Mobile pay apps still risk losing consumers over security fears
Among their many other functions, mobile devices now help us buy our morning coffee more quickly or pay back a friend with less hassle.
According to Visa’s 2016 Digital Payments Study, global consumer adoption of mobile payments has tripled in the past year. And research from Capgemini projects a 10% growth rate in the volume of transactions from apps that enable digital payments.
But while digital payments have become a faster, easier and more-convenient payment method for consumers, my company’s recent research found that people were very concerned about their security. Almost 9 out of 10 of those we surveyed said they would discontinue using a digital payment provider if they fell victim to cybercriminal activities because of a data breach at the provider.
American consumers seem to enjoy the ease of use that digital payments offer; however, the mobile payment industry must take note: their success – and the continued adoption of their product – hinges on the trust of their customer base.
How do they do deliver on that trust?
The key security technology behind the innovation of digital payments is encryption. Encryption has been around for years, and now it can ensure that payments data is protected from the moment of capture.
It opens a new level of flexibility for payment providers because data can now be routed through untrusted devices, such as mobile phones and across untrusted networks. The combination of new payments technologies and the ubiquity of mobile devices is changing the payment landscape while protecting the transaction from end to end.
For example, with mobile point-of-sales (mPOS) devices, merchants large and small can accept payments with the benefit of never bringing them into the Payment Card Industry Data Security Standard.
Since all cardholder data is securely encrypted within the mPOS card reader merchant systems are exposed only to encrypted payment data, which therefore can travel through unsecured devices and unsecured networks. Since the merchant has no access to any keys to decrypt the payment data, the mPOS application running on the merchant smart phone or tablet is not subject to compliance scrutiny. It can provide a rich user experience and be tailored to individual merchant needs without any restrictions.
Another key concern is the steps payment providers are taking to protect their backend systems against threats. With today’s reality that a determined attacker can compromise nearly any organization’s infrastructure, additional protections around backend data are also required. Payment and user data needs protection from threats on both system and application levels.
Encryption with access controls and data access monitoring is the minimum control set. This combination limits access to only those who require it for their work while also monitoring actions directly related to sensitive payment data. Not only do fewer attacks succeed, but businesses will also know when those attacks start. They can take action even if their network intrusion detection and prevention tools have been bypassed.
We all know how easily trust can be diminished after just one misstep. It’s imperative for mobile-payment operators to provide the strong protection of their infrastructure, transactions and data that customers expect.