Who’s winning the mobile payments war?

Mobile payments – using your phone instead of a credit card to make purchases at retail locations – has not taken off. Yet.

But everyone from Disney to Apple to Samsung to Walmart to PayPal to Starbucks to Microsoft to Google sees the potential and is angling for position.

The stakes are huge.

+ ALSO ON NETWORK WORLD: 8 ways to jumpstart your career  +

The numbers

Mobile e-commerce, which is defined as consumers buying things online via mobile devices like smartphones and tablets, is growing rapidly. According to San Francisco-based payments company Adyen, mobile payments accounted for 27 percent of all online payments in the first quarter of this year, a growth of 39 percent compared to the same period last year.

In the U.S., that added up to $52 billion last year, and will grow to $142 billion by 2019, according to Forrester Research. Apple’s iOS devices dominate the market, with a 65 percent global market share. Android is next at 35 percent.

But mobile e-commerce is only the appetizer. The main course is mobile payments, in-store payments made using smartphones instead of cash or credit cards. These were just a tiny share of the total retail market last year.

According to the Federal Reserve, about half of mobile users are comfortable using their phones for banking, but only 13 percent have used their devices to pay at a restaurant or store.

Some of that is Apple Pay and Google Wallet, but most of the activity actually comes in the form of custom deployments by individual retailers or chains — Starbucks, Disney, local parking authorities.

But as Apple Pay and other phone-based payment options expand, that total will grow. According to 451 research, U.S. in-person mobile payments will grow to $10 billion this year, $19 billion next year, and $38 billion in 2018.

Globally, in-store mobile payments will grow from $55 billion in 2014, to $131 billion this year, $261 billion next year, $412 billion in 2017, and $570 billion in 2018.

That’s still only about 1 percent of all consumer payments, which total about $16 trillion annually. So, you can see the potential.

Retailers lead the way

The biggest success story in mobile payments is Starbucks. Last month, the company reported that 16 million customers use its mobile payment app, and mobile payments account for 19 percent of all transactions in U.S. stores – that’s 8 million mobile payments every week.

The numbers are particularly impressive because this payment option is only available at 600 of the company’s 11,000 U.S. outlets.

Mobile parking apps such as Mobile Now eliminate the need for parking meters and make it easier for drivers to add money without returning to their cars.

Disney World guests can wear a “MagicBand,” a waterproof, plastic wristband that contains a short-range RFID chip and a 2.4-GHz wireless transmitter. MagicBand is also a mobile payment system, and it lets guests at Disney resorts purchase food, beverages and merchandise, and gain admission to attractions.

“I was there for three days, and I didn’t have to pick up a credit card once,” says Jerry Irvine, CIO at Prescient Solutions, who took his daughter to a Disney part this spring.

+ ALSO ON NETWORK WORLD A thorough field test of Apple Pay +

“It was quite the technological breakthrough,” he said. The wristband was linked to his fingerprint, to on an online account and to a mobile app that allowed him to set maximum spending limits and track purchases. It also allowed the park to track his and his daughters’ locations. “If my daughter was lost, that would be a really great benefit,” he said.

Security worries slow retail adoption

According to Ovum’s 2015 Global Payments Insight Survey, 52 percent of retailers said that security considerations were the single biggest factor preventing them from investing in new payment technology. Security ranked ahead of all other factors including costs, unclear benefits, and complexity.

A similar study by Ponemon released in April confirmed the security concerns, finding that 68 percent of retailers, financial institutions and payment technology companies said that the pressure to migrate to new payment systems put the security of customer transactions at risk.

Even though they were aware of the risks, however, 67 percent of the respondents also said that increased customer convenience outweighs the risks.

Security worries show up on the consumer side, as well. According to a consumer survey by ChangeWave Research, a service of 451 Research, when asked why they’re unlikely to use mobile payments apps, security was the single biggest reason.

And 84 percent said that secure storage of financial information was one of the most important factors when picking a mobile app, followed by ease of use at 66 percent, and widespread acceptance by merchants at 64 percent.

Hardware vs. software

When it comes to securing mobile payments, there are two major approaches.

Device manufacturers and mobile carriers typically opt for the hardware solution, using a tamper-proof “secure element” to hold sensitive data. The most popular example of this approach is Apple Pay.

