Mobile payments: Innovative, but with security concerns
While the rise of emerging payments technologies brings convenience to U.S. consumers, executives within companies that enable and accept these innovative payments worry that such products also introduce new security concerns into the ecosystem.
And different forms of mobile payments are near top of the list.
According to a recent survey by Experian, sponsored by the Ponemon Institute, IT and risk-management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S.
Experian and Ponemon surveyed 23,117 IT and IT security, risk management, product development and other professionals involved in the payments systems within their organizations, with findings based on 748 completed questionnaires.
The survey results were part of a report called "Data Security in the Evolving Payments Ecosystem."
The respondents believe the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent) mobile payments on devices and apps (57 percent) and NFC (54 percent).
"There are opposing spheres in this argument [of innovation and security]," Michael Bruemmer, vice president of Experian Data Breach Resolution, told Mobile Payments Today in an interview. "There are the people [in each organization] that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, 'Wait, new tech is great, but it's only as great as the security you build in."
Experian's findings related to mobile payments security concerns were part of larger questions about data security in the evolving payments ecosystem.
Concerns about EMV
Some 59 percent of respondents believe that chip cards are an important part of their payments strategy, but only 53 percent of respondents believe that EMV will decrease or significantly decrease the risk of a breach.
Bruemmer believes three factors besides the emergence of mobile payments contributed to how executives responded to this particular question.
The payments industry is well aware that EMV is not a silver bullet to stop all fraud, and many IT and risk management executives in the U.S. know that online fraud will increase as banks issue more chip cards. Banks and retailers have already experienced this in the European Union, where EMV is much more prevalent.
Bruemmer also believes fraudsters began to figure out where else in the payments ecosystem they might go to commit crimes when the card brands announced the EMV shift in 2012.
Bruemmer's third reason is based on prior technology shifts, such as when medical records went digital after being paper-based for decades.
"When you're in transition from an old to a new technology, there are always times when there is more data moving out and there are also weaknesses going from one system to another and it creates an opportunity," he said.
One of the positive things to come out of the recent major data breaches is that they put executives on notice to make sure their systems were up to par, and perhaps to solidify them more in the process.
Some 69 percent of respondents said recent data breaches caused organizations to reevaluate and reprioritize security. But preparedness is still lacking in certain areas, and Bruemmer said one of these is collaboration among different organizations.
Eighty percent of respondents believe the root cause of data breaches is employee training, which is a particular worry considering that just 39 percent of respondents plan to invest in employee training.
"Addressing security concerns around current and emerging payments systems isn't the job of a single company or stakeholder," according to the report. "There is broad consensus around the need for increased collaboration to solve the security issues facing the industry with 85 percent of respondents believing greater collaboration is important to ensure the security of current and future payments infrastructure."
Will Hernandez Will Hernandez has 14 years of experience ranging from newspapers to wire services and trade publications. Before becoming Editor of MobilePaymentsToday.com, he spent two years as the content manager for PaymentsJournal.com, a leading payments industry news aggregator and information hub published by Mercator Advisory Group. Will spent four years covering the payments industry as an associate editor for multiple publications in SourceMedia's Payments Group based in Chicago.