(PRWEB) March 31, 2014
Nexusguard Consulting’s COO Anthony Liberty was invited to speak at CARTES Asia, presenting to the audience opportunities in mobile payments and the associated risks and threats. His presentation covered customer expectation, potential markets, roadblocks to mass adoption, risks and security standards. A separate workshop session covered the topic in more detail, addressing the various risks introduced by emerging payment systems while offering a strategic and pragmatic approach to building and improving an effective information security program. Security breaches have a strong negative impact on businesses--security must not be a means to an end to achieve regulatory compliance, but an investment to ensure business continuity.
Many payment options have been developed over the years to make payments more reliable and convenient. Today, the most common ones are: cash transactions, credit card transactions, card-not-present (CNP) transactions used in online shopping, banking instruments like cheques, peer-to-peer transactions via online banking, and bill payments through bank accounts. As technology has progressed, a number advances have enabled the possibility of payments via mobile phones and tablets, such as mobile banking, mobile commerce, mobile payments and mobile wallets.
It makes sense--most consumers in the developed world already have a smartphone that is always on and always connected. As smartphones have become the center of digital activities, more and more features are enabled by apps, such as banking, train schedules, e-tickets and more. Allowing consumers to pay for the purchase of products and services is a logical next step in an effort to reduce the number of items a consumer generally needs to carry.
Mobile payments are still in its early days. According to the Mastercard Mobile Payments Readiness Index, even in countries where it is adopted the most, the score for overall readiness for mobile payments still does not surpass 50 (a perfect score of 100 represents complete replacement of plastic payment cards); the global average is 33.2. However, as mobile payment becomes more prevalent, as it inevitably will, a whole slew of new vulnerabilities will be introduced into the payment processing chain. Furthermore, current mobile devices are “consumer grade,” making them susceptible to malware and unencrypted card holder data can be compromised; the risk is even higher for jailbroken or rooted smartphones and tablets.
Mobility also introduce additional vectors to conventional fraud, such as RFID jamming, nishing, exploitation of data validation and malware. In addition, many current practices are ripe for exploitation. For example, mobile banking supports easy account creation; dormant accounts can be used for money laundering. There are also privacy concerns--with mobile payments, customers are always tracked, enabling behavior profiles to be establish: amount, timing , source and destination locations of transaction; the flip side is that the profiling also has the potential to reduce the chance of fraudulent purchases.
Key players in this new world of mobile money are merchants, banks and telcos. Merchants can use mobile payments to drive a more customer-centric view, since control points shift to the end-user with the mobile device. This also gives rise to one-to-one marketing practices and the ability to leverage “intelligent data.”
Banks can use mobile payments to protect and grow revenue by maintaining brand relevance and leveraging emerging business models. It provides a safe way for businesses to conduct transactions, secure assets, reduce fraud and ensure regulatory compliance. Banks can even offer secure digital vault services to aggregate coupons, transport, loyalty reward points and traditional currencies.
Telcos can use mobile payments to increase customer retention and generate new revenue through value-added services.
Liberty talked in detail about the application flow for various types of payment alternatives, such as online purchase via mobile devices, mobile banking, purchase at retailers via NFC, purchase at retailers via barcode, the purchase of soft or digital goods, and Telco-mediated payments. He broke down the different components and the relationship between them, as well as highlight unique characteristics for each of the payment alternatives.
Liberty’s talk described a world where mobile payments are inevitable, but security concerns are often overlooked. Correct approaches to data security concerns will help wave the risk.
General principles:
- Systems to ensure that no card transactions is effected in a customer account without his or her knowledge and authorization
- Alerts to Customer for all card transactions made by his or her account, regardless of the size of transaction
- Protection of customer funds to ensure customer trust in the payment system
Security measures for CNP transactions:
- 2FA for all CNP transactions based on information not available on the card
- 2FA extended to IVR and MOTO transactions
Security measures for card-present transactions:
- Security of CNP transactions looked into the representative check, and 2FA if available.
Liberty also talked about how to secure technology infrastructure through following industry-agreed best practices, improve fraud risk management, and spread customer awareness and education. He emphasized the importance of collaboration between governments, security experts and industry bodies. Concluding with notes on PCI DSS 3.0, the latest revision of the industry-wide standard for payment processing, Liberty covered updates that make mobile payments more secure.
###
About Nexusguard Consulting
Nexusguard Consulting is an Asian based Information Security Specialist Company, delivering services that secure critical data, protect identities and help customers demonstrate ongoing compliance. Nexusguard Consulting is 100 percent product and vendor neutral. Our Team expertise ranging from 15 years experience with a deep industry intelligence to offer individual pragmatic solutions to our customer to align information security risk to organizational risk.
Our Services included:
· Information Security Assessment Services
· Regulatory and Compliance Consulting Services
· Computer Forensics Litigation Support Services
· The Payment Card Industry Data Security Standard Audits
Nexusguard Consulting is a sister company of Nexusguard Limited a separate in legal entity who focused on an Industry-leading Internet Security Service Providers providing DDOS Mitigation Services. Head Quarter in Hong Kong with several branches across Asia Pacific.
For more information, please visit http://www.nexusguard.com/security_consulting_services.htm
###
Press Contacts:
Benjamin Yip - Marketing Manager
+852-3526-0626
Ivy Wu - Marketing & PR Executive
+886-2-2659-8958
media(at)nexusguard(dot)com
