Mobile payments: What will it take for beacons to take the next step? (2024)

Beacons — those little ad-beaming mechanisms littering storefronts today — have been heralded as the ultimate mobile app partner for retailers. But as they exist today, they do little more than make Madison Avenue come-ons, teasing shoppers with discounts and offers that the beacons (and even the beacons in conjunction with mobile apps) can't deliver. How can this loop be closed? Can beacons directly process payments? Unlikely, but indirect payments are all but a certainty, although that's at least a couple of years away.

Why are beacon indirect payments so inevitable? Because they're needed. The current beacon messages come close to teasing shoppers, asking them if they want a compelling discount, but having no direct way to deliver if the shopper says "yes." "Do you want 45% off that product you're looking at? You do? Great. Go stand in the checkout line and when you get to the front, you can add a step to checkout by displaying this barcode." That's hardly a major step forward in removing friction.

The much better way for that beacon interaction involves the beacon's app riding atop whatever mobile wallet is already on that mobile device, in effect mimicking an in-app payment. That way, the interaction is closer to "Do you want 45% off that product you're looking at? You do? Great. Click here and you're done. It will be charged to the default card in your wallet. No need to stand in a line at all."

The issue then becomes the best way to deliver the product to the shopper. The easiest route — the one the mobile wallet defaults to, the one that retailers need to do the least work for — is for the item to be shipped using the normal e-commerce method. But that may not always be optimal, or even desirable, in a beacon reality.

For example, consider why that discount is being offered. Is it a manufacturer's incentive or a retail-chain-wide promotion? If so, ship away. But what if that discount comes from the store manager, who wants to clear out the last five of a product that simply isn't moving? Taking that product out of e-commerce inventory — from a distribution center warehouse — may miss the point? "I'm only offering the discount to get rid of this specific in-store item. You want to take it from the e-commerce warehouse? Get the e-commerce guy to pay for that discount out ofhisbudget," said the hypothetical store manager.

The struggles with beacons also extend to a pragmatic issue. It is almost universally accepted that firms that make beacon offers must be disciplined and severely restrict how many promotions any shopper receives. If that doesn't happen, shoppers will quickly tire and will either delete that application, restrict its ability to send offers or even cut off all beacon communications entirely. Once cut off, it will be extremely difficult to convince that shopper to again trust beacons.

Like everything else with beacons, it's not quite that simple. Let's say that a manufacturer is making the beacon offers and chooses to limit shopper interactions to a reasonable two per day. The problem is that the shopper might have a large number of beacon-communicating apps on his/her mobile device.

"Shoppers will have apps from a bunch of beacon companies. There could easily be 20, 30, maybe 40 Bluetooth apps on each phone. Something has to give," said Robert Hanczor, CEO of beacon vendor Piper. The most likely solution, he said, is that mobile OSes (Google's Android and Apple's iOS primarily) will have to set their own limits.

"A lot of it will really be up to Apple to figure out who gets cut off and who doesn't," Hanczor said. "Some apps could be shut out."

The biggest hurdles, though, relate to security. Not data-breach-level security, but physical and shopper settings security. On shopper settings, a beacon requires that smartphones need to be connected wirelessly and have Bluetooth activated. Walking around in a crowded shopping mall with Bluetooth open is a big security no-no. Of course, that doesn't mean that most shoppers won't do it anyway.

"There are a large number of Bluetooth sniffing and wardriving software out there. We recommend people keep Bluetooth off," said Wolfgang Goerlich, a cybersecurity strategist at CBI, an IT risk management company. He adds that there are essentially no ways to secure Bluetooth communications, which are essential for beacon interactions.

"By the very nature of the way VPNS work, it precludes them from security Bluetooth communications. Firewalls are not going to do it, either," Goerlich said. "There's no particular way to secure Wi-Fi. What is going to need to happen is that, instead of trying to secure Bluetooth per se, we'll end up with better controls on the devices."

How bad are the risks if Bluetooth is unprotected? Pretty bad. "Bluetooth is easier to fake than NFC and it doesn't require you to do anything physical. [Thieves] can attack the phone and take control of the phone," Goerlich said. "This is huge potential identity theft. They can install back doors, take over camera, microphone and they can mimic the biometric authentication. If the challenge goes to the phone, they're in."

Beacons likely are the way forward for mobile payments, but we still have to take it a few steps farther for it to be viable.

Related:

• Retail Industry
• Payment Systems
• Bluetooth
• Mobile
• Security
• Small and Medium Business

Evan Schuman has covered IT issues for a lot longer than he'll ever admit. The founding editor of retail technology site StorefrontBacktalk, he's been a columnist for CBSNews.com, RetailWeek, Computerworld and eWeek. Evan can be reached at eschuman@thecontentfirm.com and he can be followed at twitter.com/eschuman.

It’s time to break the ChatGPT habit