, online businesses could consider not handling credit cards at all, and either only accept payment via services such as PayPal, or outsource credit card processing to a third party. Although outsourcing to a third party will result in an additional processing fee on top of the credit card companies’ interchange fee, the business will no longer be subject to PCI fines as they effectively transfer the risk of compromise and the burden of protecting the credit cards to another company. In the end, when an online business makes the decision to accept payment for the goods or services they provide, they must weigh the tradeoffs between the added expense of outsourcing and the added expense of maintaining PCI DSS compliance.

By: Frank Nagle