Facebook Connect, which lets Internet users log into other websites by typing their Facebook credentials, seems to be everywhere. But perhaps it should not be in mobile payments, SCVNGR's LevelUp has decided.
LevelUp attributes much of its success to
"The Facebook login is simply a login process that we have no control over," says Matt Kiernan, marketing manager at LevelUp. "As we continue to expand and grow with more partners and users, security it always of the upmost importance to us."
The LevelUp app allows consumers to make payments at participating merchants through a linked payment card account. The app displays a QR code on the phone's screen, which the merchant scans at the point of sale.
LevelUp grew concerned that Facebook could at any point change the code behind Facebook Connect to fit its needs as a social network, in turn undermining LevelUp's needs as a payment network, Kiernan says.
While Kiernan says there hasn't been any history of security issues with Facebook Connect, "it only takes once for your platform to be vulnerable and then you are compromising all your partners and customers."
The change comes on the heels of the Target Corp. data breach, which left
LevelUp's move seems inconsistent with the trend today. Many prominent applications allow users to login through their social media profiles, such as Facebook, Twitter or Google +. Social media logins simplify the enrollment and login process for the consumer, as well as provide app developers and merchants with rich data about the consumers' preferences.
Amazon.com offers a service called "
Several companies, including
However, other companies that have tried to mix payments with social media have
At LevelUp, we "don't necessarily know that payments are something that people want to be a social thing," Kiernan says.
LevelUp users will still be able to publish offers or rewards they've redeemed via Facebook and Twitter, which works as indirect marketing for the payments provider. Outside of the promotional benefit, "social isn't a crucial function of making payments," he says.
LevelUp changed its login process at a time when many payments companies are under scrutiny for their security practices, says Jordan McKee, an analyst at The Yankee Group.
"In the aftermath of the Target breach, security has moved front and center on the radar of companies across all facets of the payment ecosystem," McKee says. "Generally speaking, companies don't like the thought of another entity having direct influence on the security of their system. Being held liable for a security breach that is 100% out of your control is an unsettling thought."
Consumers may also use less secure passwords when connecting to social media sites than they do when connecting to bank sites or mobile wallet apps, he says. As more companies rely on Facebook for authentication, Facebook Connect may grow as a target for fraud.
"Bottom line is that the security risks associated with Facebook Connect will increase in parallel with its popularity," McKee says. "This will especially be the case if Facebook Connect continues to be leveraged as a means of accessing payment credentials."
LevelUp has been aggressive in changing its technology and its business model to respond to user habits and broader trends. Its current QR code reader replaces an earlier version based on a smartphone, which had
