Home » Risk Management » Understanding Mobile Payment Risks

Understanding Mobile Payment Risks
Discover how mobile payments work and how to best manage mobile payment risks that can be present when utilizing this technology.

Home » Risk Management » Understanding Mobile Payment Risks

Understanding Mobile Payment Risks

Discover how mobile payments work and how to best manage mobile payment risks that can be present when utilizing this technology.
As a relatively new financial service, mobile payments have the potential to significantly change how consumers buy and sell goods using their phones, tablets, and other devices. While mobile payments will undoubtedly become more popular, such payments are not without risks. Read on to learn about mobile payment risks and what you can do to minimize them.

 

What Are Mobile Payments?

Generally, mobile payments are defined as using a mobile device—usually a smartphone or tablet—to initiate a transfer of funds to people or businesses. Mobile payments can be made at the point of sale (POS) or to facilitate person-to-person payments.

In either case, mobile payments are enabled by the increasing popularity of smartphones, the availability of POS terminals equipped to process transactions using near-field communications (NFC), and the growth of alternative cloud-based mobile payment solutions.

There are five main types of mobile payments:

 

  1. Mobile wallet: Uses a phone’s NFC protocol that allows for the encrypted exchange of payment between two devices
    • Examples: Google Wallet, Apple Pay
  2. Mobile phone as POS: Allows users to attach a card reader directly to their phones to process payments
    • Examples: Square, VeriFone
  3. Other types of mobile payments: Any mobile payment that isn’t considered a mobile wallet or mobile phone as POS
    • Examples: PayPal (when bumping phones to send money to someone), Serve
  4. Direct carrier billing: Payments are billed directly to a mobile phone account; merchants pay directly by mobile carrier, bypassing traditional payment networks
    • Example: buying a ringtone or app if it is added directly to your phone bill
  5. Closed loop mobile payments: When companies create their own type of mobile payment system
    • Example: Starbucks

 

Why Would Businesses Use Them?

Mobile payments are advantageous because:

  1. Consumers no longer need to carry around credit cards or cash, eliminating the possibility of loss or theft of those items.
  2. Some mobile payment systems charge less for credit card fees than credit card companies.
  3. The payment is made using a phone or tablet and stores no credit card data with the company, making it harder for criminals to steal.
  4. They enable companies to implement loyalty programs more efficiently. Customers no longer need to keep track of purchases or reward points manually.
  5. It is easier to track customer behavior because payment systems keep databases of what consumers bought and how they paid.
  6. Checkout time is decreased.
  7. They give consumers more ways to pay.
  8. They allow smaller businesses to become more competitive with larger chains.

 

Mobile Payment Risks

While mobile payment systems have clear advantages for businesses, they also come with a fair amount of risk.

 

Compliance

As with any new product offering, businesses interested in using mobile payment systems should have a broad review and approval process to ensure compliance with internal policies and applicable laws and regulations. Unlike most banking products that allow institutions to control much of the interaction, mobile payments require the coordinated and secure exchange of payment information among several unrelated entities.

Making matters more challenging is that much of the innovation in the mobile payments marketplace is driven by entrepreneurial companies that may not be familiar with supervisory expectations that apply to banks and their service providers. To date, no federal laws or regulations specifically govern mobile payments. However, the laws and regulations that apply to traditional payment methods also apply to mobile payment. For example, the laws and regulations governing traditional credit card payments will cover a mobile payment funded by the user’s credit card.

Mobile payment technologies that do not use the existing payment infrastructure would not be subject to laws and regulations that currently cover such payments. In addition, certain mobile payment providers may be subject to the jurisdiction of one or more federal or state regulators.

 

Fraud

Businesses should be particularly conscious of the potential and perceived risk of fraud in mobile payments. Customers are more likely to adopt the use of mobile payments if they are confident that the provider has taken appropriate steps to make this service secure by protecting their funds and confidential account information. Encrypting sensitive information stored on the mobile device and providing the ability to disable or wipe the device clean if it is lost or stolen are effective controls that should be considered as part of any mobile payment service.

