Criminals also obtained the associated expiration dates, giving thieves the information they would need to make an online purchase on some e-commerce sites. E-retailers ...
Up-and-coming mobile technologies raise payment security concerns
Retailers should apply same protections to m-commerce as to e-commerce, experts say.
Managing Editor, Mobile Commerce
With any up-and-coming information technology, especially those that deal with money, one of the first concerns is security. So with an increasing number of consumers using mobile payments technology, there’s increased scrutiny of the precautions retailers are taking to guard those transactions.
While payments technology may offer a convenient new way to pay for goods and services, consumers could be at risk of losing money when mistakes are made by merchants and processors or as a result of fraud, says Consumers Union, the nonprofit publisher of Consumer Reports.
“As mobile payment systems come to the U.S., product providers and regulators need to make sure that they are at least as safe for consumers to use as traditional credit card and debit card payments,” says Michelle Jun, staff attorney at Consumers Union. “It is critical that mobile payment systems are covered by strong rules to protect consumers from losing money because of fraud, processor error or a dispute with a retailer.”
For retailers with mobile commerce sites or apps, not much has changed. Transactions take place over the Internet and involve a credit card, debit card or alternative payment tool such as PayPal. Transactions are treated the same as if they came from an e-commerce site, and the same card rules and guarantees apply.
If, for instance, a thief obtains a credit card number via a mobile transaction versus an e-commerce transaction and makes numerous charges, the consumer is still responsible for no more than $50 of the charges. Similarly, just as retailers encrypt financial transactions on e-commerce sites, they should do so on m-commerce sites and apps, say experts.
On that note, the one major difference between e-commerce and m-commerce is that some retailers have opted to have payment information stored within an app that resides on a smartphone, so if the phone is lost or stolen, the information may be at risk. Such information should be encrypted and password-protected, experts say, or even better, stored and accessed through an e-commerce account where all information resides on a merchant’s secure servers.
These transactions—payments for digital goods or physical merchandise using a card, alternative payment mechanism or a carrier’s bill via a mobile site or app—represent one of four major types of mobile payments. Organizations such as Consumers Union are placing more emphasis on mobile payments conducted using newer technologies that fall in the three other areas. These include: face-to-face acceptance of payments facilitated by mobile devices, such as smartphones equipped with magnetic stripe card readers; near-field communication (NFC) payment, where a card or device is embedded with a chip that wirelessly relays payment information, typically to a point-of-sale terminal; and person-to-person payment, a Western Union-style system for individuals to send funds to one another using mobile devices.
“There’s a lot of mobile payment activity in various stages of adoption,” says Todd Ablowitz, who has worked for mobile payment providers and today is president of Double Diamond Group, a payments consulting firm whose specialties include mobile payments and security. “The serious players, like Visa, MasterCard, the card network operators, as well as AT&T, Verizon and T-Mobile—these organizations have researched the technology with a very careful eye on security because they know securing a payment system is paramount to its success.”
Ablowitz says the biggest challenge for mobile payments is not reality—the technology exists to conduct secure transactions via mobile devices—but perception. Because mobile payments are new, and because of the highly personal nature of mobile devices, some consumers are wary.
“The best thing any company can do is to embed security into its marketing message by saying, ‘This is more secure than anything you’ve ever seen,’” Ablowitz says.
Consumers Union goes beyond the technology, though, in its call for mobile payments security and says the federal government and the card and technology companies must do more to protect consumers. Federal law protects consumers whose credit cards or debit cards are lost, stolen or misused. Current protections are spread across different agencies and don’t apply to all new types of payments, Consumers Union says.
“Consumers should not be expected to figure out what protections apply to each competing new payments venture,” says Jun. “Regardless of the technology or business organization involved, the same high level of consumer protections should be guaranteed by law and contract for any payment service. Now that mobile payment ventures are emerging in the U.S., it’s time to harmonize and extend consumer protections for all payment services.”