Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:44 PM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail

Unresolved Issues Swirl Around Securing Mobile Payments

While many mobile payments startups are using both traditional and nontraditional authentication methods, regulatory uncertainty still exists around liability for fraud attacks on customers using mobile payments.



With all of the talk about mobile payments startups like Square these days, one might wonder about what kind of security issues could arise as more customers start using such payments services at the point-of-sale.

Although there haven't been any public attacks from fraudsters on alternative mobile payments providers such as Square, LevelUp or Dwolla, anecdotal stories are already circulating among security experts and regulators of such attacks, says Joram Borenstein, senior director of global product marketing at NICE Actimize, a risk, fraud and compliance solutions provider. Borenstein says that most of these anecdotal stories come from consumers' comments, vendors and regulators. And although so far there are only anecdotes, Borenstein, like many, expects there will be more public attacks down the road as more customers adopt these forms of payment.

[See Related: New Security Guidelines Issued for Developing Mobile Payments Solutions]

Many of these alternative mobile payments companies are using the security capabilities built into the mobile device itself to combat fraud. Borenstein says that several of these companies are taking advantage of the geo-location functions of mobile devices to track their customers to aid in authenticating transactions. He finds this method particularly effective: "It's easier today to track individuals than it is to track transactions for alternative payments providers."

Other alternative payments companies have had to turn to more traditional transaction-monitoring security methods. For instance, Square aggregates all of its transactions at its headquarters so all of its transactions show up as occurring in san Francisco, disqualifying geo-location security methods. So the company uses the same monitoring of transaction amounts that many banks already employ to detect suspect transactions, Borenstein says. The company also imposes a transaction size limit on new users for a certain period of time to make sure they are a legitimate customer.

One thing that still has to be worked out in this area is regulatory oversight. "The regulators are not yet clear who owns the regulatory oversight for these environments. These technologies tend to fall through the cracks even in terms of card-present or card-not-present," Borenstein explains. This could complicate liability issues that could arise between merchants and issuers over fraud in mobile payments, he adds. Regulators have begun talking to mobile payments companies about some of these issues, Borenstein relates. He expects some of the issues will be dealt with proactively by regulators working with the parties involved and some will be put off until a public fraud attack actually occurs. He anticipates that it will still be some time until that occurs: "It's still easier to put malware on a PC than on an iPhone or Android. It's not yet easy [for fraudsters] to make money off of mobile."

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2018 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service