According to a recent study by LexisNexis, small businesses lose more revenue to mobile payment fraud than larger businesses because they are less likely to protect themselves from fraud. Mobile malware is a constant danger to these businesses, as they may not employ an entire IT staff to handle various cyber threats. The LexisNexis study found that 39% of the fraudulent transactions against the surveyed parties involved a credit card, while just 12% involved a debit card.

Identity theft is the most popular type of fraud associated with mobile payments. Criminals can effortlessly make purchases and access personal information on a lost or stolen smartphone, often without the consumer’s knowledge. The whole point of mobile payment systems is to make it easier for consumers to buy things, but that also means criminals have the same ease of use.

 

Growing Popularity

The more popular mobile payments become, the more they will be targeted by hackers and thieves. And since the regulatory landscape is lagging with these payment methods, they are not as safe now as they will be in the future. While most Americans own a smartphone, they may not understand the privacy implications of storing all their data on it. As more consumers use mobile payment systems, we should see an increase in consumer and business vigilance.

 

Recommendations for Minimizing Risks

There are various measures you can take to shore up the security of your mobile payment system:

 

  • Authenticate the consumer’s identity and device when accepting card-not-present payments.
    • Mobile apps are generally better at protecting customers’ data than mobile browsers.
    • Two-factor authentication is the best way to prevent fraud.
  • Track fraudulent activity by payment type.
    • According to the LexisNexis study, only 48% of merchants tracked fraudulent activity by payment type (online, mobile, in-person, etc.). It is easier to identify trends and prevent fraud by using this method.
    • Mobile payment systems allow businesses to do this more efficiently than ever.
  • Report suspicious activity immediately to consumers and your mobile payment company.
  • Make sure your payment systems are up to date at all times.
    • Patching eliminates specific vulnerabilities. Also, make sure your business’ computers are patched regularly.
  • Have visitors or vendors sign in, and keep an eye on them while they are at your business.
As a relatively new financial service, mobile payments have the potential to significantly change how consumers buy and sell goods using their phones, tablets, and other devices. While mobile payments will undoubtedly become more popular, such payments are not without risks. Read on to learn about mobile payment risks and what you can do to minimize them.

 

What Are Mobile Payments?

Generally, mobile payments are defined as using a mobile device—usually a smartphone or tablet—to initiate a transfer of funds to people or businesses. Mobile payments can be made at the point of sale (POS) or to facilitate person-to-person payments.

In either case, mobile payments are enabled by the increasing popularity of smartphones, the availability of POS terminals equipped to process transactions using near-field communications (NFC), and the growth of alternative cloud-based mobile payment solutions.

There are five main types of mobile payments:

 

  1. Mobile wallet: Uses a phone’s NFC protocol that allows for the encrypted exchange of payment between two devices
    • Examples: Google Wallet, Apple Pay
  2. Mobile phone as POS: Allows users to attach a card reader directly to their phones to process payments
    • Examples: Square, VeriFone
  3. Other types of mobile payments: Any mobile payment that isn’t considered a mobile wallet or mobile phone as POS
    • Examples: PayPal (when bumping phones to send money to someone), Serve
  4. Direct carrier billing: Payments are billed directly to a mobile phone account; merchants pay directly by mobile carrier, bypassing traditional payment networks
    • Example: buying a ringtone or app if it is added directly to your phone bill
  5. Closed loop mobile payments: When companies create their own type of mobile payment system
    • Example: Starbucks

 

Why Would Businesses Use Them?

Mobile payments are advantageous because:

  1. Consumers no longer need to carry around credit cards or cash, eliminating the possibility of loss or theft of those items.
  2. Some mobile payment systems charge less for credit card fees than credit card companies.
  3. The payment is made using a phone or tablet and stores no credit card data with the company, making it harder for criminals to steal.
  4. They enable companies to implement loyalty programs more efficiently. Customers no longer need to keep track of purchases or reward points manually.
  5. It is easier to track customer behavior because payment systems keep databases of what consumers bought and how they paid.
  6. Checkout time is decreased.
  7. They give consumers more ways to pay.
  8. They allow smaller businesses to become more competitive with larger chains.

 

Mobile Payment Risks

While mobile payment systems have clear advantages for businesses, they also come with a fair amount of risk.

 

Compliance

As with any new product offering, businesses interested in using mobile payment systems should have a broad review and approval process to ensure compliance with internal policies and applicable laws and regulations. Unlike most banking products that allow institutions to control much of the interaction, mobile payments require the coordinated and secure exchange of payment information among several unrelated entities.

Making matters more challenging is that much of the innovation in the mobile payments marketplace is driven by entrepreneurial companies that may not be familiar with supervisory expectations that apply to banks and their service providers. To date, no federal laws or regulations specifically govern mobile payments. However, the laws and regulations that apply to traditional payment methods also apply to mobile payment. For example, the laws and regulations governing traditional credit card payments will cover a mobile payment funded by the user’s credit card.

Mobile payment technologies that do not use the existing payment infrastructure would not be subject to laws and regulations that currently cover such payments. In addition, certain mobile payment providers may be subject to the jurisdiction of one or more federal or state regulators.

 

Fraud

Businesses should be particularly conscious of the potential and perceived risk of fraud in mobile payments. Customers are more likely to adopt the use of mobile payments if they are confident that the provider has taken appropriate steps to make this service secure by protecting their funds and confidential account information. Encrypting sensitive information stored on the mobile device and providing the ability to disable or wipe the device clean if it is lost or stolen are effective controls that should be considered as part of any mobile payment service.

According to a recent study by LexisNexis, small businesses lose more revenue to mobile payment fraud than larger businesses because they are less likely to protect themselves from fraud. Mobile malware is a constant danger to these businesses, as they may not employ an entire IT staff to handle various cyber threats. The LexisNexis study found that 39% of the fraudulent transactions against the surveyed parties involved a credit card, while just 12% involved a debit card.

Identity theft is the most popular type of fraud associated with mobile payments. Criminals can effortlessly make purchases and access personal information on a lost or stolen smartphone, often without the consumer’s knowledge. The whole point of mobile payment systems is to make it easier for consumers to buy things, but that also means criminals have the same ease of use.

 

Growing Popularity

The more popular mobile payments become, the more they will be targeted by hackers and thieves. And since the regulatory landscape is lagging with these payment methods, they are not as safe now as they will be in the future. While most Americans own a smartphone, they may not understand the privacy implications of storing all their data on it. As more consumers use mobile payment systems, we should see an increase in consumer and business vigilance.

 

Recommendations for Minimizing Risks

There are various measures you can take to shore up the security of your mobile payment system:

 

  • Authenticate the consumer’s identity and device when accepting card-not-present payments.
    • Mobile apps are generally better at protecting customers’ data than mobile browsers.
    • Two-factor authentication is the best way to prevent fraud.
  • Track fraudulent activity by payment type.
    • According to the LexisNexis study, only 48% of merchants tracked fraudulent activity by payment type (online, mobile, in-person, etc.). It is easier to identify trends and prevent fraud by using this method.
    • Mobile payment systems allow businesses to do this more efficiently than ever.
  • Report suspicious activity immediately to consumers and your mobile payment company.
  • Make sure your payment systems are up to date at all times.
    • Patching eliminates specific vulnerabilities. Also, make sure your business’ computers are patched regularly.
  • Have visitors or vendors sign in, and keep an eye on them while they are at your business.

The Last Word

Mobile payments are becoming an increasingly important part of the payment landscape. Expect to see new types of payment options, added security benefits, and increased consumer confidence in the platform. Contact InsureGood an InsureGood Advisor today to discuss how to best manage mobile payment risks.

Additional Resources

two IT associates conducting penetration testing

What is Penetration Testing?

Learn more about what penetration testing is, the benefits of such testing, and best practices for carrying out a successful test within your organization.

Read More

a woman on her laptop using two factor authentication

The Importance of Two Factor Authentication

While no cyber security method is foolproof, using two-factor authentication can add an extra layer of security to your online accounts. This document provides an overview of two-factor authentication and why it's important for businesses.

Read More

Loading...