10 December 2016

Are Mobile Phone Payments Secure?

David Lott
A consistent and leading reason consumers give as to why they don't use their mobile phone to make payments is their concern about the phone's level of security. While many consumers don't believe that mobile payments are as safe as other payment methods, is that actually the case?

For more than six years, the Federal Reserve Banks of Atlanta and Boston have been supporting the Mobile Payments Industry Workgroup (MPIW). The MPIW was created to facilitate the development of a vision for a mobile payments environment that will be effective, secure, and ubiquitous. This group has met frequently to address the issues of technology, standards, security, privacy, functionality, regulation, and adoption barriers. The various deliverables from past MPIW meetings focus on security and risk and can be found on the Federal Reserve Bank of Boston's website.

As this blog has noted numerous times over the last two years, the migration to chip cards for in-person POS payments will shift more fraud over to the card-not-present (CNP) market. With the introduction of numerous mobile wallets since 2014 that can be enabled on smartphones, the MPIW believed that an assessment should be made of the risk issues associated with commerce generated through the mobile phone - or m-commerce - whether through a browser or a specific wallet application. Over the last eight months, Fed representatives and mobile payment experts have been working on the development of a white paper, which was released on November 8. You can access the full report here.

The MPIW's report provides an assessment and the future position of mobile payments as a part of the overall e-commerce growth expected in the United States. It groups the various types of remote mobile payments into four use cases and dissects the transaction flow for each use case with a description of the potential risk attacks in each key function of the transaction. We believe the report provides the payments industry with a sound primer of mobile wallet transaction security issues. While there are attack points in the mobile phone channel just as there are in other payment channels, the mobile phone offers features that can make a mobile payment transaction much more secure than many people currently believe. The MPIW will continue to assess the mobile CNP payments environment and produce presentations and other materials intended to educate the industry and consumers.

No comments: