The mobile payment game goes on and on.
It all means nothing without secure identity.
Recent payment system breaches have all had one thing in common. Simple sets of numbers were stolen that enabled crooks to impersonate other people in dealing with payment networks. This vulnerability has always existed, and will continue to exist until we have some "index term" that identifies us as us in any database, and until that number is protected through some encryption system which assures that, at minimum, identity theft can't be done wholesale.
Current U.S. credit cards use two sets of numbers, written on "tracks" inside the magnetic strip at the back of the card, to show identity. One track has your name and other personal data. This is called "track one." The other track, "track two," has your credit card's data - its number, expiration date, and a three-or-four digit code I like to call the "powerball number" that's supposed to be kept secret. (Ha!)
That last number is really all the security your card has. With just the track 2 data, a thief can create a new card and start buying. It won't be done in your name, the merchants will be the losers, but it's still theft, and it can be done wholesale.
What Square, TxVia and most other mobile payment solutions have in common is that they use this same system, so they benefit mainly existing players, such as MasterCard (MA). Nothing changes. Even Paypal's (EBAY) "Paypal Here" is nothing but an interface, like Square - the present payment processing system remains in place.
That's why Heartland Payments (HPY) which suffered a much worse break-in than Global Payments did, in 2008, one that featured the active participation of someone inside that company, and the theft of both track one and track two data, is now trading for more than its stock brought when that data theft was discovered.
Merchants really have no alternative but to trust the present system, which can cost them anywhere from 2-5% of their gross revenues to cover possible losses.
Systems like the "Trusted Execution Environment" being launched by ARM (ARMH) and two partners would put identity on a chip, inside a device, rather than on a magnetic strip. Bango and Amazon (AMZN) are working on their own system, but that would still interface with existing payment networks in aggregate, with Amazon acting as it does now, as a big merchant interfacing with payment networks, and the same vulnerabilities that took down GPN.
Merchants want a mobile solution because the fees banks, card networks and processors must charge to make up for losses in their present system are burdensome. Congress wants to get a handle on these new networks, in part, as proxies for the banks that stand to lose out.
The Internet industry has been fighting this identity battle for years - their latest effort is called OpenID - but it lacks the general acceptance of the present system. The "powerball number" is still the standard.
Here's the bottom line. For mobile payments to work, for our present payments technology to be safe from thieves, we need a simple, secure way of assuring identity, an "index term" that follows its holder from birth to death, backed by encryption, by biometrics, and by the full faith-and-credit of something very much like a government.
Privacy advocates call such systems "the mark of the beast," but without such a mark we don't know which beast is which beast, and wholesale theft will continue. Only difference might be that, instead of a third party processor or a credit card brand, it may be Google's or Amazon's name that's on the hook when the crooks break in.
That's not really much of a difference. Until you hear solutions for the question of identity, avoid the mobile payments spin zone.
Buy the existing processors.
Disclosure: I am long AMZN.