Mobile Payment Security – Challenges, Trends, Recommendations, and Tips

Just as we see use of plastic cards for payments today, tapping the mobile phone to make payments at retail stores or making purchases while travelling by train does not seem to be the distant reality. Mobile payments in the US are expected to reach $142 billion in volume in 2019 (Source). Research giants like Forrester believe that the mobile payments market has reasonably matured over the last few years, and in the next five years, mobile payments will make their presence into the mainstream.

M-PESA, Kenya’s leading mobile-money system is being used by over 17 million Kenyans. Starbucks’ proprietary mobile payment app, used by over 16 million users, processes more than eight million transactions a week. The mobile-savvy millennial generation has undoubtedly been favoring the convenience offered by mobile payments.

One of the major roadblocks in the adoption of mobile payments is security. While there are a lot of debates and discussions happening on this topic, let us look at the real challenges, trends, and recommendations and tips for safe mobile transactions.

Mobile Payment Security Risks and Challenges

• Over-the-air provisioning of payment credentials and applications can potentially allow the attackers to steal the payment data.
• The method of using ‘Card On File’ credentials in the cloud requires constant Internet connection on the user’s mobile which may not be always possible.
• The concept of “tokenization”, which stores the limited-use virtual cards on the phone has its own risks – cyber criminals can write a malware for the phone which can send the virtual card information outside.
• Unlike the desktop Operating Systems which are now standardized, the mobile platforms are still rapidly evolving with frequent changes in hardware as well as software – this is making it making it difficult to standardize the mobile payment protocols and mechanisms.
• False payment data requests is one of the major risks in case of the absence of bilateral system authentication in mobile payment systems.

Mobile Payment Trends

 Some of the big players in the industry like Apple, Samsung and Google are working towards building and enhancing their own proprietary payment solutions. All of them rely on NFC, tokenization, or fingerprint readers to provide easy payment options to the users. While these services integrate well with the platforms of their respective companies, the trend is to support the growth of the larger platform.

• More and more companies are working towards creating a seamless and more personalized offline-online experience for the mobile consumers. This involves things like leveraging the customer data to create unique and personalized offers or allowing customers to make purchases using mobile and redeem those offline. Soon, mobile payments will dramatically change the relationships between the customers and retailers.
• Instead of stopping only at making payments for purchases, mobile payments are making the transfer of money between individuals easier. For example, services like Venmo, Square Cash or Popmoney allow users to instantly send and receive money.

How Major Players are Handling Mobile Payment Security

• Google Wallet uses AES and 128 to 256 bit encryption. The information is stored on the secure Google servers. It also has 24/7 fraud protection and monitoring. Even in the case of loss of phone, the user can easily login to the Google Wallet account from any browser and disable the device. Use of Google Wallet requires the user to enter the PIN, which adds another level of security.
• Instead of NFC or HEC technology, Square Wallet uses the phone’s GPS. It encrypts the payment and personal information to offer the required payment security.
• PayPal’s mobile payment app has the software which connects the user to PayPal’s encrypted servers. The payment security is ensured through the requirement of PIN during purchase. The app is linked with the PayPal account which in turn manages the bank accounts.
• Apple Pay uses tokenization to protect the consumer data. After the users send encrypted payment details to Apple, Apple decrypts it, identifies the payment network of the card and then re-encrypts it with a key which only the payment network can use. An encrypted device-specific Device Account Number is then created by the network which is sent back to Apple. Since the number is not stored by the device manufacturer and the data is kept separate from iOS, it is a very secure payment method.

 Mobile Payment Security – Recommendations and Tips

Here are some recommendations and tips for the users to ensure risk-free and secure mobile transactions –

• Password protect the payment application on your phone as well as your phone.
• Never share the secure or confidential information with the third party.
• Always download the mobile apps from trusted source.
• Always use a secure connection while making the payments – avoid using public Wi-Fi network.
• Always check the mobile websites for https. Don’t make the payments on the sites which do not use https protocol.

Practice Made Perfect – Mobility in Small Medical Practice Management
January 15, 2016

mHealth – How Mobile is Transforming Healthcare
January 15, 2016

Are Wearables Ready To Change Our Lives?
January 15, 2016

Where’s the Wallet – You’re Probably Wearing It
January 15, 2016

Retailers Want More From NFC – Are You Listening Apple, Samsung & Android?
November 24, 2015

NFC – Much More than Just Mobile Payments
November 24, 2015