Starbucks Manager: 'Fan of NFC'; Keeping Bar Codes for Now

While the head of innovation for the popular Starbucks prepaid payment card declares that he is a "big fan of NFC," the giant coffee-shop chain is not about to wait for NFC phones before introducing mobile payment, the manager told NFC Times.

As the company continues to expand the trial of its Starbucks Card Mobile App for smartphones–this week announcing another 300 stores in the New York City area would join the test–Chuck Davidson, category manager for innovation for the Starbucks Card, said the 2-D bar code technology the app uses is delivering on its promise.

"Mobile payments could be powered by NFC someday, but bar codes are our proxy right now," Davidson told NFC Times. "My job is innovation, and while I’m a big fan of NFC, I feel a tremendous need to get to learning about mobile payments as quickly as possible. Our thinking was to get in the game and learn about this from a customer behavior standpoint, and the quickest way was through bar-code technology."

The introduction of the Starbucks Card Mobile App to New York City, announced Monday, comes after the Seattle-based chain has had nearly a year to evaluate its performance in 16 stand-alone stores in Seattle and northern California, and units inside more than 1,000 U.S. stores of mass merchandiser Target. 

As in the original test stores, Starbucks will equip the 300 company-operated stores in New York City and on Long Island with 2-D scanners capable of reading bar codes displayed on screens of customers’ iPhones, iPods and, more recently, BlackBerry handsets.

After the customer scans the bar code at the point of sale, Starbucks deducts the amount of the purchase from his Starbucks Card account over the network. The app also lets cardholders track the card balance, add to it with a major credit card, check the status of rewards points and locate nearby Starbucks outlets.

Customer Interest in App Grows
Davidson said stores in the initial test phase have seen customer interest in the mobile application grow steadily. While he wouldn’t provide hard numbers on the volume of transactions, Davidson said the trial has exceeded expectations in terms of customer use and performance of the system. The key to its success, he said, is upfront development work that focused heavily on user-friendliness.

"People say they love using it," he said. "It’s very intuitive and you don’t need to be a propeller head to get it. We wanted to provide customer utility with this, and we think we’ve also got the 'cool factor' working for us as well."

Davidson said he’s been surprised that customer use of the app continued to build well after its introduction. Customers have consistently reported how "fun" it is to use smart devices to pay, suggesting that users are comfortable with the mobile-payment concept. The app is also fast. Davidson said project team members have timed the mobile-payment transaction and found it to be speedier that either cash or plastic–whether debit, credit or Starbucks Card.

"I was afraid we’d drop off after seeing some big usage at the start," he told NFC Times. "But we didn’t see that, and instead saw the big bump followed by a gradual increase."

But is it Secure?
Some industry observers point out that bar-code-based payment is much less secure than NFC or cards using smart card technology. For example, a fraudster could make a copy or take a picture of a customer’s static bar code and simply put it in a PDF or JPEG file on his own phone to use.

Davidson said there have been no documented cases of the Starbucks Card Mobile app getting hacked. And while users are not required to enter a pass code when they open the app, it’s an option for those who don’t mind for the transaction to take a little bit longer.

Drew Sievers, co-founder and CEO of U.S.-based mFoundry, which developed the app for Starbucks, downplays the security issue as well. He said if bar codes are generated dynamically so that they could be changed on customers’ handsets frequently and if the application allows for their proper storage on handsets, security risks are minimal. Plus, the risk of losses from hacks is mitigated because the Starbuck Card is a closed-loop payment scheme. Of course, any dynamic updates to the bar codes on customer phones would require a mobile-network connection to complete.

The bar codes in the Starbucks Card Mobile app, however, are not dynamically generated, Sievers confirmed, so they remain static on the phone.

Einar Rosenberg, an NFC expert and chief technology officer for Narian Technologies, observed that despite the clear success of the Starbucks test, there is a security gap with bar codes that looms as a major hurdle to widespread adoption of bar-code mobile payments. And he said it argues for a quick transition to NFC phones, once the devices become available.

