As the number of merchants looking to accept digital payments shoots up, cheaper and more capable acceptance systems based on mobile devices are growing fast.
James Wood looks at the benefits – and risks – of next generation acceptance systems.
According to the 2021 Global Payments Report from WorldPay/FIS, cash use at point of sale (POS) dropped by 32 percent over the last year.
Meanwhile, Payments Cards & Mobile’s Digital and Card Payments Yearbooks predict the number o f outlets accepting electronic payments across Europe will grow by 30 percent in the next five years, with Europe’s POS estate growing by 8 percent between 2020 and 2021 alone.
“McKinsey say the soft POS and mobile terminals market could be worth $100 billion in the next five years.”
Do the math, and it’s not hard to work out that there’s a huge number of new merchants out there looking to accept electronic payments for the first time.
In their 2021 Global Payments Report, McKinsey and Co say there’s $100 billion up for grabs to provide small and medium enterprises (SMEs) with new payments services.
McKinsey quantify this opportunity as a shift from owning 5-7% of a merchant’s software spend to owning as much as 40% of that spend.
The vast majority of these new merchants will be small and micro-businesses looking to accept electronic payments as cash use fades.
Meanwhile, whole new segments such as parking, municipal payments and sports venues which traditionally dealt with cash now want to accept contactless payments.
Sunset on the old POS
At the same time as these new merchants go digital, legacy terminal hardware systems with basic functionality – credit, debit and contactless card transactions – are reaching their sunset years.
Often expensive to maintain, these systems also need manual upgrades to maintain compliance with Payment Card Industry Data Security Standards, or PCI DSS.
And as terminals based on PCI DSS v3.2 are due to “sunset”, or become obsolete without upgrades, in Q3 2022, many merchants will be reviewing their options.
“Many static POS terminals are due to sunset in Q3 2022.”
Intent on filling the gap is a new wave of intelligent devices that combine payments with business intelligence functions such as smart inventory, sales analytics and refunds.
Known as “smart POS” systems, these solutions claim to save merchants on administrative time, labour costs and hardware.
If hardware manufacturers like Ingenico and Clover have been working on super-capable static terminals for some time, then rival technologies are emerging based on the processing power of smartphones, in one variant, or lightweight, mobile acceptance terminals in another.
The new breed of micro-merchant looking to accept e-payments for the first time does not want heavy infrastructure that takes weeks to install.
Instead, they want a POS solution that can be up and running within hours, cheap to install and easy to upgrade – and there’s no shortage of options to choose from.
In fact, recent evidence shows that the “soft POS” device market is far outstripping growth in standard ePOS terminals.
“Merchants, particularly SMEs, are attracted to soft POS options for the added-value services on offer, especially data analytics”, says Alex Reddish, Managing Director of modular payment services provider Tribe Payments.
“As well as offering lower ongoing costs, merchants can track the velocity of their transactions, average spend per transaction and other metrics with a few keystrokes.”
Predictions from Juniper Research confirm Reddish’s view: Juniper believe the number of smartphones used for soft POS payments will grow from 3.2 million in 2021 to almost 24 million in 2026, while Grand View Research say POS apps and software will account for half the total market by 2028.
However, Juniper’s research also stresses that soft POS systems may suffer from low consumer confidence around security.
Sounds good – but is it safe?
Concerns about the security of any app, payments acceptance or other, are not misplaced. In mid-2021, it was reported that hacks of android apps led to sensitive data from 100 million customers being placed on the DarkNet, according to security website Check Point.com.
In March last year, Yahoo! Finance reported that US customers of Square’s Cash App had each lost thousands of dollars through criminals hacking the app and removing all funds: by Q3 2021, tutorials were even appearing on video streaming sites informing would-be hackers how to steal from payment apps.
Despite these risks, Sebastian Gollwitzer, SVP of Merchant Products at NetPay/FiServ, says there are steps developers can take to safeguard their apps: “From a developer perspective, it’s a question of building proprietary security systems on top of standard, off-the-shelf software components”, he says.
For Gollwitzer, the reward of being able to accept payments quickly and easily will outstrip the perceived risks for many merchants: “For many, handling contactless payments on a mobile device can offer endless opportunities to extend sales – from taxi firms to delivery companies.”
“Hacks of android apps led to data from 100 million customers being released on the DarkNet.”
Smart terminals: the hardware option
As many of us will have noticed, the use of mobile devices for payments acceptance has expanded hugely during the pandemic.
Rising just as quickly, however, are purpose-built mobile acceptance devices that work either in tandem with a mobile device (such as SumUp’s Air product), or as stand-alone specialist devices, like the PAX 90 terminal.
While the SumUp Air is an entry-level product, purpose-built mobile POS devices offer an almost endless array of business intelligence functions on top of payments: recurring payments, bill splitting, inventory management and payments velocity analysis among others.
Jody Muehlegger, COO at Handpoint, explains: “At the end of the day, merchants want to maximise sales. And the best way to never miss a sale is with a dedicated payment device.
Today’s smart payment devices accept contactless cards and PIN, as well as offering a wide range of business intelligence tools. They offer merchant service providers more choice – plus customers trust them.”
While customers might trust dedicated payment devices, hackers will still attempt to target them.
In Q3 2021, Florida law enforcement raided the offices of PAX technology on the suspicion that the company was dropping tracking malware into payments applications, and using the terminals as staging posts for cyberattacks against US and British firms.
Both PAX and one of its major customers, FIS WorldPay, subsequently refuted claims of malpractice on the part of the Chinese firm, with FIS stating that they “had found no evidence of malpractice on the part of PAX.”
According to Muehlegger, such concerns were in any case misplaced because, “layers of security in dedicated smart terminals help protect all parties by locking down the ecosystem, verifying app validity, encrypting data and governing where that data can go.”
Given the widespread rise in hacking and fraud across both in-person and digital payments channels, whether via cards, websites or mobile wallets, it’s unlikely that security concerns will prevent merchants from adopting either soft POS or mobile POS devices in the years ahead.
Compared to static terminals, mobile terminals and soft POS apps represent such dramatic improvements in functionality and flexibility that the benefits would appear to far outweigh the costs.
That said, more merchants are looking to move higher proportions of their business to the online environment, while also exploring request-to-pay arrangements with social media apps, though this is likely to prove something of a distraction to the wider displacement of cash by electronic payments.
For the foreseeable future at least, expect to see even more mobile terminals popping up everywhere from taxis to street food vendors, personal trainers and delivery services.