Advertisements
Artificial Intelligence

Can we trust the Security of Mobile Payments

Info-Security – This blog post focuses on Mobile Financial Services Security and questions around mobile payments. These questions are very important to get answers for anyone whom so ever wants to enter in here. We will touch upon behavioural biometrics but will not go in details in this post. Behavioural biometrics, behavioural KYC data and behavioural analytics are very new concepts and still has a long way to go to establish itself. This is the 4th part of a 5-part story on Mobile Financial Services and security within.

 

Mobile Financial Services – Mobile Payments

Mobile Financial Services umbrella as a serious & independent business unit for many service providers.  What makes for some a success and not so good for some; all depends upon how focus & strategic business owners are.

Can we trust the Security of Mobile Payments

Ministry of innovation can add lots of excitement and increase fire about the security of transactions. Subscriber normally doesn’t ask too much in the low-value transaction but as it happens on a daily basis subscriber do get nervous and freak out more when they add their card or bank details on same. Please note this article is on a very very high level on the information on security and no means of teaching or guiding anything.

However, just because a big and renowned service provider (though almost all of them are coming out of this space with zero or no experience in payments) offers mobile payments does not mean; users should use the services with/without need or reasons. In some markets, merchants payments are welcomed and well accepted by subscribers but P2P payments are not and in some markets, it’s just the other way around.

 

 

A New Look at Mobile Payments Security

The main objective of this post is to just add some small spark on the need for security. We will try to answer a few questions around mobile payments. Anyone looking for a guide to implement or learn please refer certified martial. Can we trust the Security of Mobile Payments

I advise you not to use this material but yes can you use this post as sparking material. Source of the information is internet search via many website links, AILabPage’s in lab efforts and on ground relevant experience. This is easy, simple and quick information on a very very high level.

As said in some conference I attended last month “Inability to adapt to mobile payments can put your company at a competitive disadvantage”. This is seriously true in today’s time. Behavioural biometrics going to more robust, secure and authentic compared to our today’s time static biometric which are difficult to break but not impossible. Artificial Intelligence will boost info security through behavioural biometric intelligence in coming time. Mobile payments security will play a key role in the importance of info-security and privacy in payments. This industry is changing every day i.e it dynamic so why to rely on the static method of security.

We are living in an era of worldwide data wrestling scenarios, where everyone is collecting data. Data value could be more than fuel in near future but failure to understand exactly where and how sensitive data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions. This can create fraud spikes in rising transaction volumes can lead to performance bottlenecks as inefficient processing limits capacity and degrades the customer experience. How About velocity detection and velocity pattern analysis.

When e-commerce fraud spikes, it can be tempting for merchants to pile on more controls and risk turning away otherwise legitimate transactions that appear to be fraudulent. The alternative is often to shut off these controls altogether and leave themselves vulnerable to criminals. 

Neither extreme is ideal, and acquirers say merchants need to start taking a more systematic approach when setting fraud controls to avoid this dilemma. 

“Though extremely effective when methodically applied, fraud control parameters can be absolute and unforgiving when setting inappropriately and can unintentionally defeat legitimate transactions.

 

 

Mobile Payments Security Will Play a Key Role

At a first read over, velocity detection might seem like some complicated instrument mechanics would use at a theme park on a broken roller coaster. But in reality velocity detection is defined as checking the historical shopping patterns of an individual and matching that record against their current purchases to detect if the number of orders by the cardholder match up or if there appears to be an irregularity. Artificial neural networks will be helping in this particular space in the near future to make it much more strong.

A successful attack on the software-based mobile payment application could consist of decompiling the source code, where the attacker obtains access to all assets hidden in the application (such as tokens and cryptographic keys). The integrity of an application can also be compromised by data tampering and cloned applications intercepting sensitive data. Another point of vulnerability is a merchant’s mobile POS, as a fraudulent merchant could tamper with the mobile application controlling the mobile POS. With these methods, an attacker can obtain assets such as user and card details, card verification method values, and use keys. Security mechanisms, such as white box cryptography, reduce the likelihood of cloning and decompiling payment applications. Provisioning of secure data to the SE or delivery of a payment token is a point of vulnerability in mobile payment applications.

