Using NFC, Carriers To Secure Mobile Payments? Ann Taylor’s CIO: “The Most Exciting Thing Out There”

Written by Evan Schuman
March 6th, 2011

Michael Sajor, CIO for the 907-store apparel chain Anne Taylor, is frustrated and baffled by how telecom carriers are avoiding getting directly involved in retail mobile payments. If they did, he said, especially if using Near-Field Communication (NFC), it would be “the most exciting thing out there.”

“The carriers know something about. They authenticate you, and it’s reasonably difficult to falsify or spoof that authentication. If you’re holding that device, there’s a pretty darn good chance that you are who you say you are, as you’ve authenticated with the mobile network,” said Sajor, who was recently promoted to CIO from Chief Technology Officer. “Wouldn’t it be interesting, wouldn’t it be nice to use that authentication to authenticate you for your mobile experience all the way through the entire mobile payment channel? That would take away the logins and all of that kind of thing. You’d probably want to have some secondary protection: PINs or whatever. But if you could actually use that authentication in a sensible way to seamlessly permeate the entire experience, now you get a much more holistic experience based on what the carrier already knows. The data is already there. We just have to be able to get to it. I don’t think we’re quite at that point yet.”

Sajor’s point, made in an IT leader panel moderated by StorefrontBacktalk, is that if NFC was part of that process, it would address quite a few of retail IT’s current mobile payment challenges. The panel discussion is available as a series of stories and podcasts from the event.

“NFC, in general, I believe has an unbelievable potential. In some geographies worldwide, NFC—or NFC-like approaches—has been used with the carrier taking a role in the payment process, with billing appearing in the carrier billing. In other cases, it’s been feed-through,” he said. “But NFC in general has that opportunity to start using that authentication process to share that data electronically between [the consumer] and the retailer dynamically. What an opportunity! You walk into the store. You pass by an appropriate detector. Now suddenly I, as a retailer, know what I need to know about you. I know who you are, and I’m darn sure you are who you are. I can do whatever I want to do in the background around CRM.”

That CRM reference could cut both ways, Sajor said, meaning that it could log everything the customer is doing, in addition to allowing store associates to seamlessly have full data about the customers who are nearby.

“Suddenly I can have on my device—whatever it is [the associate] is carrying—details about [the customer’s] last purchases, the projects [the customer has] been working on, clothing preferences, whatever,” Sajor said. “It opens up an entire new arena of possibilities in In-Store mobility that, for me, has got to be the most exciting thing out there.”

Sajor added that he is confused by the initial move of ISIS—an effort by AT&T, Verizon and T-Mobile to standardize mobile payments from the telco side—to avoid letting such payments even appear on telco bills. “I’m not quite sure I understand why ISIS has made the choices it has made. It’s a little curious,” he said.

In that panel—which we have turned into a series of podcasts so readers can hear these conversations directly—Cara Kinzey, the Senior VP for IT at Home Depot, was asked whether Home Depot’s mobile payment processes are able to treat the chain’s preferred payments methods (such as their private label payment card or a Home Depot gift card) differently. She said that ultimately is a possibility, but not in the near term.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.