Retailers are continually testing new payment methods to make transactions faster, more efficient and seamless. And at a time when the collection of personal data is both an asset and a potential liability, they’re also seeking methods that have a high level of security.
A new smartphone app being launched this year by a London-based startup offers online and mobile shoppers the ability to make a purchase with just a fingerprint. And with the technology built on a blockchain platform, the company says the app has the potential to bring greater security and efficiency to retail transactions.
The app, called Nuggets, looks much like Apple Pay and other digital wallets that rely on the fingerprint scanners built into current smartphones. First-time users enter their personal information by scanning a photo ID and then taking a selfie to make sure their face matches the ID. They then enter their credit or debit card data and then a fingerprint to become a “trusted” user.
When making a mobile purchase from a seller who accepts the app, the user can choose to pay by Nuggets and then swipe their fingerprint to approve the purchase with no need for a login or password. When buying online on a computer, merchants who accept the app send a code to the user’s phone that then allows them to use their fingerprint, also without the need for a password. So far, the app only works on mobile or online rather than in stores.
Once a user makes their first payment on the Nuggets system, they receive notification that the transaction was good and went through. As users build their history on the network, they can process higher value payments even faster.
The retailer, meanwhile, receives an encrypted code approving the transaction, but not the buyer’s credit card data or other personal information, according to Nuggets. With no sensitive data received, there’s no data to store and no data to hack, the company says.
Introduction of the app comes at a time when retailers face increasing scrutiny over data security as the creation and collection of data grows at an astonishing rate. According to a recent report from IBM, 90 percent of the world’s data was created in the past two years.
Consumer data has long been a high-profile target for hackers, and data protection is a top priority for the retail industry. The 2017 Verizon Data Breach Investigations Report found retail accounts for less than 5 percent of data breach incidents, or about one-fifth the number seen by the financial services industry. But because big retailers are household names with a direct relationship to consumers, it’s often retailers’ names who end up in the headlines — even when the breach involves a retailer’s customers but actually happened at a bank or card processor. The attacks can cost retailers millions in financial losses and in brand damage whether they’re to blame or not.
Regulators around the world are also taking a closer look at how companies handle and secure data. In Europe, the new General Data Protection Regulation goes into effect in May, and will call for data minimization and stronger penalties than current law. It’s expected to have ramifications for U.S. retailers that operate in Europe, and could also open the door for similar regulations in the United States.
This growing collection of data, rising risks for brand damage when a risk occurs and new regulations are a “perfect storm” that shows the need for retailers to create a new system of transacting, says Nuggets CEO Alistair Johnson.
“How we’re storing data is a broken model. It’s a scary business to be in when you’re just trying to sell goods and have to be worried about data breaches, embarrassment and possible fines,” Johnson says.
Less data to hack
Retailers have been searching for ways to make payments more convenient, while improving security. Many have been bolstering cybersecurity initiatives, making better use of encryption or tokenization and exploring mobile wallets and alternative payment methods.
One strategy has been for the retailer to hold less information to begin with; that’s where Johnson says Nuggets hopes to fit in. Johnson says it gives peace of mind back to the consumer and reduces the burden and potential liability for retailers.
“They don’t have to worry about people forgetting their password every time they come back to the site, and they don’t have to store their credit card information. It allows them to transact easily,” says Johnson.
Building on blockchain
Developers looked at various cloud-based solutions while creating the app but were ultimately attracted to blockchain because it offers “zero knowledge storage,” Johnson says.
Blockchain, the technology which was initially created to support bitcoin, has grown to have many applications in a number of industries. Experts say the “distributed ledger” system — where information is stored on a database hosted at multiple sites by multiple institutions — could bring revolutionary changes in how consumers and retailers transact online.
Prakash Santhana, fraud and risk leader at Deloitte Advisory, says it offers a secure and nearly tamperproof record as transactions are collected into “blocks” and then “chained” against each other in chronological order and distributed across multiple servers. Bain & Company also recently said in a report that distributed ledgers have the potential to improve transparency, speed and efficiency in payments.
The decentralization enhances security with multiple layers of redundancy and transparency, Johnson says. Individual accounts are encrypted and can only be unlocked with the account owner’s fingerprint. Eliminating the need for user names and passwords also reduces the risk that those can be stolen by key tracking, social engineering or malware. And the platform is so secure and so private that not even Nuggets can access the information on the platform, he says.
“It’s very secure and a straight biometric, private key. We are effectively an enabler, not a holder of that information,” Johnson says.
How much impact Nuggets might have, however, is directly tied to whether it is embraced by consumers and retailers. More established and better-known mobile wallets are widely accepted at retailers but have seen relatively little use by consumers — only 22 percent of consumers had tried Apple Pay and only 4 percent were using it on a regular basis, according to a 2017 survey by PYMNTS and InfoScout.
A 2016 National Retail Federation survey found retailers had little interest in mobile wallets beyond industry leaders like Apple Pay or Google Pay, with two-thirds saying they planned to accept only one or a few rather than all that are offered.
Digital currency as a bonus
Nuggets is also launching its own digital currency, Nuggets Tokens, offered as a bonus for consumers who sign up for the app, refer someone, make a payment, verify their ID or share “nuggets” of personal data. The company says the currency will count toward payments at retailers who accept the app.
The Nuggets app will be available across multiple payment gateways and ecommerce platforms. Retailers that wish to utilize it will need to do little more than add an icon and script at their site much like they would with PayPal or other payment options.
In addition to the potential for greater security, Nuggets says it could help improve online conversation rates and reduce cart abandonment by making transactions simpler.
As of December 2017, Nuggets was testing its system with the Financial Conduct Authority in the United Kingdom. Johnson says the company is seeking partnerships with global banks and has had “strong interest” from retailers. “On our side, from the block chain side, we’re already proving out some payment gateways and ecommerce systems, so we’re in a very real place with the product at the moment,” Johnson says.
Craig Guillot is based in New Orleans and writes about retail, real estate, business and personal finance. Read more of his work at www.craigdguillot.com.