mDirect: secure debit card with PIN payment

PayGate in partnership with MTN (Mobile Money) launched mDirect in October 2010 with a few pilot merchants to test the technology.

mDirect allows customers with cell phones and a PIN based debit card to make secure payments over the internet or phone. Giving consumers more opportunity to shop online without a credit card and cutting down fraudulent credit card payments for online shops. There are approximately 28 million debit cards in South Africa and only 8 million credit cards. mDirect will make a huge difference to the South African online shopping market and consumers feel more in control of their money and spend by spending money that they “actually” have as opposed to on credit (for those that actually qualify for a credit card).

mDirect is easy to implement and secure and you don’t need a complicated merchant account. Sample code is available for download to implement into your website, catering for an expanded customer base and potentially lower cost of transactions. At present only Standard Bank debit cards are supported on both the MTN and Vodacom network. However we don’t doubt that the rest will follow shortly.

Dave Paratt (Business Development Executive MTN Mobile Money) explained the security as using a point-of-sale device: when your card is swiped data is extracted from the magnetic strip and the pin pad that is used is a secure device. mDirect has taken the same principal and applied it to cell phones. The security on a phone is provided through the sim card. A point-of-sale devices pin pad has hardware encryption which is exactly what a sim card has.

How does it work:

“When making a payment using mDirect, the customer will be asked to enter their name and mobile phone number. If they have not linked a debit card to their phone number they will be prompted to register. Only one card can be linked to a mobile phone number. If the card has been registered the customer will receive a notification on their handset to enter their PIN number. The mDirect system uses the unique handset and SIM card details in the encryption of the PIN number, so the identity of the customer can be positively authenticated. Once the bank has received the encrypted PIN and authorized the transaction, the response is sent to PayGate as it would be for a credit card transaction. This transaction status is sent to the merchant in the normal way and the results of the payment are displayed to the customer.”

With plans for a massive marketing campaign and rebranding in July 2011 to “Payd” we can’t wait for this to take off in South Africa.