Blog article
See all stories »

New Ways to Pay Require New Ways to Secure

Although only recently introduced, the trend lines for the adoption of mobile wallet technologies like Apple Pay, Google Wallet and Android Pay resemble those of smartphones—hockey-stick growth curves.

One report anticipates global mobile wallet transaction volume will become the leading payment method in 2019, enabling $647 billion in transactions compared to $577 billion with credit cards and $412 billion with debit cards.

As remarkable as this development is, the millions of mobile wallet users still only represent a fraction of the total number of mobile phone owners. The 90 million users expected in 2019 will make up less than half of the total smartphones in the U.S. alone. So the growth potential of this platform is wide open.

Mobile Wallets—The Next Big Thing for Fraudsters

The proliferation of mobile wallets is good news for consumers, retailers, financial institutions, and fintech companies. Unfortunately, it’s also good news for thieves. Nothing invites fraud quite like the introduction of a new technology and the potential security holes it often opens up. A rushed rollout can create massive opportunities for fraud, as we’ve already seen in the initial rollout of Apple Pay. In their zeal to provide a frictionless experience for customers, gaping security holes were exposed.

While both the banks and Apple moved quickly to rectify that situation, fraudsters continue to target mobile wallets. According to Javelin Strategy & Research, approximately 112,000 mobile wallet-related accounts were taken over by fraudsters in 2015, back when only 23 million mobile wallets were in circulation.  It is therefore reasonable to predict mobile wallet fraud will increase as adoption rates climb.

Additionally, the switch to the EMV (Europay, MasterCard and Visa) chip card security standard is expected to accelerate the mobile wallet fraud. While the migration to EMV has been successful in dramatically reducing the production of counterfeit plastic cards, today’s sophisticated, adaptable fraudsters continue to go after the vulnerable digital channel. And mobile wallets are no exception. Malware with capabilities such as overlay attacks, rogue apps, and message interception abilities are specifically targeting mobile wallet users.

Shoring Up the Holes

To counter attack, many organizations are upping their security game by incorporating device intelligence technology designed specifically to protect the mobile channel.

One of the primary problems in mobile wallet fraud lies in the current enrollment process. In this process, when a new payment card is added to a digital wallet, the mobile wallet provider attempts an initial verification to determine if card information matches the user information on file.

If there is a discrepancy and additional verification is required, the card issuer then requests additional authentication, typically done through one-time codes sent through text message or through call center verification. Unfortunately, both of these methods for authentication are insecure, and are the weak link inviting the fraudsters to the party.

Verification by text message is susceptible to man-in-the-middle attacks and other forms of fraud. For this reason, the National Institute of Standards and Technology (NIST) recommends it not be used for authentication.

Likewise, call center verification doesn’t fare much better. In addition to being time consuming, not consumer friendly, and costly for the organization, it can be even more insecure than text message authentication and can be easily thwarted by fraudsters.

Both of these routes overlook a method for mobile wallet authentication that provides enhanced security and protection—sending notification to users for additional verification via the bank’s mobile app or directly to the mobile wallet. Communication through these dedicated apps, coupled with device authentication software, can be remarkably secure, as it delivers point-to-point communication for server-to-client messages along an encrypted path. This is the most secure method for transmissions to be sent, which prevents interception and replay. This secure message delivery system allows payment card issuers to make authorization decisions with confidence.

Mobile wallets have the potential to become a potent force in enabling frictionless transactions, delighting customers and increasing usage. Such a development would be a big win for financial institutions, retailers, and consumers alike. However, as the title of this article suggests, new ways to pay require new ways to secure. When introducing disruptive technology, it is imperative for financial institutions and technology firms to place a priority on incorporating contemporary methods of risk reduction that have been designed specifically for the uniqueness of mobile interactions.


Comments: (3)

A Finextra member
A Finextra member 18 October, 2016, 16:00Be the first to give this comment the thumbs up 0 likes

Interesting read given the trends pointing upwards in mobile wallet use. Appreciate the simplicity of the solution.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 18 October, 2016, 17:42Be the first to give this comment the thumbs up 0 likes

Even if this is a disguised sales pitch for the author's company, I find its premise baseless:

  • "Although only recently introduced,...". LOL. This Payments Source article lists several active and dead mobile wallets from 2009. I've been hearing that mobile wallets will become mainstream the next year for at least 5 years now. 
  • "the trend lines for the adoption of mobile wallet technologies like Apple Pay, Google Wallet and Android Pay resemble ... hockey-stick growth curves." ROTFL. According to this New York Times article, "In the United States, an estimated $8.7 billion in purchases were made with phones in 2015, according to a survey by eMarketer, a research firm. That is a mere 0.2 percent of the estimated $4.35 trillion of in-store sales last year." There are any number of articles that say that mobile wallet adoption has been lacklustre. Can you quote a single source that supports your claim of hockey stick growth based on actual numbers (instead of perennial forecasts)?
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 19 October, 2016, 19:37Be the first to give this comment the thumbs up 0 likes

"The number of North Americans using their mobile phones for payments at the point of sale has remained flat over the last year".

Doesn't exactly sound like hockey stick growth for mobile payments, does it?