‍

The race to launch the next big mobile payment application turned into a full out sprint after Apple Pay debuted in the fall of last year. The four front-runners - Samsung Pay, Apple Pay, Android Pay and CurrentC - are all competing for market share in a crowded and quickly changing payments space. Curious what the differences are between them, and which, if any, will be the answer to a growing payment card fraud problem? We break it all down, with the details you need to know:

This post was first published on PaymentWeek.

Given the attention around the mobile payment race, it’s worth noting that Apple Pay is the only system that is currently fully launched. Samsung Pay is currently in trial in South Korea, Android Pay has completed a trial and is waiting for launch, and CurrentC will be launching a limited trial of their own in Q3 of this year.

The differences between these platforms however, go much deeper than their expected launch dates. While Apple Pay and Android Pay are incredibly similar in their capabilities and the technology behind each transaction, Samsung Pay and CurrentC operate in very contrasting ways. Samsung Pay, with its Magnetic Secure Transmission support, which is the exact same technology that current magnetic stripe card terminals have, could very well be the most widely supported platform if it were deployed today. That said, the upcoming industry-wide switch to support EMV chip cards in October could render most MST-only terminals nearly extinct, as all merchants will need to provide chip card readers, otherwise be held responsible for fraud chargebacks that emanate from out of date terminals.

Unlike the other three platforms, CurrentC is banking on bypassing credit and debit cards altogether, unless they’re store branded. They’re hoping customers are comfortable enough with linking their checking accounts directly, and then plan on using QR codes on either the POS terminal or the customer phone to authorize an ACH transfer direct from the bank to the merchant. It is, however, worth noting that during an initial test of CurrentC last fall, the platform suffered a breach of customer data.

But CurrentC isn’t the only one that’s suffered security issues. When Apple Pay first launched in the late fall of 2014, it was plagued with fraud as hackers easily took advantage of the banks’ weak authorization processes and loaded stolen card information onto their own iPhones. Apple has steadfastly held that all cardholder verification steps are up to the individual banks, and that cards are not allowed to be added to Apple Pay until they are cleared by their respective issuing banks. Since then, many banks have transferred this verification step over to their customer call center, but hackers have found ways to exploit that process as well. According to mainstreet.com, hackers are now porting user mobile phone numbers over to their own devices, taking the verification call and continuing to easily loading stolen card info on their devices.

We have yet to hear of different or more secure onboarding processes to be expected from Samsung Pay or Android Pay, though more support from either to help banks with the verification process would likely be met with overwhelming accolades.

What has been grossly overshadowed by the fraud and data breach problems, is that all of these mobile payment platforms have developed unique ways to protect account numbers from being compromised during transactions. All four platforms tokenize account numbers before the transaction is initiated, to prevent merchants from ever receiving the actual card or bank account numbers, which will go a long way toward preventing mega-breaches the likes of Target and Home Depot.

What these platforms won’t ever do however, is eliminate payment fraud altogether. As we learned in the Trustwave Global Security Report this year, ransomware attackers see an average of a 1,425% return on investment for their efforts. The likelihood that they will be deterred by tokenized account numbers or fingerprint verification are slim. This new technology is only a very small piece of a comprehensive payment security and fraud detection strategy, and should be considered as such.

To learn more about emerging payment technologies and how we expect it to affect security, check out our Knowledge Center.