Understanding Mobile Payment Risks

Understanding Mobile Payment Risks

As a relatively new financial service, mobile payments have the potential to significantly change how consumers buy and sell goods using their phones, tablets and other devices. While mobile payments will undoubtedly become more popular, such payments are not without risks. Read on to learn about mobile payment risks and what you can do to minimize them.

What Are Mobile Payments?

Generally, mobile payments are defined as the use of a mobile device—usually a smartphone or tablet—to initiate a transfer of funds to people or businesses. Mobile payments can be made at the point of sale (POS) or to facilitate person-to-person payments. In either case, mobile payments are enabled by the increasing popularity of smartphones, the availability of POS terminals that are equipped to process transactions using near-field communications (NFC) and the growth of alternative cloud-based mobile payment solutions.

There are five main types of mobile payments:

1. Mobile wallet: Uses a phone’s NFC protocol that allows for the encrypted exchange of payment between two devices
Examples: Google Wallet, ISIS

2. Mobile phone as POS: Allows users to attach a card reader directly to their phones to process payments
Examples: Square, VeriFone

3. Other types of mobile payments: Any mobile payment that isn’t considered a mobile wallet or mobile phone as POS
Examples: PayPal (when bumping phones to send money to someone), Serve

4. Direct carrier billing: Payments billed directly to a mobile phone account; merchants paid directly by mobile carrier, bypassing traditional payment networks
Example: buying a ringtone or app if it is added directly to your phone bill

5. Closed-loop mobile payments: When companies create their own type of mobile payment system
Example: Starbucks

According to the 2014 LexisNexis® True Cost of FraudSM Mobile Study, merchants who have accepted mobile payment in their businesses are paying an average of $3.08 per dollar of fraud, an increase from $2.79 per dollar of fraud in 2013.

Why Would Businesses Use Them?

Mobile payments are advantageous because:

  • Consumers no longer need to carry around credit cards or cash, eliminating the possibility of loss or theft of those items.
  • Some mobile payment systems charge less for credit card fees than credit card companies do.
  • The payment is made by using a phone or tablet and stores no credit card data with the company, making it harder for criminals to steal.
  • They enable companies to implement loyalty programs more easily. Customers no longer need to manually keep track of purchases, reward points, etc.
  • It is easier to track customer behaviour because payment systems keep databases of what consumers bought and how they paid for it.
  • Checkout time is decreased.
  • They give consumers more ways to pay.
  • They allow smaller businesses to become more competitive with larger chains.

Mobile Payment Risks

While mobile payment systems have clear advantages for businesses, they also come with a fair amount of risk

Compliance

As is the case with any new product offering, businesses interested in using mobile payment systems should have a broad review and approval process to ensure compliance with internal policies and any applicable laws and regulations. Unlike most banking products that allow institutions to control much of the interaction, mobile payments require the coordinated and secure exchange of payment information among several unrelated entities. Making matters more challenging is that much of the innovation in the mobile payments marketplace is driven by entrepreneurial companies that may not be familiar with supervisory expectations that apply to banks and their service providers.

Fraud

Retailers lost an estimated $3.5 billion in 2012 due to online fraud, according to a study by CyberSource, a Visa subsidiary.

Businesses should be particularly conscious of the potential and perceived risk of fraud in mobile payments. Customers are more likely to adopt the use of mobile payments if they are confident that the provider has taken appropriate steps to make this service secure by protecting their funds and confidential account information. Encrypting sensitive information stored on the mobile device and providing the ability to disable or wipe the device clean if it is lost or stolen are examples of effective controls that should be carefully considered as part of any mobile payment service.

According to the LexisNexis study, small businesses lose more revenue to mobile payment fraud than larger businesses do because they are less likely to protect themselves from fraud. Mobile malware is a constant danger to these businesses, as they may not employ a full IT staff to handle various cyber threats.

The LexisNexis study also found that 58 per cent of the fraudulent transactions against the surveyed companies involved a credit card, while just 23 per cent involved a debit card.

Identity theft is the most popular type of fraud associated with mobile payments. Criminals can effortlessly make purchases and get access to personal information on a lost or stolen smartphone, many times without the consumer’s knowledge. The whole point of mobile payment systems is to make it easier for consumers to buy things, but that also means criminals have the same ease of use.

Growing Popularity

The more popular mobile payments become, the more they will be targeted by hackers and thieves. And since the regulatory landscape is lagging behind with these types of payment methods, they are not as safe now as they will be in the future.

While the majority of Canadians own a smartphone, they may not understand the privacy implications of storing all their personal data on it. As more consumers use mobile payment systems, there will likely be an increase in consumer and business vigilance.

Recommendations for Minimizing Risks

There are various measures you can take to shore up the security of your mobile payment system:

  • Authenticate the identity of the consumer and his or her device when accepting card-not-present payments.
    Mobile apps are generally better at protecting customers’ personal data than mobile browsers.
    Two-factor authentication is the best way to prevent fraud.
  • Track fraudulent activity by payment type.
    According to the LexisNexis study, only 48 per cent of merchants tracked fraudulent activity by payment type (online, mobile, in-person, etc.). It is easier to identify trends and prevent fraud by using this method.
    Mobile payment systems allow businesses to do this more efficiently than ever.
  • Report suspicious activity immediately to consumers and to your mobile payment company.
  • Make sure your payment systems are up to date at all times.
    Patching eliminates certain vulnerabilities. Also, make sure your business’ computers are patched regularly.
  • Have any visitors or vendors sign in, and keep an eye on them while they are at your place of business.
    The Target data breach that occurred during the busy 2013 holiday shopping season is believed to have been perpetuated by an HVAC vendor that was doing work for one of Target’s stores.

Mobile payments are becoming an increasingly important part of the payment landscape. Expect to see new types of payment options in the future, along with added security benefits and increased consumer confidence in the platform. Contact CMB Insurance Brokers today to discuss how mobile payment systems can help your business thrive.

How much does cyber insurance cost? Read more in our cyber insurance information page.

Did you know that 60% of small and medium businesses don’t survive after a cyber attack. Protect your business with Cyber Insurance, call us at 780.424.2727 or click here to get a quote.