Mobile Payments Soar in 2016
eMarketer is forecasting that “The total value of ‘proximity’ mobile payment transactions in the US will grow 210% in 2016.”
The expectation is that nearly one in five smartphone users are already using mobile payments to pay their bills or shop for new shoes.
I for one am petrified of this development. Not that it’s surprising.
There’s almost no way to avoid making a payment on your smartphone these days. That fact doesn’t make each payment I make any less unsettling.
For instance, something as simple as updating my Apple account information made me feel like I’m exposed for the world to see.
I needed to confirm my credit card account information and my mailing address. Acknowledging that I have read Apple’s security policy is also acknowledging that applications can access my email, contacts, and text messages.
If Apple has all this access, the hackers can’t be too far behind.
Sure, I could have avoided making the payment on my phone, but then it would have been a pain to switch devices and interrupt the momentum of the transaction. I just didn’t want to deal with the hassle.
And therein lies the rub. Convenience versus risk. It’s an eternal struggle (or not a struggle at all if your mobile technology works right).
Apps are Designed to Make our Lives Easier
Need to pay your phone bill? All of the major carriers offer payment options through apps you can download on your phone.
Need to buy a gift for your wife but you don’t have the time to run into a store? Pay through your Amazon app.
It’s the instant gratification world we live on.
However, there is a price to pay. You have to place total trust in the authentication and encryption methods that vendors have established.
The Outlook for Mobile Payment Security in 2016 is Cloudy at Best
Digital Trends pointed to mobile payments as one of the year’s most severe security threats (along with Ransomeware).
Meanwhile, according to the 2015 Mobile Payment Security Study, 47% of cybersecurity professionals stated that mobile payments aren’t secure, while 87% expect the number of mobile payment data breaches to surge over the next 12 months.
It’s simple math if you think about it.
The more transactions that we’ll see take place through mobile devices, the more opportunities there will be for hackers to swoop in.
Steve Lowing, director of product management at Promisec astutely explained to Digital Trends, “It feels like a new attack comes out an Android-based on phones every week since it is a dominant device.
Apple Pay is increasing market share, and almost everyone has a mobile phone as opposed to a laptop.”
Host Card Emulation is the True Detective
Sticking with the point Lowing made about Apple Pay, one of the driving factors for increased mobile payments is the standardization of mobile wallets on smart phones.
Along with Apple Pay, we are also seeing Android Pay and Samsung Pay come into play.
Still, mobile wallets don’t come without their own risk management challenges. Sensitive data (personal and financial credentials) need to be stored on a specialist security chip that resides on the phone.
Like EMV cards that have secure microchips, these physical chips still act as super-heated beacons of information that criminals are attracted to.
Host card emulation (HCE) attempts to replicate a card and all of its key traits – but the card itself will be in software form. No physical representation needed.
According to WIRED: “The full payment card data no longer needs to reside on a physical chip, which eliminates the need for a Secure Element (SE).”
We’ll also see the adoption of two-way authentication spike in an effort to mitigate mobile data breaches.
Mobile Security is Just One piece of the Application Security Pie
There are a number of missteps across physical and virtual platforms that have contributed to some of the most notorious security hacks known to man.
Get the scoop on these unforgettable data breaches so you can avoid making history.
Make sure you check out our eBook "After the Breach: Analyzing Hacks of the Past" and read about 10 of the largest data breaches and uncover how they could have been stopped before they started.