Mobile operators to communicate with the credit card ( SE ) on the credit card and mobile transaction by means of the communication environment and advanced technology of the carrier. ( E-coupon ), SMS coupon service, and so on, so as to enable you to experience the test plan, such as inductive action payment, download the smart poster (E-coupon ), SMS e-coupon service, etc. , for specific users in the agreed special store. Users in the life of the application clearly felt more convenience and entertainment.

Accessing financial services through mobile, internet or any open interface banking involves submitting personal information through a plain/web/encrypted text messaging platform. Hackers can try to access those messages through the un-secure communication channel. Also, risks involve the bank and financial institution’s not put in enough encryption security of its technology hence would leave the customer’s personal information open for interception. Globally, the increase of mobile telecommunications technology has made mobile phones increasingly common and available for users even in the remotest part of the world.

New processes create new security vulnerabilities. Over-the-air provisioning of payment credentials and applications, for example, potentially creates new attack vectors for eavesdroppers to steal and misuse customer data.

 

Questions and Answers on Mobile Payments

Based on this successful experience, and then create a related financial business opportunities and business, and therefore the construction of a wide range of transparency of the payment environment, but also through the mobile phone screen and keyboard to provide the interface, to create a multi-functional market opportunities , consider the new credit card Business differences (Note 2) and risks , in order to protect the rights and interests of cardholders , improve the credit card business development , while the actual needs of the market and the industry practice, and refer to the relevant credit card organization norms, the development of the mobile credit card business security control.

Questions and Answers on Mobile Payments – Now let’s focus on some questions and answers around mobile payments. The biggest question comes into mind at any time for most at-least mine “Can I make my payment with the same method/instrument under mobile payments on all shops/stores I shop with”. The answer is very clear and very short; “NO”.  Probably the fragmentation in the industry is the quick answer.

There’s no single mobile wallet service that works at every store, some promote and wants to use NFC, some accept USSD or mobile app, some wants the only card (linked to the wallet). All channels depend on your handset and cost of it in case you carry 20$ handset then you can only use USSD function which is widely used (But complex and slow also).

A small survey (shared only one slide here) was done as below.

On a very interesting node if we notice we will find that most or almost 99% of payments innovation which is happening around the globe are actually led/advocated/invented by those outsides of the traditional payments industry.

The world is now moving from plastic to mobile phone for payments that also means all the work done in last 20-30 years is now getting scrapped and we are back to basics and shifting our mindset from one side of the coin to another side. To achieve a faster and quick win here we should adopt the philosophy of  Harvey Mackay where he said “To me, job titles don’t matter. Everyone is in sales. It’s the only way we stay in business”. I personally like this statement as this is the only way where we can zero in the difference between being data-informed and data-driven.

 

Points to Note:

All credits if any remains on the original contributor only. We have covered all basics around mobile payments security and the importance of mobile payments data. In the next upcoming post will talk about implementation, usage and practice experience for markets.

 

Books + Other readings Referred

  • Research through open internet, news portals, white papers, notes made at knowledge sharing sessions and from live conferences & lectures.
  • Lab and hands-on experience of  @AILabPage (Self-taught learners group) members.

 

Feedback & Further Question

Do you have any questions about AI, Machine Learning, Data billing/charging, Data Science or Big Data Analytics? Leave a question in a comment section or ask via email. Will try best to answer it.

 

Can we trust the Security of Mobile PaymentsConclusion: There is clearly an opportunity for mobile payments. Consumers want to pay quickly, easily and at low costs. An interesting finding is the need to add context to payments, e.g. subject or photo. Privacy and security are flagged as important by the majority of respondents. However, this was expected. With the knowledge of knowledge, we see more lean product focused towards a specific group of customers. The idea and concept are not new, however, it is very promising when targeting the right niche and addressing the right issues customers are facing. Now another type of AI which is going around like fire in a jungle; where it’s been said AI will stop all frauds and kill all issues around it. AI will bring behavioural biometrics to stop the gap and remove the vulnerability of payment systems, especially online payments.

====================== About the Author ================================

Read about Author at:About Me

Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement.  Remark for more details about posts, subjects and relevance please read the disclaimer.

FacebookPageTwitter       ContactMe            LinkedinPage   ==========================================================================

Facebook Comments
Advertisements

6 replies »

  1. How do you ensure … system is not attacked by guardians…..Please hepl

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: