While a recent report coming from the Institute of Electrical and Electronics Engineers shows that according to nearly 1400 tech enthusiasts (out of 2000 surveyed) mobile payments are sure to take over the payment market and clearly surpass cash and credit cards by the year 2030, other online sources still debate the degree of mobile payment technologies cyber-security.
The facts come in the shape of numerous data breaches accounts, and the businesses that are compromised range from small and medium to giant corporations – no one seems immune when it comes to cyber-attacks.
In these circumstances, mobile payment faces a yet unpredictable future. While it seems to be clear that companies will push for this type of payment taking over at some point, the precise time of occurrence still depends on how this technology will be able to fend off hackers and malicious actions. Educating the users and increasing the cyber-protection degree might improve the mobile wallet adoption rhythm, considered to be “still slow on the uptake” for the moment.
How does mobile payment work?
A 2014 (the year of Apple Pay debut) breakdown of Apple Pay explains how the user needs a picture of his or hers credit card (or a link to such a picture from its Apple account storage) and a Device Account Number issued by the bank associated with the card or by the corresponding payment network – a digital feature stored on the iPhone’s secure chip that emulates a contactless EMV card features.
Paying with this mobile system takes place when the user accesses the phone using its fingerprint (via Touch ID on iPhone 6 and later), and taps it to the payment terminal. Data is exchanged via the near-field-communication (NFC) system, which only circulates tokenized information (tokenized backend infrastructure), in order to limit the exchange to one particular transaction; the entire operation leaves the token code on the merchant’s system, thus protecting the customer account from intrusions.
For extra details on how the Apple Pay account functions, on its setup process, compatible devices, supported credit card providers and security features, check this article.
*Of course, no system is completely cyber-infallible, and the security specialists showed in 2015 a way in which identity thieves might breach the armor provided by Apple Pay – by using card verification values (CVVs) stolen from online stores to link compromised cards to Apple Pay accounts.
We can see how tokenization acts as a cyber-defense for all mobile payment systems that use NFC technology and tokenized data transmission – this procedure ensures an extra layer of security for the payment operation. TNW called tokenization “the key to mobile payment security”.
Samsung Pay
functions in a similar way to the previously mentioned mobile payment system (biometric authorization, NFC and tokenization included), but has added a feature that is meant to spearhead it on top of the mobile payment market –LoopPay’s Magnetic Strip Technology (MTS – also detailed as “magnetic secure transmission” by CNet). This technology allows contactless payments even without the NFC readers incorporated into the payment terminals, thus opening the possibility to use Samsung Pay with virtually any conventional terminal worldwide.
Samsung’s goal of making its payment system compatible with almost all PoS systems is thus attainable via this extra element.
A different concept of mobile payment system, Google Wallet will soon pull the Wallet Cards of the market (on June 30, 2016), leaving its customers with the ability to purchase Google Play items and use the GW as a peer-to-peer payment service.
Although this system’s functionalities are similar to Apple Pay, the difference resides in the way credit card data is stored – this Google app keeps the client’s card details on secured servers and uses SSL encryption – tokenization is not employed. That is why some users were not comfortable linking their cards with the payment app and Google offered the option of a physical Google Wallet card.
For the more curious of our readers, here’s a detailed Google Wallet guide for beginners from 2014’s Mashable staff.
Venmo
was dubbed the possible “next big thing” in mobile payment. It is a free-to-use platform that employs bank-level security and encryption in what looks similar to the Google Wallet system: the client’s financial information is encrypted and stored on secure servers.
However, the Venmo concept targets payments between people who know each other and can establish a certain level of mutual trust, since it does not provide buyer/seller protection nor implicit authorization for business usage. PayPal acquired this service in 2013, although it did not transfer its strongest security features to this non-commercial subsidiary service.
PayPal
mobile payment application requires the users to have a mobile phone number and enter a PIN each time a transaction takes place. Their services are generally considered secure since they operate like a bank, they provide a sophisticated security system and use two-factor authentication. Their decade-old experience is not to be neglected and it stand as proof they know how to protect their clients’ finances.
As you may see, the ease of use and rapid financial operations processing provided by mobile payment services do not come in all cases with enough cyber-security guarantees. Depending on the service you want to use, the encryption methods can vary, as well as the data protection degree. Take your time and study the conditions and limitations of any mobile payment systems in advance, as well as the user’s feedback and the specialists’ reviews – pay attention to what happens in case of a breach.
For the moment, this type of services is far from being flawless.
