The Impending Mobile Payments ExplosionJanuary 16, 2015
Whilst the technology involved in mobile payments has vastly improved since first being introduced, there is still a large majority unwilling to adopt it.
Well, the main reason for people remaining unwilling to adopt mobile payments is because they are extremely concerned about security and rightly so! There have been a large number of people who have fallen foul of data breaches, with their sensitive data and information being stolen, so consumers are right to be concerned.
However, for mobile payments to truly take off, trust from consumers is obviously needed. The industry has made some headway in developing consumer trust over the past year, but there remains some way to go before people are as confident and trusting of virtual payments as they are of those in the physical world.
Despite the trust issue, however, trends do indicate that mobile payments will become an everyday occurrence for most people.
So, how are mobile payments being made secure?
Host Card Emulation (HCE)
Before HCE was implemented into the payments industry, two ways of securing customer payment credentials were possible. The first was Secure Element (SE) in which credentials were stored in a specialist security chip within the phone, thus creating a mobile wallet where the SE could transmit sensitive data as and when required. The second was by using Card on File credentials which were stored/accessed via the cloud.
HCE enables card emulation on Near Field Communication (NFC) enabled phones without the need of a physical chip with full payment card data, hence removing the need for an SE. This change in technology has meant thousands of phones can be updated for mobile payments by means of downloading a simple app and has also opened the market up to ensure it is competitive.
Unfortunately as mobile payment technology advances, so too will the strategies of hackers. This is a given. However, vast improvements have been made in protecting card data during mobile transactions and tokenization is one such solution that is swiftly gaining ground within the industry.
Tokenization is essentially a process where card data is substituted during the transaction by alternative symbols yet still retains the original content but in a secure manner. This means that if hacked, the hacker would receive a tokenized number instead of the actual data they were after.
Challenges & Solutions
The biggest challenge affecting mobile payments is authentication. For consumers to build up trust there must be a strong authentication mechanism in place. But strong authentication is by no means easy to implement and becomes even more complex in this world where cybercriminals are becomingly increasingly risky, adventurous and not to mention clever! Neither HCE nor tokenization can prevent phones from being cloned, data stolen or money spent.
So how can the authentication challenge be solved?
Interestingly enough, mobile phones have put forward their own solution in that so much data (Wi-Fi, location, applications, contacts etc.) can now be stored on them that each one is effectively unique and can therefore be identified as such so that if a phone is cloned, this will be spotted and the fraudulent transaction blocked (hopefully).
Although this route to authentication is by no means fool proof it does offer a valid and worthwhile solution to the problem because it proffers a valuable way of determining whether a transaction is fraudulent or not.
As consumers become ever more aware of the efforts being made to make mobile payments increasingly secure, with robust authentication and effective encryption of data processes, it will no doubt ensure that the widely predicted mobile payments explosion does comes to pass this year.