ISACA released findings from its Mobile Payment Security study which surveyed 900 cybersecurity experts and found that mobile data breaches will increase in the coming years, with 47% of respondents stating that mobile payments are not secure.
Ben West Senior Product Manager – Mobile, Global eCom at Worldpay believes that while concern around mobile fraud is indeed valid, the scales haven’t tipped quite as dramatically as many think.
[su_note note_color=”#ffffcc” text_color=”#00000″]Ben West, Senior Product Manager – Mobile, Global eCom at Worldpay :
“While concerns around mobile payments are not without foundation the current state of affairs represents less of a security Armageddon and more a general shift in how people pay for things. As with any change of this nature, the bad guys that were hacking into what were previously our favourite devices (our PCs) have just turned their attention to our new favourite, our smartphones.
The issue is that many companies still aren’t monitoring fraud by channel, which means they can’t see where a threat is coming from or adapt their defences to address it. Recent research from the Merchant Risk Council reveals that less than half of merchants today track fraud specifically via mobiles despite their growing importance, and less than a third track via mobile-optimised web.
For those that do manage fraud by channel, new technologies and methods of payment are making mobile transactions much more secure. For example, device fingerprinting technology allows merchants to identify which unique device has been used for a specific transaction and check its transaction history. If they find the device has indeed been used for fraudulent activity, they can then blacklist it instantly. Another example is ‘tokenisation’ which can help to reduce the impact of a data breach. In the event of a data breach, what is gathered is essentially only a ‘token’, a separate unique identifier which is subsequently rendered useless, rather than the whole card number. Worldpay recommends that merchants adhere to PCI DSS standards and take security as seriously on their mobile channel as they do on their website.”[/su_note][su_box title=”About Worldpay” style=”noise” box_color=”#336588″]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.