Mobile payment systems like Apple Pay are gaining users, but security concerns might mean you’ll have to hang onto your credit cards and cash for the time being.
While mobile payments still make up only a small fraction of online transactions, their use is growing quickly. That presents a moving target in terms of assessing their safety.
“If you take a look at how much activity is done on mobile, you could probably figure about 25 percent of that, which is a massive increase just from the previous year, said Monica Eaton-Cardone, COO dispute mitigation and loss prevention firm Chargebacks911. “It’s a new frontier. We don’t know how much fraud is really going on.”
To some experts, it appears fraud is widespread.
“Payment data theft is occurring at an alarming rate across the world,” said George Rice, Senior Director, Payments for HP Security – Data Security in an email. “Informed consumers are demanding that businesses improve data security measures when handling their sensitive data, such as payment account information.”
There are several factors that make mobile payment systems vulnerable. For one, the complexity of smartphones and their software is a key factor, said Eaton-Cardone.
“The mobile industry is so quickly evolving – there’s new software, there’s new operating systems, there’s also additional new hardware and technology, and as a result, this means additional patches and new vulnerabilities,” she said.
She added that ends up creating a “petri dish for fraudsters.”
The industry, too, needs to standardize mobile payment security, said Rice.
“Quite simply, the only way businesses can regain this trust is by removing all sensitive data from their data environments,” he said. “Smart, skilled and motivated criminals work tirelessly to compromise data environments that contain treasure troves of sensitive data. Using techniques like encryption and tokenization, businesses can replace sensitive data values with protected ones.”
Africa as a model?
Africa has been a leader in early mobile payment adoption, but appears to have escaped the relentless hacking attempts targeting Western and international companies. This is due to a combination of factors, said John Gunn, Vice President of Corporate Communications for VASCO Data Security.
“The security breaches in the West have been the result of attacks against retailers with very large stores of consumer payment data and this does not exist in Africa,” he said. “There may also be an issue with under-reporting of security incidents in Africa.”
“Data thieves seek out the biggest and easiest targets to victimize,” he said. “US consumers and businesses represent a target-rich environment for these criminals. As a percentage of all transactions, mobile payments in the ‘West’ are minuscule compared with card-present and eCommerce.”
Simple Steps for Safety
There are some simple steps users can take to make current day mobile payment systems safer. Foremost is making sure your software is up to date, as companies are always plugging security holes.
Secondly, as with any tech, it’s important to have strong, frequently changed passwords.
“I think the biggest issue that we have with mobile payment is first of all, consumers don’t regularly change their passwords,” said Eaton-Cardone. “There’s malware, there’s viruses, there’s programs – and that of course is one security threat but another issue is if the software is not updating your phone.”
Gunn added that while security issues are certainly a concern, the industry can take other steps to make mobile payments attractive to customers.
“Factors such as convenience, incentives, and loyalty programs will play a much bigger role in driving consumer adoption of mobile payments,” he said in an email.
So while we wait for that to happen, go change your password and make sure you’re running the latest version of your operating system.