Heartland Jumps Into Mobile Payments—And New Security Problems

If you thought only phone makers, payment-card brands, mobile carriers or startups believe they can do mobile payments—well, add card processors to that list. On Tuesday (Aug. 9), Heartland Payment Systems announced Mobuyle, its own app and $75 hardware plug-in for Android phones to let its merchant customers take card payments via mobile. Like Square, the plug-in card swiper attaches to the phone's audio port; unlike Square, the Heartland hardware encrypts the card data before it's sent to the phone. (Heartland has been big on end-to-end encryption ever since its headline-making $129 million data breach in 2008.)

Heartland is pitching Mobuyle only to its own customers, so it dodges some complications—Mobuyle just has to mimic a Heartland PIN pad. But plenty of so-far-unresolved mobile-payment issues still come into play. If a retailer enters a card number manually, could it be captured by malware before it's encrypted? What if an OS update breaks the security? Will retailers even have the legal right to send that type of data from their phones? How well Heartland deals with such questions could determine whether it will end up in the headlines all over again.