The 'pays' add card security, but open new holes for data leakage
Mobile apps like Apple Pay are a game-changer for digital wallets – introducing, finally, securely stored payment information on a mobile device.
Credit and debit card numbers are not stored on the device, nor on Apple’s servers. By assigning a unique, encrypted "device account number" Apple raises the bar on secure payments everywhere.
Apply Pay and other alternative payment methods will be disruptive to traditional credit card processing because they control both the software and the device, making adoption much easier and intuitive. Apple Pay will also work with the Apple Watch, which is compatible with the latest iPhones.
We can expect cyber hackers to put significant energy into discovering ways to break into NFC systems to harvest payment card information, as they have over the years with other platforms like PayPal.
The future of alternative payments generates excitement, but payment companies should also enture that consumers take security measures to protect their data as seriously as they do their bank accounts. In many cases, customers will use the same email, username, and password across different retailers and e-commerce sites. Therefore, if one account is compromised, it likely means other accounts will also be compromised.
Beyond adding new authentication, issuers should tell consumers to remain vigilant. This includes using and changing phone passwords often.
Due to new and advanced analytical and analysis practices such as shopping behavior analysis, customer data, including credit card info, now travels to different teams within the organization, multiplying the opportunities for data leakage and exposure. This kind of information used to be stored in one location, with little sharing across different people and systems.
For retailers, site performance and usability and site security don't necessarily go together. When faced with a choice, many organizations choose the former and on top of that, the retail industry in general has more open physical and virtual environments, with more open endpoints than a bank, including brick and mortar stores, online websites, APIs to and from others, and overall lax measures with regards to identification when creating an account and/or shopping online.