The ‘convenience versus security’ battle is well documented in the payment technology space. Although usually positioned as a trade off, with endless surveys asking respondents to choose between the two, it is dangerous to position it as such – consumers shouldn’t be led to believe that a seamless user experience translates to compromise from a security perspective.

mPOS technology presents a familiar user experience at point of payment – inserting an EMV chip card into a reader and entering a PIN. This ‘known’ interface will doubtless encourage consumer acceptance of this technology. However, it is unsurprising that some niggling doubts may remain for many – is it as secure as a regular POS terminal? Where is the data stored? Who can see it? We’re constantly told by our banks not to disclose our PIN, give it to a call centre operator, or enter it into an unknown device – surely mPOS flies in the face of this advice?

In fact, the simple mPOS consumer interface hides the complex underlying infrastructure that allows mobile devices, with their open architecture and unlimited connectivity, to play a role in highly sensitive payment card transactions.

It is true that mobile devices don’t provide the level of security required for payments – they don’t need to. Through use of Point-to-Point Encryption (P2PE) the phone or tablet is only ever a ‘connectivity portal’, with no sensitive data available to or saved on the device. Data is encrypted at the very first opportunity (point of capture), protecting the transaction on the portable card reader or card acceptance dongle right through to the payment processing infrastructure – the merchant IT system never ‘sees’ the data. In fact, mPOS terminals deliver stronger security benefits than traditional terminals in this respect.

mPOS terminals are further strengthened through the use of hardware security modules (HSMs). These provide a critical extra layer of security at the payment gateway, ensuring that all keys and sensitive data (such as PINs) are never available in cleartext form to the gateway server. This separates the interactions with the merchant and acquirer systems – even an attack on the merchant network (often targeted by fraudsters) will not compromise the security of the information.

Merchants are extremely conscious of the importance of customer experience at point of payment, seeking partnerships with payment services providers who can offer not only the necessary security but also a range of interfaces and handsets to enable them to tailor the customer interface.

Of course, there is a natural inclination amongst those in the mPOS ecosystem not to communicate the risks in the system to consumers for fear losing public confidence. However, it is only by explaining the system, and how it relates to (and builds upon) the established payment infrastructure, that consumers will see that the convenience of ubiquitous card acceptance does not come at the expense of data security.