"The Starbucks product shows that mobile payments is not only accepted by consumers, but also is a benefit to retailers," he said. "What I don't agree with is using bar codes for payment since it’s less secure, and more importantly, it doesn't have the commitment from financial institutions and standardization for payments, like NFC does."

Sievers, whose company develops mobile apps with an emphasis on financial services, sees NFC as the most popular mobile- payments platform of the future. But such companies as Starbucks that want to get their feet wet in m-payment aren’t willing to wait for the various members of the NFC ecosystem to iron out their differences.

"This bar-code technology is being used in mobile applications that were envisioned as being managed by NFC, but since there’s been no agreement on a business model to take this to market, with too many stakeholders trying to figure out how to get something out of it for themselves, innovative companies have made the decision not to wait and instead get cracking via bar code technology," Sievers told NFC Times. "Bar codes are ubiquitous and easily adaptable to any handset. They’re a logical stepping stone to contactless open-loop payments."

Until NFC-enabled phones and other contactless-mobile payment options become available, Sievers said closed-loop bar-code applications like Starbucks is deploying are poised to help both merchants and consumers get more comfortable with mobile payments.

"It takes less time to shift customer behavior now because of the pervasiveness of technology," he said. "Comfort with using ATMs took longer than mobile banking; mobile banking was taken up faster than online banking, which was taken up faster than ATM usage. Now, there’s a direct correlation between the penetration of smartphone technology and a shift in consumer behavior for seeing phones as something more than just a phone. What Starbucks is doing further validates mobile payments and benefits the entire industry."

Adding Features, Android App
Of course, Starbucks Card Mobile transactions will remain a minuscule percentage of total Starbucks Card spending for some time to come. The chain recently released some figures on customer use of the card, noting that users are on track to load more than $1 billion in their card accounts this year. As of the end of the third quarter, sales of cards were up by 17% compared with last year and reloads on existing cards increased by more than 59% from last year.

Davidson told NFC Times that plans call for expanding the exposure of the mobile-payment service, including adding features, though he did not elaborate.

"For now, it's all about adding more stores and making sure that we're letting more people try this,” he said. “We have a smartphone platform we're tethered to now, and we'd like to add more to it, and maybe extend it to other areas besides mobile payment and add more features and functionality."

And he indicated Starbucks would offer a payment app for Android smartphones, noting that the chain has been “hearing quite a bit” from customers that they want it. Starbucks introduced an app for BlackBerrys early last month and said the iPhone and BlackBerry users account for a combined 71% of its smartphone-packing customers.

As for NFC and other forms of contactless-mobile payment, Starbucks will be fully engaged in evaluating what they bring to the mobile-payments picture, Davidson said.

"NFC is appealing, but we’re very comfortable with the bar-code platform," he said. "I’m responsible for the innovation pipeline with the Starbucks Card, and so I’m looking at everything. But it’s a matter of where NFC is sequenced on the roadmap. When do customers have NFC phones whether they know it or not, and when do they not have to contend with dealing with multiple handset makers and new carrier accounts? We don’t know how far out that is, but when it meets our criteria for helping people to pay with their phones, let’s think about it."

Article comments

 
BrianJames Oct 29 2010

I think Mr Rosenberg should be asked to elaborate on the security concerns and how any that he points out are compared to that of NFC. NFC ambassadors are using this security fear tactic regarding mobile barcodes because NFC is failing while mobile barcodes are expanding rapidly. IF there are were legit security issues that were isolated to mobile barcodes as a form factor, they would be pointed out....

 
Narian Nov 3 2010

I appreciate BrianJames points. The truth is, that this would take hours to explain every point, but I'll start with just a few. First off, security concerns are not limited to just stealing information, they run the gambit and can include everything from stability, reliability, standardization, redemption/denial procedures, and more.

A side example to elaborate the following points is denial of service attacks on the internet. It doesn't steal your money, but it can stop you from using your money, and it's considered a security threat. So please keep an open mind on what security means and not limit it.

