IT group notes mobile security advantages over traditional payment methods

ROLLING MEADOWS - Advancements in mobile payment security technology are curbing risks and improving consumer trust beyond levels traditionally associated with plastic payment cards, according to new research from global IT association ISACA.

A complimentary guide released today, "Is Mobile the Winner in Payment Security?," outlines several advantages of mobile payments relative to physical and e-commerce transactions. Tokenization, device-specific cryptograms and two-factor authentication are described as key improvements positioning mobile payments appeal to both consumers and vendors.

"Mobile payments, with embedded, improved and transparent security controls, are a great example of how security can act as a business enabler, contributing to the creation of end-user trust," said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, who is ISACA Board chair and group director of information security for INTRALOT.

If a mobile device containing a mobile wallet is lost, the mobile device can be remotely erased. And since the consumer's payment card information is not on the mobile device, the payment cards do not need to be replaced.

Like consumers, merchants stand to benefit from mobile payments in many instances.

"A key benefit for merchants is that enhanced security should lower fraud and thereby lower costs," according to the guide. The report also notes that integrating mobile payments into a merchant's business creates opportunities for more robust customer loyalty programs and allows for purchases in circumstances when customers do not have access to their physical payment card.

The security advantages of mobile payments may surprise the public as well as security experts who perceive mobile payments as risky. ISACA's 2015 Mobile Payment Security Study shows that only 23 percent of IT and cybersecurity professionals said they believe mobile payments keep personal information safe. Still, the global number of mobile payment users is expected to reach 1.09 billion by 2019, according to Ovum, up from 44.55 million in 2014.

While modern mobile payment methods offer many benefits, the guide also notes some potential vulnerabilities, including during the one-time enrollment when users register a payment card in the mobile wallet application. Mobile wallet providers use methods such as sending payment card data and a device's geographical coordinates to issuing banks, and any discrepancies can result in a call seeking additional verification.

The guide encourages vendors that adopt mobile payment options to regularly re-evaluate risk control measures to ensure any new scenarios that could emerge are sufficiently addressed.