As smartphones, tablets and other sorts of mobile devices proliferate, enterprises are developing mobile first strategies for their electronic services. Nowadays, there are already web transactions and interactions that are primarily performed through mobile devices, rather than through conventional desktop or laptop computers. Web search is a prominent example: Last year the number of Google queries executed from mobile devices exceeded the number of computer-based searches. This trend is gradually extending to all sorts of electronic transactions, such as mobile banking and mobile commerce (m-commerce) transactions. However, when it comes to transactions that involve payments, end users could be more reluctant, especially when they are concerned about security and privacy issues. Fortunately, there is great interest in mobile payments security, including a surge of innovative products and services. Nevertheless, security is not only a technology solutions game but rather a discipline that asks for awareness and engagement from multiple stakeholders, including the end users of mobile payment applications.
Mobile payments concern in most cases payments from users who are on the move, including payments at the Point of Sale (POS). The most prominent technologies for supporting such payments include:
In this complex technological landscape- payment providers, merchants, and consumers are threatened in multiple ways. First, the security of the mobile devices that enable the payments can be compromised due to malware and spyware viruses. The viruses are installed by adversaries on the mobile devices in order to create security holes that could allow malicious parties to compromise the operation of the device, including the payment applications that run over them. As a prominent example, malware apps can act as loggers of information associated with the credentials or the cryptographic keys that are used in the scope of the payment transactions. Therefore, end users should be very careful about the applications that they download and install on their devices.
Malware finds fertile ground to penetrate a device, in cases where the device’s security is weakened. These are the cases of jailbreaking in Apple iOS devices and rooting in Android devices. Jailbreaking and rooting refer to the loosening of the security constraints that these mobile platforms deploy by default in order to prevent the installation and execution of malicious apps. Users are offered with the option of relaxing these default constraints in order to boost the performance or the functionality of some other app. However, this can have catastrophic consequences as it opens a backdoor for malware and spyware.
Another challenge stems from the complexity of the networked interactions of mobile applications. The latter is performed through a greater number of payment channels than in the past, while at the same time involving multiple cloud infrastructures and services. This complexity increases the number of possible cyber risks and provides more room for adversaries who could attack mobile payment infrastructures. This is the reason why m-commerce services providers are more vulnerable to cybersecurity attacks and must invest more in security technologies and processes.
Given the above threats, the following recommendations could be taken into account in order to increase the security of mobile payments:
Moreover, online payments have recently received significant attention from regulatory bodies, as they handle personal data and transfer sensitive data across different stakeholders. In this context, the second Payment Services Directive (PSD2) has been recently released in order to regulate electronic payment interactions, including mobile payments. PSD2 has also been integrated with Banking APIs, Open Banking and various innovative services offered by FinTech enterprises.
In the coming years, the trend of mobile payments will continue to grow. Hence, financial services stakeholders (including FinTech enterprises) should pay emphasis on designing and developing secure payment services for mobile users, along with services that comply with existing and emerging regulations. At the same time, end users should undertake a behavioral change towards more responsible and secure mobile transactions. The future of payments should be secure much as it is also mobile.
Technology Enablers of Manufacturing-as-a-Service
Cloud Continuum: From Cloud to IoT to Edge Computing
Optimal Neural Network Architectures for Edge AI
CIEM solutions: Manage access risk in multi-cloud environments
The emerging role of Autonomic Systems for Advanced IT Service Management
Next-Gen Resilience: Can companies deal with large-scale disruptions?
The Art & Science of Estimating User Stories Cost
Embedded Finance: The basics you need to know
Five Tips for a Successful ChatGPT Strategy
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
Enter your email id and we'll send a link to reset your password to the address we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is no cost to get on-board; if you are competent in your areas of focus, then you are welcome. As a part of this exclusive network you: