With the recent announcement that PayPal will team up with Android Pay to bring its services to the m-payments world, and a survey highlighting mobile payment capabilities as the most in-demand technology for retailers, the industry is clearly in the midst of a boom.
However, this continued proliferation can only be maintained if security considerations make up a key part of mobile payment implementation. This is according to enterprise app security specialist Promon.
According to the survey, 65 per cent of the IT managers and C-level executives polled cited m-payments as being the most sought-after technology at their organisation. In the face of this sustained growth, it is crucial that businesses are mindful of the wider attack surface that this creates for cybercriminals, as well as the fact that user habits are still not up to scratch when it comes to responsible mobile device usage.
Tom Lysemose Hansen, founder and CTO at Promon, says: “There is no doubt that mobile payments are set to play an increasingly pivotal role in the way people make purchases in future months and years. Despite their inevitable benefits in terms of convenience and user-friendliness, there remain security concerns that must be addressed before hackers capitalise on this rapidly growing adoption.”
To illustrate this point, separate research has pointed out that 34 per cent of mobile users do not lock their devices, and of those who do, 62 per cent use an easily decipherable code, such as 1234. This points to lingering security issues that are caused by individual user behaviour: as the number of devices embracing m-payment methods increases, cybercriminals have a much broader attack surface on which to conduct their activities.
Hansen adds: “With so many users neglecting to enforce strict security measures on their own devices, hackers have a potential entry point through which they can infiltrate a device, and ultimately access personal payment data stored within an app.”
To reduce the severity of this problem and to safeguard their reputations, Hansen believes that m-payment providers, banks and associated businesses need to take a twofold approach to security: encourage responsible user behaviour as a core tenet of their implementation and advertising campaigns, and take the initiative in securing their own apps.
Hansen says: “It is impossible for mobile payment providers and banks to monitor how every one of their customers is behaving. However, encouraging positive security practices can go a long way towards changing attitudes, and is a clear demonstration of an organisation’s commitment to comprehensive cybersecurity.
“Alongside this, mobile payment providers need to implement technology that protects individual apps from intrusion, regardless of any malware that may be residing on a user’s device. Runtime application self-protection (RASP) can work well here, by guarding apps both while they are running and idle. Such technology is simple to implement, and also aids mobile app development by ensuring security controls do not hinder the development process.”
He concludes: “With mobile payments continuing to surge in popularity, payment providers and their partners cannot afford to take any chances with security.”
The security worries around m-payments comes hot on the heels of more worrying data from from PYMNTS.com that suggests that both adoption of Apple Pay and its usage are showing the first signs of decline. Android Pay and Samsung Pay have yet to show this decline but this is due to the fact that they have not been around long enough to show this trend. Neither of these two offer anything that Apple does not and in almost every case, we think Apple does it better.
According to PYMNTS.com this is being driven by security fears and by the growing preference to use contactless cards in-store, which consumers find more user-friendly than Apple Pay.
