Business Reporter: Are security concerns of mobile & contactless payments being addressed?18-Oct-2015
A panel of experts debate the steps being taken to combat cyber crime in the worlds of mobile and contactless payments.
Head of marketing – security, FIME
It’s a common misconception that mobile payments are insecure. In fact, they’re just as secure as smartcards and more secure than cash and cheques. This is due to the security technologies that protect these services. Some, like Apple Pay and Samsung Pay, use hardware and other measures. Others, like Android Pay, use embedded application security and cloud-based measures.
In all cases, there are a multitude of technical specifications, implementation complexities and commercial considerations. To navigate these successfully, specialist expertise and experience are essential.
Keeping pace can be a challenge. Security technologies such as tokenisation, white box cryptography and code obfuscation are emerging rapidly. Secure areas in smartphone processors known as trusted execution environments are also protecting users’ and applications’ sensitive data.
Specialist consultancy and testing providers are vital here; we help service providers around the world to successfully deploy these technologies quickly. This gives them the confidence to address the security concerns of end users, head on.
CEO and founder, PAY.ON
Apple Pay, as announced last September, implemented card data tokenisation based on the EMVCo standard. This is a prime example of a device manufacturer “standing on the shoulders” of security measures developed and put in place by the card schemes, and complementing it with their own authentication measures – in the case of Apple Pay, in-built biometric authentication made possible by Touch ID.
I believe device manufacturers will play an increasingly important role in mobile security, as card brand becomes subservient to device brand. Device manufacturers will have to build and maintain trust with both merchants and consumers, but bear in mind that you are only as strong as your weakest link. These companies must work with issuing banks and card schemes to ensure effective payment security, because you can be sure that cyber-criminals will exploit any weak link in the chain. All parties involved need to co-operate effectively, because mobile payments will only have widespread adoption if they are perceived as safe and secure.
+49 (0) 89 452300
Chief executive, Kount
A recent survey we conducted would suggest that the security concerns of mobile payments are not being addressed as well as they should be. As mobile payments become more popular, online retailers need to increase their ability to detect the type of device that is transacting with their website.
According to the survey, 83 per cent of online retailers confirmed that they could not detect the type of device making a purchase on their site. If they cannot determine the type of device, mobile or otherwise, they cannot put tools and techniques in place to make mobile payments less risky.
Some 51 per cent of those surveyed assumed mobile payments were just as risky as traditional online payment types. They were wrong. The fact is that mobile payments are twice as likely to be fraudulent. When merchants are blind to the threat associated with mobile payments, they are also helpless to protect themselves or their customers.
+44 (0)844 2939 764
Campaign director, Business Reporter
Contactless payments at their most basic can seem like a very vulnerable payment method.
You have a card that can be used by anyone with no need for a PIN or any secure authorisation process. If you found one in the street, you could use it anywhere and no one would know it wasn’t yours.
It is a concern, there is no doubt. We are seeing a change, however, and the driving force of this change is biometrics.
Biometrics have long been touted as the new way in which we will protect our cards, our phones, our house locks, our identity… Today, I can make a contactless payment reliant on my fingerprint scan to authorise with Apple Pay. Samsung Pay and Android Pay will likely work in the same way.
It doesn’t stop there – companies such as Zwipe are producing biometric enhancements for bank cards to authorise contactless payments, which we should start seeing in early 2016.
Biometrics are coming to the rescue, now we just have to keep our prints safe…
020 8349 6488
Go to Business Reporter for a digital copy of their current issue, "The Future of Payments."