Let me start by saying what wonderful things mobile payments and mobile banking are. You can’t deny the convenience of being able to bank, pay for goods and services, and perform P2P payments while “on the go”.
It is these little conveniences that help turn train and bus travel into something more useful than simply reading the newspaper.
With the introduction of mobile wallets and new security innovations, many companies are making big promises that your mobile is becoming the most secure means of banking and payments.
But is it?
Companies have spent a lot of time and money addressing security issues. And with large banks, PayPal, Google, MasterCard, Visa and many more active in the area, people can be forgiven for thinking that it must be a safe means of transacting. Even if they
lose their phone, their security credentials will remain safe and unexposed.
Maybe – but what if that individual then gave their security details to someone else? What if they made payments or transfers to someone they didn’t want to?
Of course that shouldn’t happen, but the problem with the mobile phone is that it makes it very easy for a physical attacker to force their victim to do just that
ATMs have built-in security cameras and only dispense limited amounts of cash. Stores have security cameras and security guards – as well as lots of people around. eCommerce and online banking are mainly done from the safety of your own home or workplace.
Mobile transactions, however, are done outside – walking in the street, going to the coffee shop, sitting on a park bench or coming home from the nightclub.
Now on your way home you don’t have to worry about someone stealing your phone or your handbag. Instead worry about them stealing every penny from your bank account or spending up to the limit on all the cards associated with your mobile wallet.
The real security issue is not the phone or the means of securing the transactions. The real security issue is the individual.
Traditionally, it needed sophisticated fraudsters and hackers to take your money, particularly since the introduction of EMV and PCI. Now any thug can rob you of much more than the cash in your wallet or purse.
Multi-channel transactions would help (started on one channel and finished on another), as would lowering transaction limits - although for NFC/Contactless there’s constant talk about increasing them. Nationwide recently introduced a new online banking app
which prevents the adding of new payees from the mobile. This is the sort of step that can help limit the risk.
Right now though, you’re walking about with potentially all the money you have in your pocket. Not a good idea.
I’m interested to see how the world of mobile banking and payments address this security gap.