Besides making the world a better place, mobile apps are also designed to give their vendors some tangible gains. And with around one third of global users opting for digital payments, adding such a functionality to a mobile app is a sure way to reach the goal. However, if you want to compel your users to buy your offerings, their experience should be as lucid and seamless as possible.
Contact us if you need a Mobile Payments integration
Modern mobile payment systems make this task easier, but before choosing one you should understand how they all work.
In our new article, we’ve explained how mobile payments are organized and which things to consider while integrating them with your app.
Check it out and start getting an edge with the right mobile payment solution.
Introduction of Google Wallet (now is Google Pay) inspired a gradual decline of traditional heavy leather wallets.
It's no longer OK for mobile apps to use one tunnel for card-based transactions. To reach a wider audience of progressive users, one should also accept other payment types like digital wallets, Automated Clearing House (ACH) payments, and cryptocurrencies.
However, integration of mobile payments functionality into a mobile app is more than just adding a new app screen and writing a bunch of code.
Read our article to find out what things to consider while adding mobile payments to your app.
Mobile payment gateway
A mobile payment gateway is a front-end technology that authorizes a transfer of funds between a user’s payment portal (mobile phone) and the merchant acquiring bank. One can think of it in the same way as of a traditional Point of Sale (POS) terminal.
At checkout, the gateway transfers the cardholder information to the issuing bank to verify the request. The data is further handled by a payment processor at which one has a merchant account, although some processors have their own gateways. At this stage, the bank will either approve or reject the payment with the corresponding message appearing on the end user’s mobile screen.
The payment gateway is actually an API you integrate to make a request for charging a customer's card. Most reputable payment platforms provide an API that works with the backend language of your mobile app. Using this API, the app can talk to the payment platform. Typically, API integration services can complete the integration within a few working days.
The data traffic that goes through a gateway is transferred privately and always enciphered. If the payment information was transmitted right to the processor (without a gateway stage) it could be easily interpreted. This would allow an intruder to make fraudulent transactions.
Integration strategy
The integration strategy depends on the types of goods being offered to the customers. Typically, there are two options you can have:
- Virtual goods (in-app purchases). Both Apple and Google take a 30 percent off any transaction that is made within your mobile app for in-app purchases. For this reason, both OSes do not allow using any third-party payment services and provide the developers with their specialized StoreKIt framework and In-App Billing API for iOS and Android respectively. The purchases are made in AppStore or Google Play via Apple or Gmail accounts that users are already supposed to have.
Source: developer.apple.com/documentation/storekit - Physical goods and services. When it comes to the goods and services outside of the app, both Apple and Google recommend using third-party mobile payment gateway providers. However, a platform will charge a percentage of the transaction as a fee. The most common figure is 2.9 percent.
How to choose a payment solution
According to the annual Mobile Payments & Fraud report, merchants that provide mobile payment capabilities in their apps offer a wide range of payment methods. However, there is a gradual shift from standard credit and debit cards to PayPal, mobile wallets, ACH or bank transfer payments, prepaid cards and cryptocurrencies.
The top two consideration when choosing a payment method are:
- How well it integrates with your payment platform and bank account.
In fact, most of the well-known payment platforms support the popular mobile payment solutions like Apple Pay, Google Pay, PayPal, Samsung Pay as well as ACH and traditional swipe cards. For cryptocurrency adopters, there will be probably a need to turn to specialized payment gateways. Yet, such payment giants as Paypal (through Braintree) and Shopify do allow their customers to pay with bitcoin, while Stripe has officially stopped its support. - How secure payment data is.
“The biggest fear of corporates and consumers is that transactions will not be processed properly, that their bank access details might be compromised and that their data and therefore their money may be stolen. This is why the focus on data and data security is the key to the future," Chris Skinner, Digital Bank: Strategies to launch or become a digital bank.
Today, mobile payment providers have a set of security measures to stick to. Most of them never store raw cardholder information without tokenizing or encrypting it.
Tokenization is a process of substituting sensitive information like the PAN (primary account number) with an algorithmically generated non-sensitive counterpart called a token to prevent credit card fraud. It means that during the payment processing the actual card data is never exposed.
Tokenization is mathematically irreversible unless you get access to the original key used to generate a token. Even if the system is hacked, all the fraudster will see is a bunch of randomized devalued symbols.
Encryption transforms the data into a form unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted data.
Both practices decrease the number of systems allowed to see the customer’s data, thus reducing the scope of PCI Compliance. However, neither Apple Pay nor Google Pay does adhere to the standard. Therefore, they need to be integrated with the PCI-compliant payment platform, like PayPal’s Braintree or Stripe and the issuing bank must be PCI compliant.
Final thoughts
Integrating payments to a mobile app may seem not a big thing as reputable payment systems provide well-built APIs. Yet, being aware of the industry nuances can help to avoid unwanted risks related to the security considerations and technology deployment.
Rate this article
Belitsoft has been the driving force behind several of our software development projects within the last few years. This company demonstrates high professionalism in their work approach. They have continuously proved to be ready to go the extra mile. We are very happy with Belitsoft, and in a position to strongly recommend them for software development and support as a most reliable and fully transparent partner focused on long term business relationships.
Global Head of Commercial Development L&D at Technicolor