Mobile Payments Bring New Opportunities – and New Threats

If modern technology is a universal language, today our world is getting schooled in innovation. Mobile devices have become an integral part of our lives. We game on them, surf on them, bank on them, and now there is the growing opportunity to buy things on them. The new era of mobile payments will likely mean that your phone never leaves your hand. Point of Sale (POS systems) set up with Near Field Communications (NFC) or the ability for a cashier to scan your phone with a QR card reader. This means that you should never hand your device over to anybody. Yet, research says that people have security fears, and these concerns are valid.

When we talk about mobile payments we usually get the same reaction from people: excitement and anxiety. We as human beings love convenience and gadgets that make everyday life easier. That said, we’re risk averse when it comes to our money.

With more sensitive data being held on smartphones, new security threats have emerged. Mobile users list remote access by hackers, interception of calls or data, device theft, or loss and the installation of malware and viruses, among their greatest concerns. Many of the threats that originated online are also moving to the mobile environment, including Distributed Denial of Service (DDoS) attacks, crimeware botnets, and “hactivist” groups such as Anonymous.

To reduce these inherent risks, organizations must look to adopt a mobility security strategy that addresses the mobile threat landscape.

Given the fact that in the near future mobile payments will enjoy rapid uptake, mobile network operators and financial institutions are challenged to provide a service that transmits payments quickly and reliably. Merchants are also looking to adopt mobile payments on a larger scale. While doing so, they are looking for industry expertise and guidance.

The PCI Security Standards Council issued a new document this month that explains its views on mobile payment security, and provides guidelines for how merchants can securely accept payments using mobile devices such as smartphones or tablets. Mobile payment security isn’t a one-size-fits-all challenge, however it is important to craft the mobility security strategy while delving deep into the world of mobile payments.

I was reading Abhi’s post on foiling the modern day Bonnie and Clyde and as he points out, the threats aren’t limited to computers. Our always-on mobile devices are ripening into a juicy opportunity for cybercriminals as we perform more transactions on the go.

Information security is not a “check the box” compliance exercise. No single solution can inoculate a network from attack, and protecting information is not solely IT’s responsibility. Instead, the new integrated security approach is predictive and organization-wide. It proactively protects while anticipating the worst. It embraces rather than bans. It focuses on trust, not paranoia.

By rethinking your information security strategy and using an integrated security approach, your organization can manage the right risks and drive value in the era of mobility.

Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu