Mobile payment data breaches to grow in the next 12 months: report
A survey of cybersecurity experts reveals that 87 percent expect mobile payments data breaches will grow over the next 12 months, while 26 percent point to the use of public Wi-Fi as the top vulnerability.
The report, The 2015 Mobile Payment Security Study, comes from global cybersecurity association ISACA and suggests that consumers who use mobile payments are unlikely to be undeterred by security concerns, boding well for the adoption of Apple Pay and other services. The cybersecurity experts also weighed in on the most effective way to make mobile payments more secure, with 66 percent pointing to the use of two ways to authenticate an identity.
“Mobile payment adoption isn’t slowing down and consumers aren’t put off by security fears,” said Eddie Schwartz, international vice president of ISACA. “Ultimately as it seems with most emerging technologies consumers will select ease of use and convenience over security and privacy.
“At 89 percent, cash was deemed the most secure payment method, but only 9 percent prefer to use it,” he said. “If you think about it, it actually costs us money to draw cash out of an ATM now, compared to the ease of mobile payment apps that generally have no fees and provide detailed accountability.
Shmishing a threat
The findings include that only 23 percent of cybersecurity experts believe that mobile payments are secure in keeping personal information safe while 47 percent say mobile payments are not secure and 30 percent are unsure. Additionally, 89 percent said cash is the most secure payment method but only 9 percent prefer to use it.
A key takeaway is that security issues may not slow down adoption, with 43 percent of the same cybersecurity experts who expect mobile payments data breaches to grow also users of this payment method.
Twenty six percent of the survey’s respondents pointed to the use of public Wi-Fi as a major vulnerability associated with mobile payments, 21 percent named lost or stolen devices and 18 percent pointed to phishing or shmishing, which is phishing attacks via text messages.
Additionally, 13 percent named weak passwords as a major vulnerability and 7 percent use errors while only 0.3 percent said they are no security vulnerabilities with mobile payments.
Enhanced authentication
The cybersecurity experts also weighed in on the most effective way to make mobile payments more secure, with 66 percent pointing to the use of two ways to authenticate an identity and 18 percent a short-term authentication code.
Only 9 percent suggesting installing phone-security apps – which puts the onus on the consumer – as the best way to improve security.
ISACA also notes that there is no generally accepted understanding of which entity is responsible for keeping mobile payments secure – the consumer, the payment provider or the retailer.
“Merchants need to be ensure they follow procedures and guidelines received from their service providers regarding appropriate security features for mobile payments,” Mr. Schwartz said.
Final Take
Chantal Tode is senior editor on Mobile Commerce Daily, New York