Why smartphones are not replacing traditional banking methods
Consumer adoption of phone payments has been inhibited by security concerns, and experts say these concerns are valid. Nic Nuske, Co-CEO of Vero Systems, asks the question – How do we go about making phone payments safe?
Despite the popularity and adoption of smartphones, consumers are not replacing traditional methods of bank payment cards, with annual volumes of smartcards and payment cards forecast to increase from 1.1 billion in 2011 to 3.5 billion in 2017.
A European Union Agency For Network and Information Security (ENISA) report in 2016 explains that using mobile payments and digital wallets is not without risks, stating that in the US “20 % affirmed their main security concern with regards to mobile payment is the possibility of someone intercepting their payment information or other data, while about 13 % feared their phones being hacked.”
Therefore, despite the push towards mobile payments, security concerns still remain of paramount importance and one could say that consumer discomfort with the current state of play has inhibited mass adoption.
The explosive proliferation of viruses and malware affecting mobile devices alongside the very real danger of lost or stolen devices has instilled a sense of uneasiness in the consumer mind about the implications of losing a large part of their digital lives. If we add loss of money to this and the risk of unauthorised payments should a mobile device be lost, stolen or infected with malware then suddenly our mobile devices may become guardians of our financial freedom, and the danger of losing our mobiles, or them being susceptible to hacking or other such malfeasance, skyrockets.
Contactless payments (using NFC) have been widely adopted in Australia and the UK (driven primarily by cards with chips) but not in the US or Germany. NFC payments using mobile phones had some early adoption but have not grown with much enthusiasm after that, primarily due to concerns about security. In a 2017 study by Gemalto, 57% of participants stated that they were not using their mobiles for payments when connected to Wifi for security reasons.
More evidence of this consumer behaviour is in a 2016 study, where Ben Bajarin (The Daily Techpinion) identified that whilst exponentially more smartphones with NFC capability are in the market, less than 50% of iPhone users had enabled the NFC for Apple Pay and less than 7% of Android owners used Android Pay.
Your Security Concerns About Using Mobile Payment Are Valid
There are many examples every week of security issues associated with smartphones. In an October 2016 article by John Rampton, entrepreneur and no. 3 on Top 50 Online Influencers, he states:
“Your cell phone can be your wallet, but most people are still too worried about hackers to switch from paying with cards and cash. Mobile and the latest payment technologies are broken when it comes to security and innovation.”
There’s evidence to support these concerns. ISACA is a not for profit that works toward the development, adoption and use of globally accepted knowledge and practices for information systems. Last year, ISACA conducted a global survey that included 900 member cybersecurity experts to examine the biggest security risks for its 2015 Mobile Payment Security Experts. ISACA found;
Furthermore a Bangalore University study “Security Issues in Mobile Payments” by Professor K. Adisesha found that a key challenge with gaining user adoption of mobile banking and payments is the customer’s lack of confidence in security of the services – “There are risks with those that have both an existing mitigation method, as well as those that do not have a clear risk mitigation solution. There are major security issues that must be taken into consideration when designing, implementing, and deploying secure m-payment systems.”
Compounding the challenge is the fact that traditional security controls such as AV, firewalls, and encryption have not reached the level of maturity needed in the mobile space.
NFC does not have native encryption capabilities and therefore is vulnerable to security exploits if not properly implemented. However, the disparity of security solutions used by different wireless, mobile and cellular networks makes end-to-end security solutions still a significant challenge that must be addressed to support future secure m-payment systems and applications.
One of the major reasons that transaction based services have not taken off on SMS is because of concerns about security. The initial idea for SMS usage was intended for the subscribers to send non-sensitive messages across the open GSM network. Mutual authentication, text encryption, end-to-end security, nonrepudiation were omitted during the design of GSM architecture. There are a number of security problems when using SMS, but mainly that end-to- end encryption is currently not available. The encryption algorithm used is A5, which has proven to be vulnerable, and therefore a more secure algorithm is needed.
Security Still the Largest Barrier for Non-Users
The sleeper story for consumers is security. While this happens to be one of the single most important reasons to adopt contactless payments, it is also the one least understood by consumers.
In all three markets, 40% of consumers listed security concerns of adding their credit/debit card to their smartphone as the main reason they have yet to try it, while 29% said not trusting the transaction was secure as their main reason.
Despite these concerns, there’s no slowing down the growth of mobile usage. It’s projected that by 2017 there will be 4.77 billion mobile phone users worldwide, so it’s imperative we resolve security concerns involving new payment technologies. Hackers are persistent and can adapt their techniques to breach payment technologies.
However Creative Strategies research found consumers who have used Apple Pay, Android Pay, and Samsung Pay had high satisfaction levels with the experience, with speed and convenience the biggest factors in their satisfaction, and a high propensity to use it more often in the future.
So, while further breaches of phone payments may leave consumers sceptical about adoption, companies like Vero Systems that are solving the existing security issues with products like the upcoming VeroCard may restore consumer confidence, increasing the adoption of phone payments by greater numbers of customers.
So, how do you risk assess phone payment security for your business?