Slideshow 7 Key Mobile Security Issues

  • May 19 2015, 2:34pm EDT

Mobile devices have the potential to improve security through the use of tokenization, biometrics and account controls. But some companies have encountered recurring issues with the transition to mobile payments, and others may overlook beneficial security technologies to reduce friction. (Image: iStock)

Starbucks and Passwords

Starbucks has long battled challenges to its password security. Early on, a customer deliberately shared his password to create a communal Starbucks Card; last year the company faced backlash over storing passwords in plain text in its iOS app; and this month saw a new concern about fraudsters targeting credit card accounts linked to the Starbucks app. (Image: Bloomberg News)

Content Continues Below

Google Wallet's Prepaid Account

When Google Wallet launched, it supported only two funding methods: a Citi-issued credit card and a Google-branded virtual prepaid account. The prepaid account quickly came under scrutiny for a weakness that allowed fraudsters to bypass its PIN protection by simply wiping the Google Wallet user's settings (deleting the PIN in the process). (Image: Bloomberg News)

Apple Pay Card Activation

Banks learned fast that they need to be extra-careful when approving the link of one of their credit cards to Apple Pay. Otherwise, fraudsters could trick the bank into attaching a stolen credit card to the mobile wallet and use it at any NFC terminal. Some bankers advise using extra authentication on top of what would be normal for a card activation. (Image: Bloomberg News)

iTunes' Smurfy Problem

One of the biggest changes to in-app payment security came as a result of the Smurfs' Village app. After parents discovered that the "free" app allowed users to purchase up to $99.99 of virtual "smurfberries" without re-typing their passwords, Apple changed its policies to require that passwords be typed again for in-app sales.

Content Continues Below

EMV and Mobile Commerce

It's a common expectation that fraud will shift to e-commerce after EMV-chip cards improve security at the point of sale for U.S. merchants. But mobile payments and banking will also become bigger targets, as has been seen in Europe and other regions. "The long and short of it is there are billions of dollars in fraud being perpetrated at the POS that will need somewhere to go," said Javelin analyst Al Pascual. (Image: Thinkstock)

Outdated Risk Management

Mobile commerce is already considered risky, if only because it is typically categorized as a card-not-present environment. Visa Europe wants to rethink this model in an age where consumers could be using mobile apps to make purchases while also being present at a retailer's store. "Our definition of card-present and card-not-present will need to be looked at; the total cost of those transactions will be very different over time," Jonathan Vaux, executive director of Visa Europe, said in March. (Image: iStock)

Cost Hurdle of Mobile Card Readers

The business model of the mobile point of sale, which often involves providing a free, plug-and-play card reader to micro-merchants, will likely change once EMV-chip cards become common in the U.S. Square signaled this change last year when it announced it would charge a fee of $29 and $39 for the EMV-compatible versions of its hardware. It will still offer its non-EMV card reader for free, and many merchants might stay with that version to save money. (Image: iStock)