Monday, April 30, 2012

Risk Management in Mobile Commerce/Mobile Payments

It has become apparent that mobile commerce is set for a bright future, as it offers significant benefits and convenience for consumers, and has unrivaled opportunities for the merchants and financial services industry.

However, these opportunities carry certain risks, and it is important that all parties involved in mobile commerce – be it the consumer/payer, the merchant/payee, or the financial institutions – take appropriate steps to manage this risk. Though the amount of risk differs for remote mobile payments vs. “proximity mobile payments,” the presence and reality of risk remains the same.

The root of the risk

In proximity mobile payments (used for in-store mobile commerce), a mobile device carrying a chip or a magnetic stripe is used for payments in a physical store (with no PIN entry or signature). Unfortunately, there is currently a lack of technology standards in the industry, and a great variety in the ways the different manufacturers of payment chips and mobile devices allow communication between the buyer’s device and the seller’s reader. At best, this lack of standardization and integration slows down the adoption and growth of proximity mobile payment usage among the general public, hindering mobile commerce; at worst, it leaves the entire value chain bereft of the strongest possible defensive measures, leaving the industry more vulnerable to criminal attacks.

Remote mobile payment (in-home mobile commerce), on the other hand, is a slightly different story. As transmission of payment information depends completely on software-based security, it is vulnerable to every single threat that can attack a personal computer, tablet, or mobile phone – and we all know how numerous and malicious those threats can be. 

As bad as the picture may look for desktop or laptop users, it can be even more worrisome for smartphone users, as the software available for protecting smartphones from malware is still at a lower level compared to the software currently available for protecting desktop computers and laptops. In addition, as devices are most vulnerable to malware when they are turned on, the limited time we keep our computers on likewise limits their vulnerability. Smartphones, on the other hand, are often kept on 24/7.

So yes, there is reason for concern. Fortunately, the payment and software industry have begun addressing these concerns. Another good news is that we are not starting from scratch.

Although mobile payment is a new technology, the risks associated with it are very similar to relatively older practices of contactless transactions and e-commerce transactions. Therefore, the tools we have used to control fraud in these old channels can be used to control fraud in mobile commerce as well. 

Security measures

An instrumental factor in keeping mobile transactions secure is the financial institutions. To protect their clients from fraud, financial institutions need to

  • review their back office processes, to ensure that these support emerging mobile channels;
  • adjust their fraud prevention alerts, tracking of spending trends, and other security methods, to react more effectively to potential mobile-based-fraud activity; and
  • ensure that their software applications meet all the necessary certifications and requirements of the payment brands.

On their part, payment brands can prevent mobile commerce fraud by

  • constantly reviewing and revising payment security standards so that they remain applicable and relevant to the mobile channel;
  • regularly tracking and updating the certification of devices and third-party applications; and
  • continually building partnerships between mobile network operators and financial institutions as they introduce secure payment solutions.

Mobile network operators are typically the customer’s first contact point when it comes to mobile commerce. To help prevent fraud, mobile network operators should 

  • ensure that all mobile phones that are used to make proximity payments have the required certifications and requirements of payment brands;
  • include mobile security software automatically in their phones, so that the protection they provide is available in the phone right out of the box; and
  • educate their customers about general mobile security.

Because the consumer holds the greatest risk for personal loss when it comes to mobile commerce, the consumer must also take responsibility for his or her own safety. Consumers can minimize their risk of becoming fraud victims by

  • making sure the set a good, strong password for accessing payment applications on their phone;
  • never ever sharing confidential information such as PINs and credit card numbers or even account numbers;
  • downloading applications only when they are very, very sure the source can be trusted;
  • being wary of responding to text messages from unknown numbers, even if the senders name themselves as a representing a trusted institution;
  • physically safeguarding their phone as carefully as they do their wallets; and 
  • reporting immediately to the concerned institution if their phone ever gets lost or stolen.

Last but not the least among the players in fraud prevention is the vendor. They are, in fact, the very frontline in fraud defense. To meet this responsibility properly, vendors should

  • ensure that they meet all PCI DSS and PCI PA-DSS requirements. This includes the installation of POS systems that are EMV compliant;
  • limit their distribution channels to trusted sources only; and
  • provide end-to-end encryption of data using protocols other than CDMA, GSM, and other mobile protocols.

Indeed, mobile commerce is still in its development stage, and much can still be done to manage risk and improve security in the mobile payments industry. However, considerable progress is being made towards increasing awareness about various risky scenarios and managing those risks, allowing mobile commerce to continue to advance quickly. 

1 comment:

  1. Ho có đờm đặc kéo dài lâu ngày uống thuốc gì?Hấp cách thủy mật ong, gừng thái lát và quất tắc. Mỗi lần hâm nóng lại 1 – 2 thìa canh cho người bệnh uống vào sáng và tối
    Cách chữa ho có đờm cho trẻ emNướng trực tiếp trên lửa nhỏ và liên tục lật quả cam để vỏ không bị cháy. Nướng chừng 10 phút là được
    Cây huyền sâm là gì có tác dụng thế nào?Cây hắc sâm chữa bệnh rất tốt, cây hắc sâm có tác dụng thanh nhiệt giáng hỏa, sinh tân, dưỡng huyết, có tác dụng giải độc, tiêu viêm, nhuyễn kiên tán kết
    Cam thảo đất có tác dụng gì?Trong y học cổ truyền và y học hiện đại, cây cam thảo đất được nghiên cứu có tác dụng bất ngờ trong việc chữa trị nhiều bệnh lý quan trọng cho con người
    Sữa ong chúa bôi mặt có tác dụng gì?Sữa ong chúa tươi nguyên chất là món quà của người mẹ thiên nhiên ban tặng cho con người. Có rất nhiều công dụng cho sức khỏe và làm đẹp được mọi người tin tưởng sử dụng rất nhiều
    Sữa ong chúa tươi nguyên chất có tác dụng gì?Sữa ong chua nguyên chất là sản phẩm tinh túy nhất của ong thợ tiết ra dùng để nuôi ong.
    Sữa ong chúa linh nhâm là gì?Chị em phụ nữ chúng ta từ lâu đã tin tưởng vào tác dụng làm đẹp từ mật ong.
    Cá trắm đen làm món gì ngon?Thịt cá trắm chắc, thơm ngon và được chế biến thành rất nhiều các món ngon như cá trắm kho, cá trắm nấu canh chua hay sốt cà chua.
    Cách làm cá chép om dưa ngonVào thời tiết se lạnh mà được thưởng thức món cá chép om dưa với hương vị thơm ngon, hấp dẫn của thì không thể chê vào đâu được.
    Cháo trai có tác dụng gì?Thịt trai được chế biến thành nhiều món ăn ngon, lạ miệng hấp dẫn, đặc biệt món cháo trai không chỉ món ăn lạ miệng mà còn món ăn bổ dưỡng, chữa bệnh tuyệt vời
    Rau tía tô có tác dụng trị bệnh gì?Để giúp mọi người hiểu rõ hơn tác dụng của loại rau thơm này, sau đây chúng tôi xin chia sẻ một số thông tin ở bài viết dưới đây. Mời bạn cùng xem nhé!