Mobile Payments: Mobile-first means Security-first
As smartphones, tablets and other sorts of mobile devices proliferate, enterprises are developing mobile first strategies for their electronic services. Nowadays, there are already web transactions and interactions that are primarily performed through mobile devices, rather than through conventional desktop or laptop computers. Web search is a prominent example: Last year the number of Google queries executed from mobile devices exceeded the number of computer-based searches. This trend is gradually extending to all sorts of electronic transactions, such as mobile banking and mobile commerce (m-commerce) transactions. However, when it comes to transactions that involve payments, end users could be more reluctant, especially when they are concerned about security and privacy issues. Fortunately, there is great interest in mobile payments security, including a surge of innovative products and services. Nevertheless, security is not only a technology solutions game but rather a discipline that asks for awareness and engagement from multiple stakeholders, including the end users of mobile payment applications.
Mobile payments concern in most cases payments from users who are on the move, including payments at the Point of Sale (POS). The most prominent technologies for supporting such payments include:
In this complex technological landscape- payment providers, merchants, and consumers are threatened in multiple ways. First, the security of the mobile devices that enable the payments can be compromised due to malware and spyware viruses. The viruses are installed by adversaries on the mobile devices in order to create security holes that could allow malicious parties to compromise the operation of the device, including the payment applications that run over them. As a prominent example, malware apps can act as loggers of information associated with the credentials or the cryptographic keys that are used in the scope of the payment transactions. Therefore, end users should be very careful about the applications that they download and install on their devices.
Malware finds fertile ground to penetrate a device, in cases where the device’s security is weakened. These are the cases of jailbreaking in Apple iOS devices and rooting in Android devices. Jailbreaking and rooting refer to the loosening of the security constraints that these mobile platforms deploy by default in order to prevent the installation and execution of malicious apps. Users are offered with the option of relaxing these default constraints in order to boost the performance or the functionality of some other app. However, this can have catastrophic consequences as it opens a backdoor for malware and spyware.
Another challenge stems from the complexity of the networked interactions of mobile applications. The latter is performed through a greater number of payment channels than in the past, while at the same time involving multiple cloud infrastructures and services. This complexity increases the number of possible cyber risks and provides more room for adversaries who could attack mobile payment infrastructures. This is the reason why m-commerce services providers are more vulnerable to cybersecurity attacks and must invest more in security technologies and processes.
Given the above threats, the following recommendations could be taken into account in order to increase the security of mobile payments:
Moreover, online payments have recently received significant attention from regulatory bodies, as they handle personal data and transfer sensitive data across different stakeholders. In this context, the second Payment Services Directive (PSD2) has been recently released in order to regulate electronic payment interactions, including mobile payments. PSD2 has also been integrated with Banking APIs, Open Banking and various innovative services offered by FinTech enterprises.
In the coming years, the trend of mobile payments will continue to grow. Hence, financial services stakeholders (including FinTech enterprises) should pay emphasis on designing and developing secure payment services for mobile users, along with services that comply with existing and emerging regulations. At the same time, end users should undertake a behavioral change towards more responsible and secure mobile transactions. The future of payments should be secure much as it is also mobile.
Getting the most from your Multi-Cloud Environment
AIOps: Empowering Automated and Intelligent Cloud Operations
Cloud Leaks: The basics you need to know
Data Modernization and the Cloud: A “Chicken-and-Egg” Relationship
Seven Cloud Security Challenges and Their Solutions
Hyperautomation: The Basics you need to Know
Outsourcing: How to Pick the Right Partner and Location
Digital Twins: A Vehicle for Safer, Trusted and More Efficient Industrial Processes
Surviving Cybercrime in 2021: Guidelines for Effective Cybersecurity Investments
Seven Ideas for the Future of Work
We're here to help!
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
If you are a Service Provider looking to register, please fill out
this Information Request and someone will get in
Enter your email id and we'll send a link to reset your password to the address
we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is
no cost to get on-board;
if you are competent in your areas of focus, then you are welcome. As a part of this exclusive