Guest Analysis: 3 Reasons to Get Involved in Your SMB Merchants’ mPOS Adoption

Jyothish Varma, ControlScan
September 18, 2014 –  ControlScan has just released a new report detailing its latest research findings on mobile technology adoption among small and mid-sized businesses (SMBs). The report, Mobile at the Point of Sale: How SMBs are Adopting Mobile Devices to Accept Card-Present Payments, is based on input from more than 6,000 US-based SMBs responding to the company’s 2014 Mobile Payment Acceptance Survey.

An important take away from this year’s study is that ISOs, acquirers and other merchant service providers (MSPs) need to get more involved in their SMB merchants’ mPOS adoption. Those who do so will decrease business risk, grow revenue and strengthen their merchant relationships.

But don’t take my word for it! Below are 3 data-backed reasons your business should be actively involved in your merchants’ mPOS adoption.

1) SMBs are steadily migrating toward mobile payment acceptance.
Mobile’s ubiquity presents unique challenges for the SMB. For instance, the need for mobility (and the supporting mobile technology) in a physical business structure is heavily dictated by the SMB’s payment acceptance environment. If there is no real or perceived need to accept customers’ payments from any location, then the SMB merchant is less likely to adopt. However, ControlScan research has shown that the SMB model is ideal for mobility and that there are now a dizzying number and variety of mobile payment acceptance solutions in use in the face-to-face (card present) realm.

Since 2012, ControlScan has been tracking SMBs who use one or more mobile devices to accept card-present payments. In July 2012, only 10% of the merchants surveyed fit this category; in April 2013, the percentage had almost doubled to 17%; and in July 2014, 21% of SMB merchants had adopted mobile at their physical point of sale, with an additional 4% “in the implementation process.”

ISOs and acquirers with a strong mobile presence among their merchant base not only reap the rewards of additional recurring revenue, but they also have greater control over merchant attrition. Serving as a single resource for merchants’ business needs builds strong relationships and loyalty.

2) SMBs are seeking (and adopting) alternatives to Square.
ControlScan has also been tracking SMBs’ usage of Square in relation to other mobile payment acceptance solutions such as PayPal, ShopKeep and those offered by individual MSPs. Over the past two years, MSP-specific solutions have begun to make a dent in Square’s market share.

While Square may appear to be the tool of choice for independent merchants (i.e., those who don’t employ others), ControlScan data shows that Square is actually more popular among SMBs with employees, especially those in the 11-to-50-employee range. These findings suggest a potential opportunity for MSPs who create a solution for merchants of this particular size.

Responses from the 2014 survey also indicate that many merchants are unsure of their options when it comes to mobile payment acceptance. For example, 14% of those who are reportedly in the implementation process have yet to decide on the mobile payment acceptance solution they will use. Now is the time to get out in front of these merchants, as well as those who haven’t even begun to consider mobile but where mobile usage makes sense, and promote the benefits of your organization’s mPOS solution.      

3) Mobile merchants think their service providers have data security covered.
Overall, merchants using a mobile device to accept card-present payments show little concern about the security of the data they work with or of the device itself. It’s possible that mobile technology’s strong influence on consumer-based attitudes and ideals are being transferred into the retail and services environment, such that the buyer and seller alike expect mobile transactions to be inherently efficient and secure. In other words, your mobile merchants think you have security covered for them.

The least of SMBs’ mobile security concerns appears to be the security of the payment card data being transmitted via mobile: 63% of the mobile merchants responding to ControlScan’s survey said they are “not at all concerned.” And, when asked if their level of concern had changed over time, 82% reported that they “feel the same as this time last year.”

The lack of concern and action steps surrounding mobile payment security is a major issue, because a large percentage of mobile SMBs (43% of those ControlScan surveyed) have no dedicated IT support. Recent virus and malware activity indicates that cybercriminals are seeking and discovering ways to specifically exploit mobile devices. With more than one-quarter of SMBs already utilizing or implementing mobile payment acceptance, now is the time to proactively address security shortfalls.

ControlScan recommends that MSPs broaden their focus beyond the mPOS to include solutions that provide additional control over the merchant’s mobile device, such as locate, lock and wipe functionality (for lost or stolen devices), and vulnerability and configuration scanning similar to that which is required for traditional payment systems by the PCI DSS.

In addition, asking mobile merchants to perform a basic risk assessment will help them become more aware of the steps they must take to effectively protect cardholder information as well as the other sensitive data they handle. Merchants can assess their risk using the PCI self-assessment process; completing a PCI Self-Assessment Questionnaire such as the SAQ B-IP will identify any current weaknesses and provide education around a complete baseline of security.

This article was re-posted with permission from www.pcicomplianceguide.org.
[spacer height=3] [divide] [spacer height=3]

The views expressed in the posts and comments of this blog do not necessarily reflect those of ETA.