This is the 4th part of a 5-part story on Mobile Financial Services and security therein. This part focuses on Mobile Financial Services Security and questions around mobile payments, which comes out of this service and got added under the Mobile Financial Services umbrella as an independent question paper or exam papers for many service providers. We will not discuss behavioral biometrics in this post as this is a very new concepts and still has long way to go to establish it self.
Ministry of innovation can add lots of excitement and increase fire about security of transactions. Subscriber normally don’t ask too much in low value transaction but as it happens on daily basis subscriber do get nervous and freak out more when they add their card or bank details on same. Please note this article is on very very high level on the information on security and no means of teaching or guiding anything.
However, just because a big and renowned service provider (though almost all of them are coming out of this space with zero or no experience in payments) offers mobile payments does not mean; users should use the services with/without need or reasons. In some markets merchants payments are welcomed and well accepted by subscribers but P2P payments are not and in some markets its just the other way around.
Main objective of this post is to just add some small spark on the need of security and we will try to answer few questions around mobile payments. Anyone looking for guide to implement or learn please refer certified martial and I advise you not to use this materiel but yes can you use this post as sparking materiel. Source of the information is internet search and collated via many website links and effort was to put together relevant, easy, simple and quick information on very very high level.
As said in some conference I attended last month “Inability to adapt to mobile payments can put your company at a competitive disadvantage”. This is seriously true in todays time. Behavioural biometrics going to more robust, secured and authentic compared to our todays time static biometric which are difficult to break but not impossible. Artificial Intelligence will boost info security through behavioural biometric intelligence in coming time. Mobile payments security will play the key role in the importance of info-security and privacy in payments. This industry is changing every day i.e it dynamic so why to relay on static method of security.
We are living in the era of world wide data wrestling scenarios, where every one is collecting data. Data value could be more then fuel in near future but failure to understand exactly where and how sensitive data is stored and transmitted can prevent organizations from clearly defining and implementing data protection solutions. This can create fraud spikes in rising transaction volumes can lead to performance bottlenecks as inefficient processing limits capacity and degrades the customer experience. How About velocity detection and velocity pattern analysis.
When e-commerce fraud spikes, it can be tempting for merchants to pile on more controls and risk turning away otherwise legitimate transactions that appear to be fraudulent. The alternative is often to shut off these controls altogether and leave themselves vulnerable to criminals. Neither extreme is ideal, and acquirers say merchants need to start taking a more systematic approach when setting fraud controls to avoid this dilemma. “Though extremely effective when methodically applied, fraud control parameters can be absolute and unforgiving when set inappropriately and can unintentionally defeat legitimate transactions
At a first read over, velocity detection might seem like some complicated instrument mechanics would use at a theme park on a broken roller coaster. But in reality velocity detection is defined as checking the historical shopping patterns of an individual and matching that record against their current purchases to detect if the number of orders by the cardholder match up or if there appears to be an irregularity. Artificial neural networks will be helping in this particular space in near future to make it much more strong.
A successful attack on the software-based mobile payment application could consist of decompiling the source code, where the attacker obtains access to all assets hidden in the application (such as tokens and cryptographic keys). The integrity of an application can also be compromised by data tampering and cloned applications intercepting sensitive data. Another point of vulnerability is a merchant’s mobile POS, as a fraudulent merchant could tamper with the mobile application controlling the mobile POS. With these methods, an attacker can obtain assets such as user and card details, card verification method values, and use keys. Security mechanisms, such as whitebox cryptography, reduce the likelihood of cloning and decompiling payment applications. Provisioning of secure data to the SE or delivery of a payment token is a point of vulnerability in mobile payment applications.
Mobile operators to communicate with the credit card ( SE ) on the credit card and mobile transaction by means of the communication environment and advanced technology of the carrier. ( E-coupon ), SMS coupon service, and so on , so as to enable you to experience the test plan, such as inductive action payment, download smart poster (E-coupon ), SMS e-coupon service, etc. , for specific users in the agreed special store. Users in the life of the application clearly felt more convenience and entertainment .
Accessing financial services through mobile, internet or any open interface banking involves submitting personal information through a plain/web/encrypted text messaging platform. Hackers can try to access those messages through un-secure communication channel. Also risks involve the bank and financial institution’s not put in enough encryption security of its technology hence would leave the customer’s personal information open for interception. Globally, the increase of mobile telecommunications technology has made mobile phones increasingly common and available for users even in the remotest part of the world.
New processes create new security vulnerabilities. Over-the-air provisioning of payment credentials and applications, for example, potentially creates new attack vectors for eavesdroppers to steal and misuse customer data.
Based on this successful experience, and then create a related financial business opportunities and business, and therefore the construction of a wide range of transparency of the payment environment, but also through the mobile phone screen and keyboard to provide the interface, to create a multi-functional market opportunities , consider the new credit card Business differences (Note 2) and risks , in order to protect the rights and interests of cardholders , improve the credit card business development , while the actual needs of the market and the industry practice , and refer to the relevant credit card organization norms , the development of the mobile credit card business security control.
Questions and Answers on Mobile Payments – Now lets focus on some questions and answers around mobile payments. The biggest question comes into mind at any time for most at-least mine “Can I make my payment with same method / instrument under mobile payments on all shops/stores I shop with”. Answer is very clear and very short ; “NO”. Probably the fragmentation in the industry is the quick answer.
There’s no single mobile wallet service that works at every store, some promote and wants to use NFC, some accept USSD or mobile app, some wants only card (linked to wallet). All channels depends on your handset and cost of it in case you cary 20$ handset then you can only use USSD function which is widely used (But complex and slow also).
A small survey (shared only one slide here) was done as below.
On a very interesting node if we notice we will find that most or almost 99% pf payments innovation which are happening around the globe are actually led/advocated/invented by those outside of traditional payments industry.
World is now moving from plastic to mobile phone for payments that also means all the work done in last 20-30 years is now getting scrapped and we are back to basics and shifting our mind set from one side of coin to another side. To achieve faster and quick win here we should adopt the philosophy of Harvey Mackay where he said “To me, job titles don’t matter. Everyone is in sales. It’s the only way we stay in business”. I personally like this statement as this is the only way where we can zero in the difference between being data-informed and data-driven.
Conclusion : There is clearly an opportunity for mobile payments. Consumers want to pay quickly, easily and at low costs. An interesting finding is the need to add context to payments, e.g. subject or photo. Privacy and security is flagged as important by the majority of respondents. However this was expected. With the knowledge of know we see more lean product focused towards a specific group of customers. The idea and concept is not new, however it is very promising when targeting the right niche and addressing the right issues customers are facing. Now another hype of AI which is going around like fire in a jungle; where its been said AI will stop all frauds and kill all issues around it. AI will bring behavioural bio metrics stop the gap and remove the vulnerability of payment systems specially online payments.
====================== About the Author ================================
Read about Author at : About Me
Thank you all, for spending your time reading this post. Please share your feedback / comments / critics / agreements or disagreement. Remark for more details about posts, subjects and relevance please read the disclaimer.
FacebookPage Twitter ContactMe LinkedinPage ==========================================================================
Very informative and useful information
This is a good post to understand this issue.
This information is extreamly useful
This has helped me to understand the basics
Security should come first in financial services domain
How do you ensure … system is not attacked by guardians…..Please hepl