The popularity of banking and m-commerce on smartphones and tablets, merchant adoption of mPOS devices, the growth of in-app payments, and the emergence of mobile wallets and NFC-based point-of-sale payment services mean that ensuring the security of mobile transactions and the privacy of customers’ data is critical. Around the world with so many banks and merchants trying to get consumers to pay with some form of a mobile app or wallet, awareness is increasing. But so is confusion — there are so many options, and yet no clear winner.
According to a report by Forrester analyst Tim Sheedy, The Reserve Bank of Australia is working with industry on a central hub infrastructure platform to support ‘overlay’ or mobile payments services. By the end of 2016, any transaction will occur within a few seconds using the new platform.
In Australia, NAB’s “Flick”, Westpac’s “Tap & Pay” are some examples of steps in this direction. Around the world, banks are at par or ahead with Mobile Wallets Technology. Having said that, a security analysis of mobile banking apps for iOS devices from 60 financial institutions around the world has revealed that many were vulnerable to various attacks and exposed sensitive information.
Mobile Payments refers to payment services, operated under financial regulation, using a mobile device. With mobile payments, the mobile device is used to make the payment in place of the ‘traditional’ channels such as cash, credit / debit card and cheque. There are many other terms that refer to Mobile Payments – these include mobile money, mobile money transfer, mobile wallet, m-payments, etc.
Major Australian banks have made mobile payments a priority tech initiative and are in various stages of rolling out technology that lets customers pay with smartphones. Commonwealth Bank, Credit Union Australia (CUA) and Bendigo Bank have released mobile payments apps.
It is important to note, Mobile devices face the same security risks as PCs and laptops, including malicious apps, viruses and other types of malware. They also have the risk of malicious code such as phishing links being inserted into QR codes. In addition, retailers’ Wi-Fi networks are vulnerable to intrusion, which poses a security risk for their mPOS devices and customers’ smartphones.
Generally speaking, there are several security technologies that try and secure the end user to aid mobile banking, some of them include: Point to Point Encryption, Tokenisation, EMV, NFC & Authentication Technologies.
Voice Biometrics is a type of strong authentication for mobiles involving authenticating a speaker based on numerous voice characteristics, such as vocal tract geometry, harmonics, pitch and range. Speech recognition and voice biometric technology have come a long way, and products using voice as a biometric modality are gaining a ton of traction in the market.
Facial recognition is another such strong authentication method for mobiles. Every face has numerous, distinguishable landmarks, the different peaks and valleys that make up facial features, These landmarks are also known as nodal points. Each human face has approximately 80 nodal points. Today, facial recognition technology uses advanced pattern recognition models and captures images in real time to select areas of the face with dense information values. Facial recognition today can even be used in darkness and has the ability to recognise a subject at various view angles.
Recently, The Australian Senate has passed new legislation to strengthen the country’s biometrics system, Under the legislation, the Department of Immigration and Border Protection would be able to match the fingerprints and potentially iris scans and facial images of travellers entering and exiting Australia against a database containing the biometric data of known criminals and suspected terrorists.
Companies deploying any type of mobile security technology should consider the maturity of such technology, A financial institution’s online banking app, for instance, has to support thousands of different devices, making it important that biometric authentication work with existing hardware. It is also advisable not to look to any particular technology for all the answers. A Multi-Layered security approach is often the most suitable approach to reduce the level of risk.