Build vs. Buy: Crossroads for Mobile Payment Apps

Mobile payment apps, while slow to be accepted, will be a future source for relationship expansion, fees and potential loyalty. While there are several partnership options available for banking organizations, is it time for banks and credit unions to consider a proprietary alternative?

Commerce has evolved over the 10,000 plus year history of society. The Internet age introduced online banking 20 years ago, and now 80% of bank consumers in the developed world are using it. In the span of just the past four years or so, mobile banking has grown to 52% of smartphone owners. And now, mobile payment applications (apps) have taken the market by storm and are the hottest area in commerce today.

Because of the growth of mobile and mobile payments, most bank and major card issuers are at a crossroads and asking themselves whether to launch a standalone payment app or add mobile HCE (Host Card Emulation) payment capabilities to an existing bank-branded app.  Although this integration may not necessarily bring an instant success for mobile payments, it does offer some indication as to how mobile payments are evolving. In the midst of all this mobile banking hoopla, some of the banks are contemplating whether they have to participate in third-party wallets such as ApplePay, AndroidPay, SamsungPay, CurrentC etc.

Key Factors for Decision Making

There are several key factors that bank and card issuers need to consider before making a decision to participate in third-party wallets or to build their own standalone HCE payment app or a proprietary wallet app. Key factors that must be considered include security, trust, privacy, innovation and consumer relationship.

Mobile banking serves three major functions … informational, transactional, and promotional. Informational functions are balance and transaction history and ATM & branch locators. Transactional functions include bill pay, peer-to-peer payments, amount transfers and remote deposits. Promotional functions include consumer retention & acquisitions tools such as new product introductions, consumer service, help information, and alerts.

Similarly, mobile payments serve two major functions – i.e., online or in-app payments and in-store payments. Online or in-app payments correspond to digital purchases on mobile devices, which in most cases is part of payment options embedded inside the retailer apps. In-store payments also cover payments made in physical store through near field communication (NFC) built into the phone, using HCE (Host Card Emulation) or a similar technology used by AndroidPay, ApplePay and others. Because of the scope, most of the focus is on the in-store and in-app features of the mobile payment apps, where credentials are stored on the mobile device itself and need to be secured.

Given the very personal nature of mobile devices and the ‘always on’ aspect of consumer use, mobile payment apps are particularly appealing for new and broader range of services.  Thus, expectations to enrich the experience of both mobile banking and mobile payments are higher than ever, as more smartphones are making their way into more hands.

Security Issues

Interestingly, the Federal Reserve’s Consumers and Mobile Financial Services 2015 survey reported that the majority of the non-users of mobile banking or mobile payments apps do not use these apps, as they are mainly concerned about the security of the mobile technology.


Adding fuel to the security anxiety fire, analysis of top mobile banking apps for iOS and Android devices from around the world has revealed that most apps have been vulnerable to various attacks and subsequently exposed sensitive information. Researchers found that all the tested applications could be installed and run on compromised devices. This poses a greater security risk in itself, as these hacks circumvent device-provided protections and allow malicious apps to access sensitive information in other apps that would normally be protected on non-compromised devices.

Based on the various market reports, there is every reason to believe that hackers are increasingly redirecting resources to attack mobile banking. It is widely believed the marketplace is about to see significant increases in the number and sophistication of attacks on mobile devices. Protecting mobile devices and transactions will be imperative for banks. This is not only security issue, but it also links directly to their brand equity as well.

Thus, banks need to ensure that their banking & payment app is secure enough, irrespective of mobile OS type or version, to protect the sensitive data of their consumers as well as to protect their own brand reputation as well. And this can be possible only when banks manage the security of their own app containing banking and payment credentials, rather than relying on a third party wallet provider to protect their consumer data.

In short, if a better and more secure option exists, then why trust the third-party wallet providers, who can’t protect their own data?

Easy Breaches

As an example of the risk involved, during its beta release, CurrentC was breached. As can be imagined, if a wallet loses credit card information, consumers will panic and this destroys both wallet and a card providers brand. Last but not least, when some banks have already decided to embed the security technology to protect their mobile payment app, the same technology can be used to protect the mobile banking app as well, if integrated. This proposition makes even a stronger case for banks and card issuers to having their own secure, integrated mobile banking and payment app.

While discussing the option of using a third party wallet provider, it is important to note that they all want a cut of the transaction. Obviously, they are here to make a profit as is apparent when looking at some recent acquisitions in 2015. Looppay, touted to be most accepted mobile wallet, acquired by Samsung. Paydiant, a white label platform for mobile payments, loyalty, offers and more, acquired by PayPal. Finally, SoftCard (formerly ISIS), an NFC wallet offered by MNOs, acquired by Google.

Privacy Concerns

Privacy is another key concern, because third party wallet providers ask for transaction data for each consumer to calculate their cut. Banks unwillingly are forced to share the transaction data of their consumers, which can be used for other purposes by third party wallet providers. This is one more reason third party wallet provider can play “frenemies” with the bank and card issuers, today, to take over when the time is ripe. Right now, most third party wallet providers are new in the payment market and need banks to extend their reach.

This brings the discussion to another interesting factor: the consumer relationship. If a bank owns the wallet, it increases their chances to expand and offer services such as mobile coupons/incentives, barcodes, and new product information that allows consumer research and cross selling & acquisition directly, which is not the case when they subscribe to third party wallets. Direct consumer relationships also allow banks to innovate around their own product & service offerings that directly impact their own consumers. However, if banks and card issuers choose to go to market via third party wallets, they will be restricted to innovate and communicate, not own the relationship, in comparison.

Consumerization of IT Issues

Another important consideration is the user experience because most mobile OS providers, except iOS, have announced support for HCE functionality, so they need to know how to offer a secure, consistent and uniform user experience on different types of OS and versions. As we know, consumerization of enterprise IT represents the growing trend of employees bringing their personally owned mobile device into the work environment (BYOD) which causes stress to the IT organizations by employees demanding access to the Enterprise environment through their devices.

To have consistent user experiences along with the security layer, irrespective of Android, Blackberry, Windows mobile or OS, banks will benefit by having their own wallet app to serve their consumers more effectively. BYOD is particularly relevant for the internal apps for bank employees as well as significant enough for its customers, as many of them own multiple mobile devices, and often are loaded with different mobile OS and versions.


In today’s world, a digital wallet is a natural extension of the trusted relationship between a consumer and its bank. Besides payments, the integrated wallet app can offer more valuable features that help consumers to monitor their financial position by accessing their balance and transaction history as well as manage their spending, including real-time notifications for all transactions and instant rewards redemption options. The integrated wallet app also allows bank to offer a clear differentiating factor, to leapfrog its competition.

The integrated wallet app may also allow users to collect, collate and access various rewards and coupons on debit and credit cards offered by its bank. Such a solution would offer choices to people and making their consumers’ lives easier. In comparison, third party wallets have sole access to the consumer and charges banks a transaction fee for facilitating purchases using its technology.

So as banks reach this major crossroad, it seems the obvious, wise and now realistic solution in terms of security is for banks to build their own payment application.

This article was originally published on . All content © 2024 by The Financial Brand and may not be reproduced by any means without permission.