Let's just touch on a few points. NFC is a standard that is fully accepted by the card associations, financial institutions, and security groups. It's a single standard. 2D is not accepted as the key standard by any of the above, who currently are the only true nationwide infrastructure for payment. Not to mention there is one standard for NFC, but over a dozen variations of 2D ranging from datamatrix, microsoft tag, semacode, etc.

Standards are important to security because they creates reliability. I'm secure as a consumer that it will work. Now let's also more on the reliability aspect of security–such as NFC is a more dependable technology for environmental issues. To read 2D, you need an optical scanner, which requires proper lighting and no distortion issues from the phone screen. Small things like smudges from a cheek can actually distort images on the screen, thereby limiting reading, and other subtle but environmental aspects.

Optical scanners are expensive and are not even being considered as standard integrated options on POS terminals, unlike NFC, which is being pushed by the major POS players.

Security isn't just about stealing your info, it's also about me making sure it works, over and over. Money in my phone is useless if someone steals it, or if someone stops me from using it.

Cold and heat can also effect optical scanners, but NFC terminals in POS are less likely to have that issue, and with no true mechanical parts, are less likely to break, unlike optical scanners that can be damaged, scratched, painted on, etc. Are you going to replace an optical scanner every time some kid with a permanent marker destroys the lens?

Let's talk another aspect of security, the redemption/denial aspect. It's the part where if someone steals my info and uses my money, with NFC, which is accepted fully by the card associations, it allows me to call up Visa or my bank and dispute charges and have laws to back me up and protect me.
If someone steals my Starbucks card, is there truly a standard method to argue charges or any laws laid out to make sure I get my money back, or that I only get charge no more than 50 bucks for the money used?

Let's look at another aspect of what I see in security such as securing me in that I can use it in as many places as possible. This technology (and application) is specific to just Starbucks, but I want a payment technology on my phone that doesn't require me to setup 20 accounts and download 20 2D barcode apps to use in 20 different retailers. Security is not just about stealing information, it's about making sure it works, making sure no one else can use it, making sure i can use it in as many places as available, making sure as a retailer I have the lowest liability of damage and the highest reliability of usage, making sure there is a standard dispute process to get my money back, making sure its easy to use and not cumbersome to get registered to use everywhere, and the list can go on.

Now to point out on 2D aspects that you might worry about as a general case of security: If it's a static image, I have to worry that someone can copy my screen, and reload it on their own phone. But let's say it's a dynamic screen, on which the barcode changes. I either have to make sure I have an Internet connection to communicate with a server that will give me a new barcode each time–and you know how reliable Internet connections on phones can be in some places–or I have to have an application that is secure, that allows me to generate a new one that is accepted and known by the payment server. Now with NFC, we have a secure element, certified by global platform specs. I don't hear 2D payment being integrated into a secure element, so if it is on the OS, it leaves it open to hackers and because it's on the OS, it would require payment providers to develop that secure application for generating secure dynamic 2D barcodes for dozens of phone OS's–and possibly have to modify them each time each OS is updated.

I could go on and on and on. But if you limit security to just stealing my information, you're limiting your view of security. I want to be secure that it works, works everywhere, works always, works easily, works if i lose my money, works if a dozen other issues arise.

I have to admit, this is a quick response so I know there are some points that might need elaboration. But I'd like to add that we've develop 2D products, nfc products, Bluetooth, WiFi, GPS, SMS, etc. We might be known as specific to NFC, but trust that NFC is only part of what we do, so I do know 2D. When it comes to payments, NFC is the best technology, and it might take a bit longer to get into the market than 2D, but it will be better than 2D and don't bet on 2D for payments in the long run, bet on NFC.

 
richsr Nov 24 2010

Both technologies will be critical to the future: NFC and dynamic, open standard QR codes at the register and dynamic QR codes in reverse for eCommerce - a different method than the way Starbucks has currently deployed barcodes (patents pending).

