Payments Security -This is the fourth part of a 5-part story on mobile financial services and the security therein. This part focuses on Mobile Financial Services Security and questions around mobile payments, which come out of this service and got added under the Mobile Financial Services umbrella as an independent question paper or exam paper for many service providers. We will not discuss behavioral biometrics in this post as this is a very new concept that still has a long way to go to establish itself.
Introduction – Payments Security
The Ministry of Innovation can add lots of excitement and increase fire about the security of transactions. Subscribers normally don’t ask too much in low-value transactions, but as it happens on a daily basis, subscribers do get nervous and freak out more when they add their card or bank details to them.
Please note that this article is very high level information on security and has no means of teaching or guiding anything.
However, just because a big and renowned service provider (though almost all of them are coming out of this space with zero or no experience in payments) offers mobile payments does not mean users should use the services with or without need or reason. In some markets, merchant payments are welcomed and well accepted by subscribers, but P2P payments are not, and in some markets, it’s just the other way around.
The main objective of this post is to just add a small spark to the need for security, and we will try to answer a few questions around mobile payments. Anyone looking for a guide to implement or learn, please refer to Certified Martial Arts. I advise you not to use this material, but yes, you can use this post as sparking material. The source of the information was an internet search and was collated via many website links. The effort was to put together relevant, easy, simple, and quick information on a very high level.
As said at a conference I attended last month “inability to adapt to mobile payments can put your company at a competitive disadvantage”. This is seriously true today. Behavioural biometrics are going to be more robust, secured, and authentic compared to our current static biometrics, which are difficult to break but not impossible. Artificial intelligence will boost information security through behavioral biometric intelligence in the coming years. Mobile payment security will play a key role in the importance of information security and privacy in payments. This industry is changing every day, i.e., it is dynamic, so why rely on a static method of security?
We are living in the era of world-wide data wrestling scenarios, where everyone is collecting data. Data value could be more than fuel in the near future, but failure to understand exactly where and how sensitive data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions. This can create fraud spikes in rising transaction volumes, which can lead to performance bottlenecks as inefficient processing limits capacity and degrades the customer experience. How about velocity detection and velocity pattern analysis?
When e-commerce fraud spikes, it can be tempting for merchants to pile on more controls and risk turning away otherwise legitimate transactions that appear to be fraudulent. The alternative is often to shut off these controls altogether and leave themselves vulnerable to criminals. Neither extreme is ideal, and acquirers say merchants need to start taking a more systematic approach when setting fraud controls to avoid this dilemma. “Though extremely effective when methodically applied, fraud control parameters can be absolute and unforgiving when set inappropriately and can unintentionally defeat legitimate transactions.”
At first glance, velocity detection might seem like some complicated instrument mechanics would use at a theme park on a broken roller coaster. But in reality, velocity detection is defined as checking the historical shopping patterns of an individual and matching that record against their current purchases to detect if the number of orders by the cardholder matches up or if there appears to be an irregularity. Artificial neural networks will be helping in this particular space in the near future to make it much stronger.
To compromise the mobile payment application that operates on software, one could potentially decompile the source code, which would grant access to all the undisclosed resources embedded in the application, such as cryptographic keys and tokens. The security and authenticity of an application can be jeopardized when it is susceptible to interference by counterfeit applications and unauthorized changes to important data.
One area that poses a risk is the mobile POS system used by the merchant, since a deceitful merchant could manipulate the app that operates the mobile POS. By utilizing these techniques, a malicious individual can acquire various resources, for instance, customer and payment card particulars, the values of card verification methods, and usage keys.
Smart security measures like whitebox cryptography can help lower the probability of payment applications being cloned or decompiled. The process of providing protected information to the SE or transmitting a payment token is considered a weak spot in mobile payment apps.
Mobile carriers are able to establish communication and facilitate transactions between credit cards and mobile devices through the use of advanced technology and communication environments. Various services like E-coupons and SMS coupons are available to help you enjoy the testing plan which includes actions like payment induction, downloading smart posters, availing E-coupons through SMS, and other services for designated users at participating stores. The application significantly enhanced the convenience and amusement experience of its users.
To utilize financial services via mobile devices, the internet, or any accessible interface, divulging personal information using either a simple online or encrypted text messaging channel is required. Cybercriminals may attempt to gain entry to those messages via an insecure mode of communication. Insufficient implementation of encryption security in the technology of banks and financial institutions could result in the exposure of customers’ private data to interception. The rise of mobile telecommunications technology has caused a global surge in the availability and usage of mobile phones, with even the most isolated regions now able to access them.
Innovative methods generate fresh areas of vulnerability in terms of security. The process of enabling payment credentials and applications using wireless communication can potentially expose customers’ confidential information to eavesdroppers, thereby creating new opportunities for theft or misuse.
Drawing from the success of this venture, we can explore financial business opportunities and expand our services to create a more transparent payment environment. With interfaces accessible through mobile phone screens and keyboards, there is potential for a multifaceted market. While considering risks and differences in credit card business models, it is crucial to prioritize protecting cardholder rights and fostering credit card business growth. Crafting secure controls for mobile credit card operations should take into account both industry standards and market demands.
Questions and Answers on Mobile Payments
Now let’s focus on some questions and answers around mobile payments. The biggest question that comes into mind at any time for most, or at least mine, is “Can I make my payment with the same method or instrument under mobile payments on all shops or stores I shop with”. The answer is very clear and very short: “No.” Probably the fragmentation in the industry is the quick answer.
There’s no single mobile wallet service that works at every store; some promote and want to use NFC, some accept USSD or a mobile app, and some want only a card (linked to the wallet). All channels depend on your handset and the cost of it. If you have a $20 handset, you can only use the USSD function, which is widely used but complex and slow as well.
A small survey (shared only one slide here) was done as below.
On a very interesting node, if we notice, we will find that most, or almost 99%, of the payments innovations that are happening around the globe are actually led, advocated, or invented by those outside of the traditional payments industry.
The contemporary world is currently in the process of transitioning from plastic-based payment modes to mobile phone-based platforms. This paradigm shift indicates that the substantial efforts invested in the former approach over the past two to three decades are becoming obsolete, necessitating a return to rudimentary principles and a modification of our cognitive predispositions. In order to attain expeditious and immediate success in this endeavor, it would be advantageous to embrace the ideology expressed by Harvey Mackay, wherein he posited that job titles hold little significance.
It is a widely accepted notion that every individual, regardless of their profession or area of expertise, possesses a certain level of sales skills and could potentially engage in sales activities. The aforementioned approach is the sole means by which our enterprise can remain financially viable. In my opinion, this statement holds significance as it provides a means to distinguish between being informed by data and being driven by data.
Points to Note:
All credits, if any, remain with the original contributor only. We have covered all the basics around mobile payment security and the importance of mobile payment data. In the next upcoming post, we will talk about implementation, usage, and practice experience for markets.
Books + Other readings Referred
- Research through open internet, news portals, white papers, notes made at knowledge sharing sessions and from live conferences & lectures.
- Lab and hands-on experience of @AILabPage (Self-taught learners group) members.
Feedback & Further Question
Do you have any questions about AI, Machine Learning, Data billing/charging, Data Science or Big Data Analytics? Leave a question in a comment section or ask via email. Will try best to answer it.
Conclusion : There is clearly an opportunity for mobile payments. Consumers want to pay quickly, easily, and at a low cost. An interesting finding is the need to add context to payments, e.g., subject or photo. Privacy and security are flagged as important by the majority of respondents. However, this was expected. With this knowledge, we see more lean products focused on a specific group of customers. The idea and concept are not new; however, they are very promising when targeting the right niche and addressing the right issues customers are facing. Now another hype of AI is going around like fire in a jungle, where it has been said AI will stop all fraud and kill all issues around it. AI will bring behavioral biometrics to close the gap and remove the vulnerability of payment systems, especially online payments.
====================== About the Author ================================
Read about Author at : About Me
Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.