Mobile security advances, but threats still loom
While mobile payments security is improving ? a trend that has not gone unnoticed by payments professionals or consumers ? with even more enhancements on the horizon, the number of breaches could still increase before the situation improves.
Recent research reveals that both payments professionals and consumers feel mobile payments are more secure than other options. While this bodes well for mobile payments adoption, retailers and marketers are not in the clear, as several pieces of the puzzle still need to fall into place.
?Both Google Wallet and Apple Pay run on smart devices that are location aware and heavily used - both products will certainly evolve to use the resources of the smart phone to continue to improve security either by evolving hardware or by providing additional data hints like location of cell phone that will holistically improve the security of system,? said Marc Freed-Finnegan, co-founder and CEO of Index as well as former product lead for Google Wallet. ?Each change in the security landscape closes some vectors of attack and opens others.
?While there will certainly be attempts to attack the new mobile solutions, it is unlikely that any will have significant success - both Apple Pay and Google Wallet are too well designed and too robust to suffer an attack at significant scale,? he said.
?In the long run, hackers will always seek the easiest path to their goals, and we believe that mobile will prove sufficiently secure that their attention will be focused elsewhere.?
In the year since the Target data breach, there have been a number of other high-profile data breaches. As a result, consumers are concerned that their sensitive payments information could be stolen this holiday season.
Retailers who adopt mobile payments could see a benefit, as some consumers perceive them to be more secure.
According to a recent report from TheStreet, 20 percent of consumers would feel more comfortable paying for items with their phones using a digital wallet instead of a credit card. The number increases to 28 percent for consumers between the ages of 18 and 24 years old.
The numbers are even higher among payments professionals.
A new survey from CAN Capital of more than 100 payments professionals at this year?s Money2020 conference found that 51 percent believe that debit and credit card transactions at the point of sale are the least secure method of payment as compared with mobile payments or online payments.
However, as mobile payments adoption grows, hackers are likely to be paying closer attention to it and looking for security holes, with some security experts predicting more fraud in the mobile channel in 2015.
Several advances in mobile payments security have taken place in the past year.
One piece of good news for mobile payments security is the resurgence in interest in near-field communications payments since the launch of Apple Pay this fall.
NFC is more secure because its protocols provide dynamic information/cryptogram for each transaction, per Mr. Freed-Finnegan. Even if a NFC transaction is observed/stolen by a hacker, the card data cannot be replayed and is effectively worthless.
Another development is tokenization, which provides an additional layer of security in-store by obscuring the card number and the card holder's name and instead allowing the phone to exchange a token in place of the card data.
?I think it?s a boon for tokenization in particular, because it allows the consumer to shield credit card information from any particular retail store, much like PayPal allows them to shield it on-line,? said Paula Rosenblum, managing partner at Retail Systems Research, Miami, FL.
?It?s very important to think about security as an ongoing process, rather than a ?project? that is ever complete. I also think businesses who capture sensitive customer data should assume they will be breached, and put efforts into intrusion detection along with prevention.?
Shoring up security
Other advances in mobile security are on the horizon.
For example, Apple?s Touch ID, which is only available on new iOS devices, enables users to authenticate an Apple Pay payment using their fingerprint.
The partnership between IBM and Apple announced this year could also help enhance security via enterprise-friendly iOS products. The first round of apps were introduced this week and includes The Passenger + app, which enables flight attendants to quickly rebook passengers in mid-flight when they discover that they will miss their connections.
This year will also see a major push toward EMV standards by retailers, who face a deadline from the credit card companies of Oct. 2015 to put the necessary infrastructure in place.
With retailers needing to upgrade their POS terminals to meet the standards, many will also adopt mobile payments at the same time.
?The success of hackers attacking retailers and lack of rapid response has probably drawn the attention of the criminal community as retailers are now seen as easy targets,? Index?s Mr. Freed-Finnegan said. ?Unfortunately we may be in a stage where things are worse than they were a year ago as retailers plan to shore up security but have not made it there yet.?
Chantal Tode is senior editor on Mobile Marketer, New York