Some 57% of companies have adopted mobile payment systems, a recent survey shows.
“While mobile payments is already mainstream, the ecosystem continues to rapidly evolve as new partnerships are formed among a constellation of technology, financial, retail and telecommunications firms,” PwC notes in its latest report. “This shifting environment will likely bring unanticipated cybersecurity threats and broaden the cyberattack vector.”
Risks can result from new technologies and processes, as demonstrated during the high-profile rollout of Apple Pay in the US.
“Some of the initial challenges of Apple Pay weren’t necessarily issues with the physical or logical security of the phone or the credentials, but rather the process around enrollment,” said John LoBianco, vice president of information security for the Toronto based bank CIBC, cited by PwC. “When you have these new payment models, you have to look at the end-to-end lifecycle of enrolling a user, transactions that flow through the system and deenrolling users. When there are new processes, the bad guys will try to exploit human weaknesses just as much as technological weaknesses.”
Mobile payment technologies that transmit a token to merchant systems are considered fundamentally secure because no credit card information is stored on the device or transmitted to retailer point-of-sale systems, authors of the study say. But some believe smartphone-based payments are only an incremental step toward the future of transactions.
Truly innovative mobile payments completely remove the payment process from the user experience, according to Guido Sacchi, Global Payments’ executive vice president and CIO, who calls the seamless process used by ride-hailing service Uber a game-changer. The merchant uses a payment card on file, and customers’ cards are automatically billed.
“Uber has essentially made the payment step disappear from the entire user experience: You take your ride, you leave the car and you’re done,” said Sacchi. “If there is one thing that is a takeaway from all this, it’s that you need to look at both security and user experience. The winners in the marketplace are going to be those that strike the best balance between the two.”
The Global State of Information Security Survey 2016 is a worldwide study by PwC, CIO and CSO, conducted online from May 7, 2015 to June 12, 2015.