MOBILE PAYMENTS SECURITY ISSUES:
Consumers have been persuaded to share news, selfies, and videos over their phones. They’ve been in less of a hurry to share their credit card details.
Adoption of mobile payments—in effect, using a phone as a credit card—has been slower than expected, despite some significant advantages:
- Convenience for consumers
- Speed for merchants
- Higher likelihood of noticing phone theft than card theft
- Prevents low-tech fraud methods like skimming
- Future applications for world’s poor, who may not have a bank but do have a phone
Why the reluctance? Some suggest mobile payments don’t address a consumer pain point. Others say security concerns have stalled mobile payments, though that is debated. And retailers are also still in the process of adding tap and pay technology, so in many cases the technology is simply unavailable.
In this post, the second of two posts about mobile payments, we look at the key concerns those security measures raise.
1. Exploitation of Previously Stolen Data
Mobile payments can help to secure data, but they create a new problem. Normally, if a criminal has a stolen credit card number, but not a credit card, they can only use it for card not present fraud.
However, if criminals can persuade a bank to set up a mobile payments account on their own phone, they can effectively clone a stolen credit card. To do that, criminals persuade the customer’s bank that they are the customer. If bank verification procedures are ineffective—and unfortunately in many cases they have been—that can happen easily.
This is a major problem, because it allows criminals to “essentially port card-not-present fraud into the world of card present transactions”, according to pymnts.com. That’s a problem, because there’s much more you can do with a stolen credit card than a stolen credit card number. And with the internet awash in stolen credit cards after the Target hacking and other major data breaches, this problem is set to be with us for a while.
2. Phone Malware
Mobile phone malware troublesome, and more of a problem on Android phones and ‘jailbroken’ iPhones, but still doesn’t rate highly on a list of security concerns. Verizon—a company not afraid to call out security issues when they see them—has said “I’ve Got 99 Problems and Mobile Isn’t Even 1% of Them”.
However, the very growth of mobile phone payments may give criminals more of an incentive to try to exploit phone software vulnerabilities, including on iOS. In a payments system relying on tokenization, malware will not be the same problem it is in other areas, simply because users won’t be transmitting credit card numbers as often. The main point of vulnerability will most likely be entering credit card data initially.
3. Point of Sale Vulnerabilities
Mobile phone payments usually rely on Near Field Communications (NFC) technology, a radio-based communications standard. Data can be encrypted before transmission over NFC, but there is no security built into the system itself.
Android phones have proved vulnerable to “digital pickpocketing”, using NFC and point of sale terminals. One hacker exploited NFC vulnerabilities using a security chip implanted in his hand.
Because NFC is very short-range technology, these kinds of exploits only work if hackers are physically very close to their victims. Reputable payments providers should be aware of the risks, but carelessness—or hacker ingenuity—raises the possibility of ingenious new updates on the old-fashioned practice of skimming.
E-Complish’s offers encrypted, PCI-Compliant mobile payments solutions for businesses through its MobilePay and Text2Pay services. And a demo of these or any of our payment solutions, be sure to contact us.