Mobile is more secure
[Dave Birch] The mobile wallet is much in the news at the moment and, since I've been to three different meetings about mobile wallets in the last three days, much in my mind as well. I don't think it's an exaggeration to say that the mobile wallet is inevitable, and I also think it's fair to say that the mobile wallet appears to meet the needs of stakeholders (including consumers and retailers) in a way that "simple" mobile payments do not. One particular area where this is true is security, even if some of the stakeholders don't realise it.
Security tops the list of consumer concerns about mobile payments. Half of all American consumers say potential security and fraud significantly influence their likelihood to use smartphone technology to make purchases in the future.
[From Study: Consumers Unlikely to Abandon Wallets in Favor of Paying With Smartphones -- NEW YORK, Feb. 29, 2012 /PRNewswire/ --]
So when you talk about moving to a mobile wallet, some people will say "sounds great, but what if I lose my phone or it is stolen?" without really thinking through the security risk analysis. If they did, they would see that things in a mobile wallet are far more secure than things in a leather wallet.
Your credit card is a data string, not a physical piece of plastic: why not enclose that data—and the privileges and responsibilities it unlocks—in a remotely accessible mobile container with an extensive system of checks and balances that has a much healthier respect for that data?
[From How A Stolen Wallet Made Me A Mobile-Payments Enthusiast | paidContent]
There are three main factors here. First of all, you are much more likely to notice if your phone is missing than if your wallet is missing anyway. Secondly, since the wallet is smart, it can be rendered useless to criminals (it can require a PIN, or passphrase, or it can be set to only work in certain locations or whatever). And finally, it can be built online, so when you walk out of the shop with your new phone, your wallet will automagically reappear, which doesn't happen with your leather wallet. As Cindy Merrit from the Atlanta Fed says succinctly
the mobile phone will be a much more secure payment device than the plastic cards we use today[From Portals and Rails]
I agree. As we have long maintained, mobile payments are more secure than card payments. I further claim that the security of your virtual credit card inside your mobile phone is not only greater, but much greater than the security of your actual credit card in your back pocket. This is why I predict that the interchange rate for "phone present" transactions will, in the long term, be lower than the interchange rate for card present transactions.
In fact the bottom line is that the fraud figures have been improving, and I expect them to improve further still over the next couple of years as we begin the integration of cards and mobiles.
[From Digital Money: The fraud trajectory]
So nothing to worry about? Not quite. Security is still a problem. Just because there is a potentially secure platform available to implement a service doesn't mean that the service will be implemented in a secure way, if you see what I mean, and it would be jolly useful if, once a secure way to implement something is found, the security went across services. (So, for example, that a common identification and authentication scheme might be implemented and used across a variety of banking, telecommunications, retail and other services.)
Different security deployments for mobile wallets may postpone widespread adoption
While, as noted in our 2011 mobile industry position paper, firms engaged in rolling out new mobile payments services have agreed that successful near-term adoption will rely on common standards for security and interoperability, free market dynamics dictate that all players in this new mobile ecosystem will not necessarily work together, motivated instead by a responsibility to create shareholder value
[From Portals and Rails]
This is why if you are, say, Visa and O2, then there is a long and complex path to a wallet and handset and SIM and secure element combination that can deliver security appropriate to mass-market, population-scale payments. Other apps might be able to cut corners and accept higher levels of risk, but these guys can't. This necessarily implies that developing a mass-market mobile wallet such as the recently-announced O2 Wallet means paying proper attention to se curity and bringing world-leading expertise to bear on the process, products and services.
We recognise that security is absolutely key in order for our customers to trust and want to use the service, so O2 Wallet has been trialed internally for months and has undergone extensive ‘stress-testing’ with the help of security experts Consult Hyperion,” said James Le Brocq, Managing Director at O2 Money.
[From Media - Consult Hyperion]
There are so many interesting issues to talk about here, at the cusp of telecommunications, technology and finance that it's a great area to be working in.(I'll be posting about using the O2 Wallet next week.) One of the issues that comes up all the time is trust. Will customers trust a mobile operator to deliver financial services? Can trust built up in one sector be transferred to another? What is the balance between trust and convenience? These are very real, and very hotly debated, issues in our space at the moment.
What about the Google (GOOG) wallet? Would people trust that? Yes, again.[From Why Banks Will Continue To Lose Online Payment Market Share To Tech - Seeking Alpha]
Well, as they say, that was then and this is now. The much publicised security problem with the Google Wallet proves this point. It didn't represent any real threat, no consumers lost money (and nor were they realistically likely to) but the story was all over the media, because they love that kind of story, and the nuances were lost. All that people remember is that there was a security problem with the Google Wallet.
As Google Inc. learned in the past week, the security problems with digital wallets are thorny and complex… Any misstep, however temporary, could erode the delicate trust banks and technology companies are trying to build around mobile payments.
We use a risk analysis methodology -- known as Structured Risk Analysis (SRA) -- that we have specifically developed over the years to handle secure electronic transactions and to take account of the reality of an environment that involves not on technical and commercial risk but repetitional risk as well. We've used it on projects for customers ranging from central bank settlement system to manned space missions, so we think we know what we're talking about. And we used it for M-PESA, as mentioned the book "Money, Real Quick".
Consult Hyperion were at that time engaged by the Central Bank to carry out the very detailed operational risk audit which the Permanent Secretary in the Ministry of Finance, Joseph Kinuya, said had found the service “safe and reliable”.[From Book corner - “Money, Real Quick - The Story of M-PESA”]
A sound risk analysis means that a system can be "balanced" so that expenditure on countermeasures can be directed appropriately and it means that transactional systems can be engineered so that costs and benefits are clear and subject to informed management decisions. If you want to know how to do this, just give us a call.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The English language version of this work is licensed under Creative Commons Attribution-ShareAlike 3.0 Unported License. If you wish to acquire the rights to make a foreign language translation of the work, please contact Consult Hyperion.
Please note that by replying in this Forum your comments become the property of Consult Hyperion and you assign all rights in your comment to us. Your comments may be edited for length and used online and in print but will always be attributed.
Meet us at:
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010