A software-only alternative, “host card emulation (HCE),” is supported on Android devices, and bypasses the need for a secure element — and so is usually considered less secure. One plus is that it can keep the payment relationship strictly between the retailers, their payment processors, and their banks. One-time use credentials are stored in a cloud-based platform

PayPal has already begun piloting HCE and Microsoft has also announced that it will support HCE in the mobile version of Windows 10. Visa is testing HCE for contactless Visa payWave payments.

According to Jean-Noel Georges, global program director for information and communication technologies at Frost & Sullivan, HCE is easier and faster to deploy, but still lacks a single network, protocol, and a common set of rules.

Another possible advantage of HCE — or disadvantage, depending on where you stand — is that payment providers can see the payment data and share it with merchants or other companies or analyze behaviors to spot suspicious activity, while the hardware approach offers more privacy to the consumer.

A final approach is completely cloud-based. For example, when customers make a trip using the Uber ride-sharing service, the rider makes a mobile payment to the driver via their respective Uber apps, but the payment actually takes place in the cloud. Riders and drivers add their financial details via the website, and the data is never stored locally on their phones.

Who will win the race

While Starbucks and Disney have broken through with successful mobile payment deployments, those companies aren’t entering the broader market for mobile payments outside of their particular retail locations.

But they have made consumers more comfortable with the idea of mobile payments, which benefits everyone. Still, with so many players scrambling for position, from juggernauts like Apple and PayPal to newcomers like Square, this is a difficult race to handicap.

+ ALSO ON NETWORK WORLD How a Mobile Payment Service Can Grow Your Online Business +

In the U.S., ApplePay is already available at about a million payment terminals, out of about 12 million total. And it’s partnering with major financial institutions and credit card companies. We’re talking Visa, Mastercard, American Express and Discover, plus Bank of America, Capital One, Chase, Citi and Wells Fargo on the banking side.

You can use ApplePay at Macy’s, Duane Reade, McDonald’s, Sephora, Petco, Panera Bread, Staples, Nike, Walgreens, Subway, Whole Foods, Marriott, and many others.

Ironically, Apple Pay’s rise is also paving the way for greater Google Wallet adoption, since both platforms use NFC — near-field communications — which allows smartphones to communicate wirelessly with NFC-enabled payment terminals.

Apple’s chief smartphone rival, Samsung, is launching its own payment system this summer, Samsung Pay, which works with both NFC and traditional magnetic stripe readers.

Meanwhile, PayPal is offering a gadget that attaches to iOS, Android, or Windows mobile devices and lets merchants accept PayPal payments, as well as any payment card. There’s also a companion app for customers that puts a PayPal wallet on their mobile device.

Tillster, a company that provides payments technology to restaurants like Boston Market, Burger King, and Pizza Hut, announced in early May that it will add a PayPal payment option for customers using the company’s mobile application.

PayPal also provides infrastructure behind the scenes, powering transactions within popular apps like Uber, Airbnb and Houzz.

Rival payments platform Stripe has made serious advances in acquiring customers of its own, in some cases, away from PayPal. The company says it now processes billions of dollars annually for thousands of businesses, including well-known web brands like Rackspace, Shopify, Reddit, Foursquare, Dailymotion and others.

Some merchants, reluctant to turn their customer relationships over to tech companies, have decided to create their own mobile payments system. The Walmart-backed CurrentC is due to begin testing this summer. Other participating merchants include Target, CVS, Big Buy, Olive Garden, and Dunkin’ Donuts, adding up to 110,000 retail locations total.

With CurrentC, as with Uber, the payment is made electronically using the bank account information that the user shared previously. No payment information is stored on the phone itself. Instead of using NFC like Apple Pay, CurrentC uses QR codes of Bluetooth.

Retailers like it because it bypasses phone manufacturers, telecom companies, and credit card companies and allows them to track customer purchases, offer loyalty points, and send out coupons.

Merchants participating in CurrentC said they will not be supporting the Apple Pay system.

However, CurrentC doesn’t entirely bypass the tech giants — PayPal recently acquired Paydiant, which provides the mobile commerce backbone to the retailer-backed CurrentC.

But it’s the customers who hold the purse strings — literally — and Best Buy has already backed down from its firm stance and announced last month that it will be supporting ApplePay as well.

Businesses that deal directly with customers should be paying attention to the leading technologies and start talking to their payment vendors about upgrade options, said Bob O’Donnell, president and chief analyst at Technalysis Research. “If you’re a retail business or restaurant, it’s past time,” he says.

Korolov is a freelance writer. She can be reached at maria@trombly.com.