As a relatively new financial service, mobile payments have the potential to significantly change how consumers buy and sell goods using their phones, tablets and other devices. While mobile payments will undoubtedly become more popular, such payments are not without risks. Read on to learn about mobile payment risks and what you can do to minimize them.
What Are Mobile Payments?
Generally, mobile payments are defined as the use of a mobile device—usually a smartphone or tablet—to initiate a transfer of funds to people or businesses. Mobile payments can be made at the point of sale (POS) or to facilitate person-to-person payments.
In either case, mobile payments are enabled by the increasing popularity of smartphones, the availability of POS terminals that are equipped to process transactions using near-field communications (NFC) and the growth of alternative cloud-based mobile payment solutions.
There are five main types of mobile payments:
Why Would Businesses Use Them?
- Mobile wallet: Uses a phone’s NFC protocol that allows for encrypted exchange of payment between two devices
- Examples: Google Wallet, Apple Pay
- Mobile phone as POS: Allows users to attach a card reader directly to their phones to process payments
- Examples: Square, VeriFone
- Other types of mobile payments: Any mobile payment that isn’t considered a mobile wallet or mobile phone as POS
- Examples: PayPal (when bumping phones to send money to someone), Serve
- Direct carrier billing: Payments billed directly to a mobile phone account; merchants paid directly by mobile carrier, bypassing traditional payment networks
- Example: buying a ringtone or app if it is added directly to your phone bill
- Closed loop mobile payments: When companies create their own type of mobile payment system
Mobile payments are advantageous because:
Mobile Payment Risks
- Consumers no longer need to carry around credit cards or cash, eliminating the possibility of loss or theft of those items.
- Some mobile payment systems charge less for credit card fees than credit card companies do.
- The payment is made using a phone or tablet and stores no credit card data with the company, making it harder for criminals to steal.
- They enable companies to implement loyalty programs more easily. Customers no longer need to manually keep track of purchases or reward points.
- It is easier to track customer behavior because payment systems keep databases of what consumers bought and how they paid for it.
- Checkout time is decreased.
- They give consumers more ways to pay.
- They allow smaller businesses to become more competitive with larger chains.
While mobile payment systems have clear advantages for businesses, they also come with a fair amount of risk.
As is the case with any new product offering, businesses interested in using mobile payment systems should have a broad review and approval process to ensure compliance with internal policies and applicable laws and regulations.
Unlike most banking products that allow institutions to control much of the interaction, mobile payments require the coordinated and secure exchange of payment information among several unrelated entities.
Making matters more challenging is that much of the innovation in the mobile payments marketplace is driven by entrepreneurial companies that may not be familiar with supervisory expectations that apply to banks and their service providers.
To date, no federal laws or regulations specifically govern mobile payments. However, the laws and regulations that apply to traditional payment methods also apply to mobile payment. For example, a mobile payment funded by the user’s credit card will be covered by the laws and regulations governing traditional credit card payments.
Mobile payment technologies that do not use the existing payment infrastructure would not be subject to laws and regulations that currently cover such payments. In addition, certain mobile payment providers may be subject to the jurisdiction of one or more federal or state regulators.
Businesses should be particularly conscious of the potential and perceived risk of fraud in mobile payments. Customers are more likely to adopt the use of mobile payments if they are confident that the provider has taken appropriate steps to make this service secure by protecting their funds and confidential account information.
Encrypting sensitive information stored on the mobile device and providing the ability to disable or wipe the device clean if it is lost or stolen are examples of effective controls that should be carefully considered as part of any mobile payment service.
According to a recent study conducted by LexisNexis, small businesses lose more revenue to mobile payment fraud than larger businesses do because they are less likely to protect themselves from fraud. Mobile malware is a constant danger to these businesses, as they may not employ a full IT staff to handle various cyber threats.
The LexisNexis study found that 39% of the fraudulent transactions against the surveyed parties involved a credit card, while just 12% involved a debit card.
Identity theft is the most popular type of fraud associated with mobile payments. Criminals can effortlessly make purchases and get access to personal information on a lost or stolen smartphone, many times without the consumer’s knowledge. The whole point of mobile payment systems is to make it easier for consumers to buy things, but that also means criminals have the same ease of use.
The more popular mobile payments become, the more they will be targeted by hackers and thieves. And since the regulatory landscape is lagging behind with these types of payment methods, they are not as safe now as they will be in the future.
While the majority of Americans own a smartphone, they may not understand the privacy implications of storing all their personal data on it. As more consumers use mobile payment systems, we should see an increase in consumer and business vigilance.
Recommendations for Minimizing Risks
There are various measures you can take to shore up the security of your mobile payment system:
How We Can Help
- Authenticate the identity of the consumer and his or her device when accepting card-not-present payments.
- Mobile apps are generally better at protecting customers’ personal data than mobile browsers.
- Two-factor authentication is the best way to prevent fraud.
- Track fraudulent activity by payment type.
- According to the LexisNexis study, only 48% of merchants tracked fraudulent activity by payment type (online, mobile, in-person, etc.). It is easier to identify trends and prevent fraud by using this method.
- Mobile payment systems allow businesses to do this more efficiently than ever.
- Report suspicious activity immediately to consumers and to your mobile payment company.
- Make sure your payment systems are up to date at all times.
- Patching eliminates certain vulnerabilities. Also, make sure your business’ computers are patched regularly.
- Have any visitors or vendors sign in, and keep an eye on them while they are at your place of business.
Mobile payments are becoming an increasingly important part of the payment landscape. Expect to see new types of payment options in the future, along with added security benefits and increased consumer confidence in the platform. Contact Marshfield Insurance Agency today
to discuss how mobile payment systems can help your business thrive.