Some 87% of security specialists expect to see an increase in mobile payment data breaches over the next 12 months, yet 42% of respondents have used this payment method in 2015, according to the 2015 Mobile Payment Security Study from global cybersecurity association ISACA.
Only 23% believe that mobile payments are secure in keeping personal information safe, study shows. Nearly half (47%) say mobile payments are not secure and 89% consider cash the most secure payment method, yet only 9% prefer to use it.
“Mobile payments represent the latest frontier for the ongoing choice we all make to balance security and privacy risk and convenience,” said John Pironti, risk advisor with ISACA.
According to those surveyed, the most effective way to make mobile payments more secure is using a second identity authentication (66%), followed by requiring a short-term authentication code (18%). Far less popular was an option that puts the onus on the consumer installing phone-based security apps (9%).
Financial companies have a critical need for safer payment methods as their clients demand privacy, security and convenience in all transactions. Following the increasing number of malware samples and cyber threats, multiple banks and financial institutions have joined the FIDO (Fast IDentity Online) Alliance, to solve problems users face in creating and remembering multiple usernames and passwords (i.e. ING, Bank of America, Mastercard, Paypal).
These protocols do not use simple passwords anymore; they are now based on public key cryptography and strongly resist phishing. Users register their device to the online service by selecting a local authentication mechanism such as swiping a finger, looking at the camera, speaking into the mic or entering a PIN. Once registered, they simply repeat the local authentication action to authenticate to the service. The user no longer needs to enter a password when authenticating on that device. The Universal Authentication Framework feature also allows experiences that combine authentication mechanisms such as fingerprint + PIN.
The second factor allows online services to augment security of their password infrastructure by adding another strong factor to user login. The user logs in with a username and password, as before. The service can also prompt the user to present a second factor device any time it chooses. The strong second factor allows the service to simplify its passwords, such as a 4-digit PIN, without compromising security.
The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information never leaves the user’s device.
Here is a short list of tips for consumers:
- Understand your level of risk: Ask yourself what level of personal information and financial loss is acceptable to balance the convenience of mobile payments.
- Know your options: Understand the security options available to manage your risk to an acceptable level. Using a unique passcode should be mandatory, but also look into encryption, temporary codes that expire and using multiple ways to authenticate your identity.
- Value your personal information: Be aware of what information you are sharing – e.g., name, birthday, national identification number, pet name, email, phone number. These pieces of information can be used by hackers to gain access to accounts. Only provide the least amount of information necessary for each transaction.
Overall, the global mobile payment transaction market, including solutions offered by Apple Pay, Google Wallet, PayPal and Venmo, will be worth an estimated US $2.8 trillion by 2020, according to Future Market Insights.