Mobile payment is a more secure platform than Plastic card payment
Mobile payment is perceived to be risky by most individuals. But it is a myth. The security advantages of mobile payments may surprise the public as well as security experts. ISACA’s 2015 Mobile Payment Security Study shows that only 23 percent of IT and cyber security professionals said they believe mobile payments keep personal information safe. Still, the global number of mobile payment users is expected to reach 1.09 billion by 2019. Advancements in mobile payment security technology are curbing risks and improving consumer trust beyond levels traditionally associated with plastic payment cards. Tokenization, device-specific cryptograms and two-factor authentication are described as key improvements positioning mobile payments appeal to both consumers and vendors.
Tokenization which is a secure mobile payment applications, or mobile wallets, do not transmit a card’s primary account number (PAN). Instead it sends a randomly generated token to the point of sale (POS) terminal and payment network. This token safeguards the consumer’s data while in transit. It is the security solution that is pushing mobile payments ahead of card payments in consumer sensitive financial information protection in the continuous race to stay ahead of hackers and other threats. The tokens can be configured to only work for transactions that match specific criteria for an exact period of time, specific retailer and certain monetary amount. Only the issuing bank and authorized entities can securely map tokens back to the original payment card data.
Device-specific cryptograms ensure that the payment is originated from the card-holder’s device. If a hacker obtains mobile payment transaction data, the cryptogram that is sent to the POS terminal with the token is unable to be used on another mobile device. This helps render any stolen data un- forgeable and useless.
Two-factor authentication provides an additional layer to guard against mobile payment fraud by utilizing two independent mechanisms for authentication. Among the common credentials used are something the user knows (such as a password), something physical that the user has (such as a payment card or phone) and a biometric such as a fingerprint, voice print or facial recognition.
If a mobile device containing a mobile wallet is lost, the mobile device can be remotely erased. And since the consumer’s payment card information is not on the mobile device, the payment cards do not need to be replaced. Like consumers, merchants stand to benefit from mobile payments in many instances. Biggest advantage is that it would reduce fraud rate and lower costs. The report also notes that integrating mobile payments into a merchant’s business creates opportunities for more robust customer loyalty programs and allows for purchases in circumstances when customers do not have access to their physical payment card. While modern mobile payment methods offer many benefits, there is some potential vulnerability during the one-time enrolment when users register a payment card in the mobile wallet application. Mobile wallet providers use methods such as sending payment card data and a device’s geographical coordinates to issuing banks, and any discrepancies can result in a call seeking additional verification. The guide encourages vendors that adopt mobile payment options to regularly re-evaluate risk control measures to ensure any new scenarios that could emerge are sufficiently addressed.