In our previous blogs we’ve focused on the history and form of mobile payment. In today’s blog, however, we are going to examine an issue that is becoming more and more important as mobile pay grows: security. Everyone loves convenience, speed, and ease of use but most consumers have the same vital question – is it safe to use mobile pay?
A definitive answer as to if mobile pay is secure enough for consumers can never truly be found, as the comfort levels with technology of consumers varies wildly depending on individual needs. Although one thing is certainly true, experts aren’t sold on the security yet1. A 2015 survey conducted by ISACA found that only 23% of experts agreed current security for mobile payments was sufficient while 47% claimed mobile payment security is overwhelmingly insufficient1. Despite this, 87% of experts agreed mobile pay usage will continue to rise, with a projected 4.77 billion mobile phone users by 2017, making security measures a necessity for the continued safe use of mobile pay1.
How are the payments currently secured? In previous blogs we touched upon the use of internet and NFC chips to process payments. Services like PayPal send payment information via the internet, while mobile pay services like Apple Pay utilize near-field communication (NFC) chips to send information between payment terminals and mobile devices2. With NFC chips, a phone (or credit card) can be placed near a terminal, and the terminal is able to read information from the chip and subtract funds from the information stored on it, allowing for the payment to process2. The security measure for NFC chips lies in a mechanism called the ‘secure element’ which holds authorization over the chips communications with a unique digital signature2. The security measures of the secure element are designed to protect the chip from hardware and software attacks from unauthenticated sources2. Whenever an authentic transaction takes place, the security element generates a specific, one-time use code which the terminal can use to access the information on the NFC chip2.
Despite these measures, mobile pay is still susceptible to attacks, which is reflected in the experts’ opinions. The biggest reason mobile pay is at risk is because of the massive amount of money being exchanged with it and one thing is always proven to be true: hackers follow the money3. Because there is such a large opportunity for profit (in this case from stolen funds), there will be a host of people interested in attacking the security of mobile payment for personal gain. Common methods of mobile pay security threats include phishing scams, hackers accessing phones via public wi-fi networks, human error, or chip manipulation1. In some cases hackers have been able to breach the secure code of terminals and re-create the technology, allowing them to create false terminals which interact with NFC chips and receive the unique codes from the secure element1. This in turn gives them free reign to manipulate data or access funds through the chip3.
While mobile pay may be safe enough for some, and woefully insecure for others, the reality we are seeing is that it is not a fad. Mobile pay is here to stay and growing fast. Consumers should be aware of the risks they face when using it and, hopefully, in the years to come these risks can be significantly reduced to protect all users.
Footnotes
1 Rampton, John. (Oct 4, 2016). Your Security Concerns About Using Mobile Payment are Valid. Entrepreneur. Retrieved From https://www.entrepreneur.com/article/282722
2 Profis, Sharon. (Sept 9, 2016). Everything You Need to Know About NFC and Mobile Payments. Cnet. Retrieved From https://www.cnet.com/how-to/how-nfc-works-and-mobile-payments/
3 Mukerji, Dipesh. (Nov 18, 2014). How secure are mobile payments? Kony. Retrieved From http://www.kony.com/resources/blog/how-secure-are-mobile-payments
