Cyber SecurityNews

Mobile Payment Security – Outlook & Trends, Challenges & Opportunities

Mechanisms empowering advancements in mobile payment technology

Financial service organizations are seeking to become more innovative and entrepreneurial as they are adopting new technologies to increase their efficiency and provide satisfaction to their consumers.

A vast number of technologies have surfaced to support mobile payments including competing technologies such as NFC, QR codes and sound wave. Widespread adoption is highly dependent on ease of use by all stakeholders. Further complicating the choice is the imperative to support dynamic authentication as data security and fraud protection grow to paramount importance for online transactions. Multi-factor authentication is endorsed by the FFIEC guidelines as best practices for risk mitigation. Yet, usability remains a key factor in determining which method of authentication to implement. Further, to compound the problem, Bring Your Own Devices (BYOD) policies being implemented by modern enterprises poses grave challenges in the form of privacy encroachment – both personal privacy of the employees and enterprise data confidentiality, integrity and availability. Modern Organizations are struggling to implement separation of the private data and corporate data contained in a single device through MDM – Mobile Device Management or containerization. The single mobile device would now be used to either process a personal payment or a commercial enterprise payment both necessitating provision of privacy and security of data at rest, motion and processing. Some of the MDM technologies are unable to prevent file attachments. Some of Data Leakage Prevention tools are unable to prevent tracing of encrypted messages. The same underlying technologies are being used to process payments, heightening the challenges.

As Financial service organizations are seeking to become more innovative and entrepreneurial they are adopting new technologies to increase their efficiency and provide satisfaction to their consumers. Banks have now started to invest in technology. As a result, new banking applications and capabilities are helping to develop a competitive advantage, reduce costs and achieve efficiency and customer satisfaction. The integration of data and technology to help customers to manage their money in a better and quicker way and the use of newer channels such as mobile devices and social media will help to deliver banking services as and when customers need them. Continuing advances in technology will allow the financial services industry to deploy increasingly complex and high end analytics to help clients to make them more informed investing decisions. Innovations such as cloud computing will help bring a host of benefits to the clients from automation and capacity on demand to accelerated time to marketing real time data infrastructure and strengthened client service. Use of latest technological advancements provides a window of opportunity for financial institutions to elevate business performance and gain a competitive advantage.

Advantages of mobile payments relative to physical and e-commerce transactions

Using mobile devices to pay for goods, services, bills, or money transfers offers numerous advantages, including convenience and ease of use for consumers, increased impulse and other sales for merchants, and more income for wireless-service providers.

Mobile payments can be linked to users’ credit or debit cards, phone bills, or prepaid deposits. They offer convenience for buyers by letting them make purchases from wireless devices, which lets them pay for goods or services wherever they are. Enabling easier purchases, including those made on the spur of the moment, yields more income for merchants.

Mobile payment transaction volume has grown so exponentially, it’s difficult to ignore. The fact is, mobile payments are not just shaping the future of e-commerce – they are driving it. What is important to note is that mobile transactions are a larger category that includes these payments, but also includes mobile commerce, or e-commerce channeled by an app or mobile website. The main advantage that mobile payments have over physical and e-commerce transactions is ease and convenience – it is possible to pay for products within seconds at the swipe of a thumb. Unlike losing physical credit cards, on losing a mobile device containing the mobile wallet, there is no need to replace the card since the mobile device can be erased.

Benefits to consumers and merchants from mobile payments

Mobile Payment Benefits for Consumers:

  • Convenience
  • Access to deals and offers
  • Social networking
  • Ability to exchange funds with other individuals

It is not just consumers who benefit from the use of mobile payments, merchants stand to greatly benefit as well. Mobile payments do not require a company to be large in order to take advantage of successful technological advancements because it does not need particularly any large infrastructure investment. Merchants can integrate loyalty and incentive programs, track customer trends and inventory, reduce the chaos and time taken when a customer checks out.

Mobile Payment Benefits for Merchants:

  • Ability to accept payment away from their home base
  • Branding
  • Social/location marketing
  • Set-up can be (depending on the platform) quick and simple
  • Cost savings

Risk control measures and security advantages of mobile payments
Appropriate and stringent authentication, authorization and session management steps need to be taken such as strong password policy, use of CAPTCHA during registration, generating unique session tokens and lower session timeouts. It is important to provide binary protection to consumers and merchants along with implementing anti-debugging techniques. Developers need to ensure data protection in transit and secure date integration with third party services and applications.

Some of the key Risk Mitigation measures are defined below:

  • Customer Education
  • Mobile malware protection
  • Implementation of remote wipe, passcode and automatic lock out
  • Use only reputable sites to download apps
  • Ensure that apps are tested for security
  • Vet the security of the carrier infrastructure and services through targeted questions
  • Ensure the point of sale device vulnerabilities are addressed
  • SMS should not be used as a channel for money movement and other high risk transactions
  • Ensure that software updates are being pushed to devices
  • Implement a 3rd party vendor security program
  • Extend current online fraud tools and controls are extended to the mobile channel
  • Secure provisioning/de-provisioning

Related posts

SUSE Honored by Ericsson for Software Ecosystem Excellence

adminsmec

What Remote Teams Need to Know About the 2020 DBIR

adminsmec

Gartner Names Trend Micro a Leader in Endpoint Security

adminsmec

Leave a Comment