Mobile Muddle: When Will ISIS Start Making Sense?

Written by Frank Hayes
April 6th, 2011

The muddled mobile-payments scheme from Verizon, AT&T and T-Mobile, dubbed ISIS, just keeps getting more puzzling. On Tuesday (April 4), the group announced a pilot project to let mobile phones be used to pay for rides on Salt Lake City’s buses and local trains, in addition to purchases at local retailers. But the big announcement is for a project that won’t go live for more than a year—and for a public transit system that already allows customers to use contactless credit and debit cards to pay for rides. This will take a year?

Meanwhile, Sprint—which was left out of ISIS’ announcement of its formation in November—now says it was originally part of the group, but left. Although ISIS member Discover was originally presented as the only payments network ISIS needed, it now appears that Discover may not have an exclusive deal with ISIS after all. All this confusion comes in the face of one clear fact: Mobile operators should have the easiest time doing true mobile payments. When will they get their collective act together?

In the case of ISIS, it won’t be until at least mid-2012. That’s when Salt Lake City’s transit system, the Utah Transit Authority (UTA), will be entirely “ISIS-enabled,” making UTA “the first commercially available mobile transportation fare payment program in the U.S.”

Well, maybe. That’s only if Apple, Google, Visa, MasterCard, Chase, Citi, Bank of America, Sprint or anyone else in the long line of mobile-payment wannabes don’t cut a deal with some other transit agency. (MasterCard may have the inside track on that, because it has already done a contactless trial with New York City’s transit system.)

Salt Lake City retailers are also part of ISIS’ plan—or at least ISIS thinks so. The group didn’t name any specific retailers that have agreed to use ISIS for payments, just that it’s talking to the local Chamber of Commerce. Considering that long list of would-be mobile-payment companies—some of which, like Google, have been sweet-talking retailers into participating in pilot programs—it’s baffling that ISIS isn’t being more concrete.

In fact, ISIS turns out to be a lot more vague in many areas than you might have thought.


One Comment | Read Mobile Muddle: When Will ISIS Start Making Sense?

  1. T.Anne Says:

    I can’t help but feel I am missing something – I’ve heard this point several times in regrads to ISIS and how they should do mobile payments/purchases:

    “a mobile operator can authenticate a customer, and already does that every time the customer makes a phone call.”

    But really – they’re just authenticating who the phoen is tied to… it doesn’t know when I hand my phone to a friend so she can make a phone call… as far as it knows, it’s me making it. And what if I lose my phone? Anyone can make a call with it – until I report it lost/stolen, the phone doesn’t authenticate that it’s not me using the phone…

    So why would it be so great to use the phone to authenticate the user and add the purchase to their phone bill? In my opinion – there are enough unauthorized third party charges that can be added to your phone bill (usually getting there through social engineering or spam)… we don’t need another way to tack on more charges… unless the phone company wants to be the one to write off unauthorized charges. Short of reporting your phone lost/stole, would they even be willing to correct the charge?

    There is a lot of grey area here – and many ways for people to be able to work the system (sadly)… I fail to see how using a cell phone could possibly make it any more secure and prove that it was me using it. Not that anyone checks your ID when you write CID on the back of your credit card either though. Sadly today I don’t think much merchants much care if you’re truly the authorized user or not.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.