M-payments much more secure than bank cards - Atlanta Fed blog explodes security myth

M-payments much more secure than bank cards - Atlanta Fed blog explodes security myth

The mobile phone has the potential to offer a much more secure payment experience than bank-issued plastic cards, says the Atlanta Fed in a myth-busting blog post.

The post - penned by Cindy Merritt, assistant director of the Fed's Retail Payments Risk Forum - notes that security functionalities resident in the mobile handset provide authentication capabilities that don't exist in the current payments environment.

"The ability to add passwords and GPS location functionality to the handset represent additional security controls to accessing payment instruments in the future mobile wallet," she writes. "Today, there are no locks on your leather wallet to preclude a bad actor from stealing your credit and debit cards and using them for illicit activity."

With the US still in thrall to mag-stripe only cards, Merritt says that the technologies that protect current payment modes in the US are becoming increasingly obsolete and vulnerable to fraud.

"Card payments grow riskier every day as the United States remains reliant upon mag-stripe technology, which is very easy for criminals to breach and then use to clone cards for illegal payments," she states. "Because mobile devices will use contactless technology in the form of an embedded computer chip, the mobile phone will be a much more secure payment device than the plastic cards we use today."

The blog comes amid a flurry of activity in the mobile payments space, with bank card schemes, tech companies, handset manufacturers and Silicon Valley start-ups each lining up plans to trial NFC at the point-of-sale.

The Atlanta Fed has formed a mobile payments industry workgroup in conjunction with its counterpart in Boston, which late last month published a paper outlining the "foundational components" for a mass-market shift to m-payments in the US.

Comments: (2)

A Finextra member
A Finextra member 12 April, 2011, 15:44Be the first to give this comment the thumbs up 0 likes

I think some caution should be exercised around the definition of  'mobile payments'  Is this NFC? or is it mobile Internet? is it 'real' mobile commerce? Why is your phones location important if its a remote purchase? All Issuers/Acquirers can tell you exactly where a skimmed card was used. Geolocation has not driven the USA to embrace Chip and PIN, although POS focused counter-fraud systems have used it for years.

The myth that appears busted in this release seems to be the one that says the USA doesnt need Chip+Pin - clearly it does...

Jan-Olof Brunila
Jan-Olof Brunila - Swedbank - Stockholm 12 April, 2011, 20:06Be the first to give this comment the thumbs up 0 likes

How can a phone purchased with cash in a stand at the airport with a prepaid cash fueled sim card be more secure than a payment card issued to you by your bank? Who knows the identity of a phone owner? KYC does not apply for these services today and the devices do not have any sensible firewalls or anti virus programs... Obviously the mob phone business can be developed to meet all possible security and anti fraud demands in the future. But so can the US card business. For instance the US can issue chip cards! This analysis is perhaps not the most deep digging in the world.