P.S. Reading 2D codes at the register is being done not only with expensive optical scanners but with low-cost, versatile smartphones and Android devices as well.

Please register or login to post a comment.

HEADLINE NEWS

Australian Transit Agency to Launch Mobility-as-a-Service Trial as It Pursues Long-Term MaaS Strategy

Plans by Transport for New South Wales, Australia’s largest transit agency, to launch a trial enabling users to plan, book and pay for multimodal rides is the next step toward the agency’s long-ter

Updated: U.S. Transit Agency Seeks to Reduce–Though Not Eliminate–Cash Acceptance with New Fare-Collection System

Updated: The Spokane Transit Authority in Washington state confirmed that its new fare-collection system will include contactless open-loop payments–with a beta test planned for next October, a spokesman told NFC Times' sister publication Mobility Payments.

UK Government Seeks to Bring London-Style Contactless Fare Payments System to Other Regions

The UK government’s plan to equip 700 rail stations over the next three years to accept contactless open-loop payments is a major initiative, as it seeks to replicate the success of London’s contactless pay-as-you go fare payments system elsewhere in the country–a goal that has proved elusive in the past.

More Cities in Finland Expected to Move to Open-Loop Fare Payments

A fourth city in Finland is beginning to roll out contactless open-loop payments, with “more in the pipeline,” according to one supplier on the project, making the Nordic country one of the latest hotspots for the technology.

Moscow Metro Expands Test of ‘Virtual Troika’ in Pays Wallets, as It Continues to Develop Digital-Payments Services

Moscow Metro is recruiting more users to test its “Virtual Troika” card in two NFC wallets, those supporting Google Pay and Samsung Pay, as one of the world’s largest subway operators continues to seek more ways for its customers to pay for rides.

Ohio Transit Agency Expects Significant Revenue Loss as it Builds Equity with Fare Capping

The Central Ohio Transit Authority, or COTA, officially launched its new digital-payments service Monday, including a fare-capping feature that the agency estimates will cost it $1.8 million per year in lost fare revenue, the agency confirmed to Mobility Payments.

Special Report: Interest Grows in ‘White-Label EMV’ for Closed-Loop Transit Cards

As more transit agencies introduce open-loop fare payments, interest is starting to grow in use of white-label EMV cards that agencies can issue in place of proprietary closed-loop cards for riders who don’t have bank cards or don’t want to use them to pay fares.

Swedish Transit Agency Launches Express Mode Feature for Apple Pay, though Most Ticketing Still with Barcode-Based App

Skånetrafiken, the transit agency serving one of Sweden’s largest counties, announced today it has expanded its contactless open-loop payments service to include the Express Mode feature for Apple Pay.

Major Bus Operators in Hong Kong Now Accepting Open-Loop Payments–Adding More Competition for Octopus

Two more bus operators in Hong Kong on Saturday launched acceptance of open-loop contactless fare payments, with both also accepting QR code-based mobile ticketing–as the near ubiquitous closed-loop Octopus card continues to see more competition.

Moscow Metro Launches Full Rollout of ‘Face Pay;’ Largest Biometric Payments Service of Its Kind

Touting it as the largest rollout of biometric payments in the world, Moscow Metro launched its high-profile “Face Pay” service Friday, as expected, and predicted that 10% to 15% would regularly us

Indonesian Capital Seeks to Expand to Multimodal Fare Collection and MaaS

Indonesia’s capital Jakarta, whose metropolitan area is home to more than 30 million people, is notorious for its stifling traffic congestion. In response, the government metro and light-rail networks and now it is funding an expansion of the fare-collection system to enable more multimodal payments and to build a mobility-as-a-service platform.

Exclusive: NFC Wallets Grow as Share of Contactless Fare Payments and Not Only Because of Covid

Transit agencies that have rolled out open-loop contactless payments are seeing growing use of NFC wallets to pay fares, as Covid-wary passengers see convenience in tapping their phones or wearables to pay.