Swiping right on credit cards

About a year ago, criminals hacked Target’s (TGT) computer systems and installed malware designed to gain access to sensitive credit and debit card information.

It was an epic security breach and the biggest hack in U.S. retailing history.

But in a weird way, the mother of all hacks was just the wake up call the retail and finance industries needed to raise their security game to protect the privacy of consumers.


As 2014 draws to a close, there are several innovative and supposedly more secure mobile payment systems in the works that may make it harder for criminals to penetrate.

Here are four interesting approaches:

Apple Pay

Apple (AAPL) recently launched a new payment system that consumers can use with a touch of their finger on iPhone 6 smartphones.

Apple Pay, as the service is called, doesn’t collect any transaction information that can be tied back to a user or previous payment transactions revealing sensitive data.

Actual card numbers are not stored on the device.

Rather, Apple generates a unique Device Account Number that is encrypted and stored on the device.

This special number is walled off from iOS and not backed up to iCloud, so it’s tough for cyberthieves to access.

While it’s early days, Apple Pay has lined up an impressive array of finance and retail partners that will support the service.

They include Visa (V), American Express (AXP), Bank of America (BAC), Macy’s (M), Walgreens (WAG), and Whole Foods (WFM).

Merchant Customer Exchange

A consortium of retailers, including Wal-Mart (WMT), Target (TGT), 7-Eleven, and CVS/pharmacy (CVS), have launched their own secure payment system that uses a mobile app called CurrentC.

A shopper at a check out line opens the app on their mobile device and then scans a QR code on a cashier’s screen.

Then, a special payment a code will appear on the shopper’s phone or mobile device that can be scanned by the cashier.

CurrentC stores sensitive financial data in a cloud vault managed by the consortium.

The app generates a temporary placeholder code for individual transactions rather than constantly passing sensitive data between the user, retailer and financial institution.

Visa checkout

Not to be outdone, credit card giant Visa (V) earlier this year launched a simplified digital payment service called Visa Checkout.

Visa claims the service is a big improvement over the time-consuming and risky procedure of  typing in your credit card information into the checkout field on many e-commerce sites.

Once you have set up an account and shared your payment information with Visa, you are all set.

With your credentials securely stored with Visa, you can approve online transaction with a click of an image, username and password.

Since sensitive data isn’t transmitted wirelessly for every purchase, the odds of getting hacked are much lower.

Google wallet

This Google (GOOG) app lets users consolidate credit and debt data, as well as gift cards, loyalty programs and offers, in one secure place.

Users can then shop online or purchase products on Google Play.

In addition, you can send or request money to anyone in the U.S. with an email account through Gmail or the Google Wallet app.

Finally, you can track your online purchases, get shipping notifications, and view detailed order history using the Google Wallet app.

Whether this new generation of payment systems will be hack-proof is uncertain. After all, hackers have worked around other defenses in the past.

Yet the arms race between companies and cyber criminals is turning out to benefit consumers in one respect: A lot of time and effort is going into making payment systems both secure and convenient to use.


DISCLAIMER: The investments discussed are held in client accounts as of November 30, 2014. These investments may or may not be currently held in client accounts. The reader should not assume that any investments identified were or will be profitable or that any investment recommendations or investment decisions we make in the future will be profitable. Past performance is no guarantee of future results.