Risking your Mobile Payments Information

The financial and consumer worlds are once again set to embrace a new payment method. Mobile payment make it faster to purchase goods and services as well as make it cheaper and easier to process payments for the merchants and other companies involved. According to a Gartner there are currently over 100 million mobile payment users globally and estimates predict up to 90 billion dollars will be spent in 2011 using the mobile payment services that are currently being tested and provided.. Other reports expect this number to be at nearly 500 million users by 2014.

As companies and financial institutions are trying to develop more efficient avenues for consumers to make payments for their goods and services as well as making it easier for merchants around the world to accept payments, there is the risk side of this mobile payment technology. Every new payment method has been challenged with new forms of theft as groups of individuals and organizations spend their time and resources trying to figuring out how gain access to this data in order to steal. In the last 50 years it has included forging checks, stealing credit cards, skimming of the credit card mag strip, electronic readers to obtain information from the RFID chip, and the list goes on.

Consider a potential future crime, a gang of thieves may find it easier to rob a venue where people are gathered and instead of telling everyone to give them their wallets or jewelry, the thieves demand everyone given them their mobile devices. Transmission of the stolen mobile data could be transferred around the world in minutes and the financial information these devices have stored utilized minutes later.

The companies and financial institutions may have the counter argument that this could not happen because of the levels of security mobile devices currently have or will be required to have. I look at the levels of security required for different types of financial transactions like companies that are PCI compliant and the number of data losses that occur, or the security supposedly given to ACH and other payment methods and the financial losses that occur because of one reason or another. Obtaining pin numbers or passwords used to activate the ability to use the financial information on the mobile device might be a stumbling block. My argument would be, this has never been much of a problem for the thieves that have stolen ATM cards or other forms of payments that require pins or passwords I do not believe the new mobile payment technology will be any different.

Security for mobile devices has the potential to be compromised and a greater number of steps to protect the stored information will need. The need to review transaction history of each person purchasing history is paramount to stopping possible fraudulent transactions or attempted transactions. Employing this granular type of system would help in controlling losses.

Al Cameron