Mobile Payments: Mobile-first means Security-first

Mobile Payments: Mobile-first means Security-first
share on
by Sanjeev Kapoor 15 Jun 2018

As smartphones, tablets and other sorts of mobile devices proliferate, enterprises are developing mobile first strategies for their electronic services. Nowadays, there are already web transactions and interactions that are primarily performed through mobile devices, rather than through conventional desktop or laptop computers. Web search is a prominent example: Last year the number of Google queries executed from mobile devices exceeded the number of computer-based searches. This trend is gradually extending to all sorts of electronic transactions, such as mobile banking and mobile commerce (m-commerce) transactions. However, when it comes to transactions that involve payments, end users could be more reluctant, especially when they are concerned about security and privacy issues. Fortunately, there is great interest in mobile payments security, including a surge of innovative products and services. Nevertheless, security is not only a technology solutions game but rather a discipline that asks for awareness and engagement from multiple stakeholders, including the end users of mobile payment applications.


Mobile Payments Options

Mobile payments concern in most cases payments from users who are on the move, including payments at the Point of Sale (POS). The most prominent technologies for supporting such payments include:


Security Threats

In this complex technological landscape- payment providers, merchants, and consumers are threatened in multiple ways. First, the security of the mobile devices that enable the payments can be compromised due to malware and spyware viruses. The viruses are installed by adversaries on the mobile devices in order to create security holes that could allow malicious parties to compromise the operation of the device, including the payment applications that run over them. As a prominent example, malware apps can act as loggers of information associated with the credentials or the cryptographic keys that are used in the scope of the payment transactions. Therefore, end users should be very careful about the applications that they download and install on their devices.

Malware finds fertile ground to penetrate a device, in cases where the device’s security is weakened. These are the cases of jailbreaking in Apple iOS devices and rooting in Android devices. Jailbreaking and rooting refer to the loosening of the security constraints that these mobile platforms deploy by default in order to prevent the installation and execution of malicious apps. Users are offered with the option of relaxing these default constraints in order to boost the performance or the functionality of some other app. However, this can have catastrophic consequences as it opens a backdoor for malware and spyware.

Another challenge stems from the complexity of the networked interactions of mobile applications. The latter is performed through a greater number of payment channels than in the past, while at the same time involving multiple cloud infrastructures and services. This complexity increases the number of possible cyber risks and provides more room for adversaries who could attack mobile payment infrastructures. This is the reason why m-commerce services providers are more vulnerable to cybersecurity attacks and must invest more in security technologies and processes.


Recommendations and Supportive Regulations

Given the above threats, the following recommendations could be taken into account in order to increase the security of mobile payments:

Moreover, online payments have recently received significant attention from regulatory bodies, as they handle personal data and transfer sensitive data across different stakeholders. In this context, the second Payment Services Directive (PSD2) has been recently released in order to regulate electronic payment interactions, including mobile payments. PSD2 has also been integrated with Banking APIs, Open Banking and various innovative services offered by FinTech enterprises.


In the coming years, the trend of mobile payments will continue to grow. Hence, financial services stakeholders (including FinTech enterprises) should pay emphasis on designing and developing secure payment services for mobile users, along with services that comply with existing and emerging regulations. At the same time, end users should undertake a behavioral change towards more responsible and secure mobile transactions. The future of payments should be secure much as it is also mobile.

Recent Posts

get in touch

We're here to help!

Terms of use
Privacy Policy
Cookie Policy
Site Map
2020 IT Exchange, Inc