NFC contactless payments, and P2P mobile payments are fast gaining momentum in the payments world. Banks, retailers, network operators, amongst others are all rushing for land grab, rolling out new NFC-enabled cards, mobile wallets and mobile phones for us to use in our daily lives. It’s fantastic that we are embracing this technology, and I truly believe that in particular, mobile payments, is the future, however, the rush to get a slice of the market has led to compromised security as reported in recent news sources.

Fox News recently highlighted that fraudsters have yet again evolved with technology and found ever clever ways to steal our personal details. They’ve created a discrete device, similar to the technology used for retail terminals, that simply suck outs the information from your bank card in a single swipe. They don’t even need to see your card to be able to do this – they can extract all the information they need through your bag or clothes and, shockingly, start spending your money since, as reported, some online merchants do not require the CCV code.

Clearly, contactless payments and P2P mobile payments are in an evolutionary technology stage, and the primary focus for card makers, mobile phone developers and retailers is to focus on functionality, sometimes at the expense of security.

Security solutions need to work on the premise that fraudsters will continue to outsmart technology, infiltrate our systems and devices, and steal our credentials. The eco-system is so complex that it is virtually impossible to stop them but the technology exists to stop them from benefiting from using that data.

Using a multi-factor and multi-layer authentication approach that incorporates visible and invisible layers, creates a very complex security model that makes it extremely difficult for a fraudster to compromise the customer, yet maintains a very user friendly experience. As I’ve discussed in previous blogs, four factors are needed to sufficiently secure transactions, namely something you know (a PIN or password), something you have (a phone), something they you (for example your voice), and somewhere you are / are not (jurisdiction authentication based on proximity analysis).  However, we can take the security model even further by applying a 5th Factor, the trust factor.

The trust factor is a protected channel, created in real-time, that exists for the duration of the transaction only, and like the other factors, is an invisible layer of security that ensures that data transmitted is protected to the highest level of encryption standards. These invisible layers can be blended together, dynamically, relative to the perceived risk of any transaction, to ensure that transactions are adequately secure but, at the same time, don’t burden the user with overly complicated security procedures, making customer experience a pleasant one.