Mobile payments – The future and your security
Chip and PIN machines are losing their grip in the payments industry, thanks to mobile payments gaining momentum and promising to make daily transactions much quicker and more convenient. But even the smoothest payment method will be shunned if people have little confidence in its security. So when it comes to your card details, what level of safety can you expect in the near future?
Eight UK financial institutions (who collectively provide 90% of UK current accounts) have recently committed to offer mobile payment solutions, starting next year. As these institutions are driving the future of the payments industry and are thus shaping how consumers pay for goods and services, they will also bear significant responsibility for the industry’s security. Clearly then, the protection of consumers engaging in mobile payments will be one of their highest priorities.
While this is a large-scale vision for the longer term, it carries the obvious implication that programs backed by major financial institutions possess in-built security guarantees, which ensure that neither businesses nor their customers will be left out of pocket should they fall victim to financial fraud.
But before this type of damage is done, someone has to break into the system to access your details. Ever heard of a fraudster outsmarting a chip and PIN machine? Neither have I. That’s because your card details are encrypted by the machine and then decoded by your bank, which authorizes the transaction if you’ve entered your PIN correctly.
Similarly, with mobile payments, your phone encrypts your card details and your bank decrypts them upon receipt. And this is even safer than using a card reader, for three reasons…
First, your card can remain snugly in your wallet or purse. You don’t hand it to anyone, you don’t risk it being snatched from a card reader and you don’t risk it being photographed by a waiter running his own little fraud scheme, and then returned to you with a duplicitous smile (no doubt expecting a tip as well).
Third, although not necessarily prompted for your PIN you will still be asked for some details in order to authorize payments. For example, judo (www.judopay.com) requires your CV2 code each time you make a payment. So a service such as judo can only be “broken” if someone steals your bank card and your phone. Even then, they can only buy from judo “merchants” – they can’t withdraw from an ATM because they won’t have seen you enter your PIN, and mobile payments don’t offer that service. And by the time the thief has figured all this out, you will have found a way to contact your bank and cancel your card.
But what if the whole system is hacked? Given the level of discussion on the possibility, this is not just idle paranoia – see Pat Carroll’s article on Mobile Payments Outlook 2013 (www.cbronline.com).
However, in light of that article it also seems that the risk of deep hacking will be heavily minimized, if not eradicated.
But even in the highly unlikely event of such a serious breach of security, the fact that mobile payment schemes are linked with financial institutions (such as VISA and MasterCard, in judo’s case) means that, firstly, a hacker has to get through the security systems of both the mobile payment provider and of the larger financial institutions; and secondly if such a breach occurs then the institutions are responsible for rectifying the situation.
So what’s the main security threat for you, as a cardholder? Well, to put it bluntly, it’s YOU! If you’re careless with your card then encryption is redundant: it’s like encoding secret messages intended for your agents in a war zone, then using the enemy’s own postal service to send them!
Mobile payments have a bright future: they will almost certainly usurp the traditional chip and PIN payment system in the coming years, just as chip and PIN have done to cheques. And while there will always be some degree of risk involved with card payments, the industry is highly aware of this and technological innovations will simply not make it to market without state of the art security systems.
Quite simply, don’t let yourself become fodder for fraudsters. There is protection, but you are the ultimate guardian of your own security.
About Judopay · Judopay simplifies in-app payments, enable frictionless checkouts and intelligently prevents fraud for leading companies globally. Our payments and mobile experts help guide businesses and their development partners to create best in class apps to make paying faster, easier and more secure. Founded by serial financial technology entrepreneurs in 2012, Judopay is backed by leading venture investors and supported by banking and card scheme partners to offer in-app payments that are simple, frictionless and protected.