Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rapid adoption of mobile payments will accelerate cybersecurity threats

Edwin Seo, Principal Architect, APAC at Palo Alto Networks | Feb. 19, 2016
Securing the cloud to protect mobile payment information should, if not already, be a top consideration for all organisations in 2016, says Edwin Seo of Palo Alto Networks.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Mobile payments are quickly changing the way the world pays for products and services. We've been talking about this for years, but the train is now leaving the station. And you'd better be on it.

While increasingly common in Europe, mobile payments are only accounting for a small, but fast-growing segment of payments in the U.S. According to a study published by the Federal Reserve in August 2015, only 10 percent of financial institutions in the U.S. currently utilize mobile payments, with the majority of all U.S. payment transactions in 2015, still being made with by check, credit card, and cash.

This does however seem to be poised for growth, with brands like Starbucks, PayPal, Amazon, Google, Apple, and even a Singapore-branded DBS PayLah! service - to name a few - supporting digital payments; indicating a sea of change towards mobile payments because of speed and convenience. The same study by the Federal Reserve shows that more than 50 percent of all financial institutions are likewise planning to offer mobile payments in the 2016 to 2017 time frame.

Interestingly, it is in Asia Pacific where mobile payments are currently seeing the most traction, which as IDC points out is likely to see the region taking the lead in mobile payment developments worldwide, driven by a high number of initiatives and diverse mCommerce maturity levels.

As with all fast-growing industries, fragmentation is common in today's digital payment industry. Multiple vendors and technologies are competing for attention and offering different ideas for where the consumer's electronic data should reside: on a card, on a phone, or in the cloud. This opens the door for new industries to emerge, such as Trusted Service Managers (TSMs) that provide over-the-air provisioning capabilities to mobile devices. With this comes the use of cloud applications for mobile provisioning.

New processes create new security vulnerabilities, and according to the Federal Reserve study, approximately 75 percent of all financial institutions expressed security concerns over the implementation of mobile payments. Over-the-air provisioning of payment credentials and applications, for example, creates new attack vectors for cybercriminals to steal consumer data - not only payment information but also information about the purchased merchandise itself from the cloud or individual devices. As a result, any company offering or accepting mobile payments needs a very clear understanding of exactly where and how sensitive account data is stored and transmitted, to proactively secure consumer information.

As with many technology evolutions, it is not a question of if, but when a financial institution will get on board with mobile payments. 2016 will be a year of major shift in the industry. Securing the cloud to protect mobile payment information should, if not already, be a top consideration for all organisations in 2016.

 

Sign up for CIO Asia eNewsletters.