News & Commentary

09:44 PM
Diarmuid Mallon, Sybase 365
Diarmuid Mallon, Sybase 365
Commentary
50%
50%

Debunking the Mobile Security Myth

Security is not a threat to mobile payments adoption, the threat is the perception that mobile payments are less secure than cash or credit cards.

Starbucks, PayPal and Google Wallet have recently announced mobile payment deployments that will drive revenue, boost loyalty and increase customer engagement. While buzz in mobile payments is on the rise, adoption rates are still lagging. And mobile payment solutions through trusted, secure channels will be crucial to driving consumer adoption. Consumer concern regarding the security of mobile and contactless payments are affecting the growth of the industry and inhibiting mainstream adoption. In order to achieve mainstream adoption of mobile payments in the United States, banks need to collaborate with key industry stakeholders to educate consumers about the safety of this revolutionary payments technology.

According to a survey we conducted of mobile insiders at this year’s Mobile World Congress in Barcelona, 38 percent believe that the leading obstacle to large-scale adoption of mobile payments is the perception that transferring personal financial information over a mobile device is not safe.

Security is not a threat to mobile payments adoption. The threat is the perception that mobile payments are less secure than cash or credit cards. Banks can eradicate the misperceptions by 1) educating customers about the security of exchanging personal financial information over their mobile device and 2) working to develop industry best practices and foster collaboration and communication between mobile operators, financial institutions and enterprises to drive mass-market adoption of mobile payments.

Consumer Education

Education is the solution to gaining consumers’ trust and confidence in mobile payments. According to Miranda Roberts of the Mobile Entertainment Forum (MEF), a global mobile industry trade association, once consumers understand how a mobile transaction works and why they are secure, they gain empowerment and control. E-commerce platforms were able to take off in the 1990s, after many years of growing pains, because industry players worked together to perfect the platform and ensure its security. Today, consumers have embraced e-commerce because they have become familiar with how it works, trust that it is secure and feel empowered to take control and use it.

Consumers need to understand that losing a mobile wallet is not fraught with the same pitfalls as losing their physical wallet. With many solutions, the ‘mobile wallet’ is not on the device, but rather is stored in the cloud. So if the device is ever lost the account can be locked and then transferred to a new phone, without the loss of funds. And unlike the cash in your wallet or purse, your mobile wallet, at the very least, is protected by a PIN. Banks should be responsible for teaching customers about mobile payment security policies and certain techniques like locking their mobile phones and providing educational materials when a customer signs up for mobile transactions.

While smartphones and their respective app stores have been a huge catalyst for the growth of mobile banking and payments in developed markets, this has created a new set of customer behaviors. We now see that customers are increasingly going to the app store over the bank or payment service’s website to download the app.

This is creating two challenges. Firstly, consumers that follow that path expect to be able to enroll via the app on their device. Secondly, users could potentially download an app that is not from the bank or payment provider and hand over credentials to a third party. Both of these situations demonstrates the need for mutual authentication. Consumers need to be educated to the risks of handing over credentials (just as every email from a bank will include the phrase ‘we will never ask you for your PIN’), consumers should expect the app to prove it is genuine. Many online banking services have done this for sometime, and similar mechanisms can be extended to the mobile channel.

Education will be crucial to eradicating the misperceptions around security. Material advances for mobile payments will only come about when banks, operators and merchants can converge on a business model, and with it true industry interoperability, leading to a widely-embraced mobile payments system.

Mobile Ecosystem Collaboration

As the mobile payments industry continues to evolve and new features, functions and securities are developed, banks need to work together with mobile operators and merchants to ensure that the technology functions as promised.

Rather than debating who owns consumer transaction security, all parties need to work together to establish technological standards and mobile commerce best practices that will protect all ecosystem participants. Creating a trusted and secure technical environment that supports a range of business models, including merchants, banks and mobile operators can only be solidified through collaboration. This will not only ensure that transactions are secure, but will also lead to industry growth and innovation. Once industry standards become established, mobile payments adoption rates will increase.

Why Mainstream Adoption for Banks?

Global smartphone adoption has exploded and has grown faster than any other consumer technology in history, according to a 2012 Flurry report. Traditional commerce channels will be challenged. However, banks are in a good position to benefit from mobile payments. Mobile payments have the potential to contribute to the bank’s revenue stream. Banks have the advantage over other players in the mobile commerce ecosystem because they already own the consumers’ trust to exchange their personal data and financial information. Engaging with customers directly through their mobile device increases loyalty by providing the added convenience of avoiding long bank lines and creating an extra point of direct contact. Finally, mobile, with its added convenience, creates a cost-effective way to reach the unbanked, the young and emerging affluent and those that are new to credit.

Challenging the consumer misperception that mobile payments are unsafe or lack the appropriate security features should be a priority for the banking industry. Collaborating with key industry stakeholders to ensure mobile payment standards and best practices is crucial to the success and widespread availability of mobile payments. Mobile has the potential to generate additional revenue, reduce customer churn and tap into new market populations. It’s a channel they can no longer ignore and banks will be an important catalyst for driving mainstream adoption of mobile payments.

Diarmuid Mallon is the head of product marketing global messaging & mobile commerce for Sybase 365/SAP

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.