legislation, stacks

Missouri Law May Make Mobile Payments Safer and Slower

January 29, 2015         By: Steven Anderson

There’s a school of thought that, in general, safe and slow go together like hand in glove.

While not everyone agrees with that, there’s a proposed law going around in Missouri that may make this principle apply to mobile payments by introducing a new step to the overall process.

The Missouri law—introduced by St. Louis Democrat Joshua Peters—would require users of mobile payment systems to show a driver’s license or similar state identification when using a mobile wallet app or similar payment system.

Additionally, merchants would be required to record the license number in question, or face full responsibility for illegal purchases.

This is likely being done as part of a larger maneuver to help stem the tide of fraud that’s likely to occur as more stores start taking the increasing array of mobile payment platforms. The law is still in its early stages, so there won’t be much concern about taking ID along any time a mobile payment platform is used for some time to come.

The problem here is that the idea actually makes its share of sense, and yet at the same time, is probably entirely the wrong way to go about this.

There’s little disagreement on the idea that mobile payments should be secure; no one wants to end up on the bad end of a data breach at the store level, or even at the personal level. It’s a difficult thing to get past, it requires a lot of legwork to clear up, and the feelings of personal betrayal are pretty well known besides. It’s not a happy experience.

So on a certain level, Peters’ idea is a sound one, and well worth considering.

But there are significant problems with Peters’ approach.

One, it really won’t prevent fraud. It may well do so at the retail store level, but mobile payments systems are also used online, and this law has pretty much zero effect on a level where a payment system is used, but not in person.

Two, it puts a lot of the burden on retailers. Essentially, not only will they have to check the identity, and record the identity, but is there any kind of protection for the use of false ID? If someone were to come into a store having stolen my smartphone, for example, and created an ID to match my name, would the retailer be liable here too? Would I be on the hook now? The ID matched, after all, never mind that it was a fake.

Three, it increases the degree of complexity involved in a mobile payments-based transaction. Instead of just pulling out a mobile device and paying, now, users would need to pull out the mobile device, make the payment, confirm the payment with a state-issued ID, and then the retailer would need to record the transaction accordingly.

Worse, this has a ripple effect of problems. There’s the obvious hit to commerce; how many people are going to pay on a mobile device if it’s actually slower than paying with cash or credit?

A second hit emerges to privacy; if stores are actually storing consumer payment details insecurely, should consumers trust these same retailers with another piece of personal information?

Again, the basic premise here is sound enough. Mobile payment systems need to be secure. But the problem here isn’t so much insufficient law to cover such incidents as it is lack of security on the part of mobile payment platforms.

That’s being worked on, of course; no one wants to be known as the easy-to-hack mobile payment system. But it’s going to have to be brought up to snuff and fairly quickly, too, lest the government get involved with over-reaching ideas like this one.