Mobile payments may finally be going mainstream. With the recent announcements of Samsung Pay and Apply Pay, it seems that mobile payments may be about to hit their stride. While these new technologies hold a lot of promise for the industry, there’s one aspect that shouldn’t be overlooked: security.
According to a recent report from DropLabs, while the actual payment piece of Apple Pay is secure, fraudsters have found a way to exploit the whole process by registering stolen cards on their own phones and not being properly authenticated by the credit card issuer that the right card is being loaded on the right phone. While a relatively low-tech form of exploitation, it raises a key point. Even though efforts have been made by the payment industry to enhance security through developments like NFC and the upcoming EMV standards, these only address a portion of potential security threats and it takes the full industry being focused on security at each step of the payment process in order for payments on any kind to actually be secure.
The payment industry must take a three-pronged approach from a technology standpoint to secure payments. Right now, the three critical elements we need for payment security include the transition to EMV, tokenization and encryption. Tokenization, the process of replacing the card numbers with scrambled digits after the initial authorization, significantly reduces the risk of a user’s card number being stolen or misused and is the type of technology that could have stopped the type of data breach Target recently faced. Another critical step in protecting payment data is encryption, which enables the data to be locked away so only those with the digital key can retrieve it and ensures that data isn’t sitting on a server unprotected. This greatly reduces the chance of a credit card breach, because thieves won’t have a repository of stored numbers to steal from. Beyond that, card issuers need to be vigilant in their authentication of card holders to ensure that the right card is in the right hand. All of these can work together to reduce fraud.
The industry needs to constantly be looking ahead at the next security challenge because with new technologies, come new opportunities for hackers to explore. We need to make sure every link in the security chain is strong. What changes do you think need to be made to ensure the newest generation of payment technology is secure? Visit us on Twitter at @Apriva and share your thoughts.
Brian Sadowski, Chief Information Officer