Mobile payment infrastructure is turning into an ‘Insecurity of Things’
Evolution in technology is enabling more ‘things’ to connect more often around the world, at a pace that’s showing no sign of slowing down.
By 2020, 70% of people across the world will be smartphone users and countries in Asia, Africa and the Middle East will account for 80% of the new subscriptions.
More people currently have access to a mobile phone than a clean toilet, safe water or reliable energy – and their prevalence is expected to keep growing.
This has led to the inevitable widespread adoption of generic cloud and social technologies in emerging markets with access to freeware or inexpensive public services such as Gmail and Dropbox.
While this holds great opportunity for developing countries, the rapid spread of technology compounds a broader issue concerning infrastructure.
Within the developed world, the fines payable for not protecting personal data are hefty in regulated industries such as financial services and healthcare.
>See also: A history of online payment security
Governments have increasingly woken up to the seriousness of the cyber threat. To keep on top of the risks, more regulators have hardened their stance on cyber security infrastructure.
As cities in developing countries are expanding rapidly, it is likely that infrastructure will not be able to keep pace with their growth nor the increased expectations of their populations. This suggests lower standards of technology governance which can put personal data at risk.
Having said that, developing countries have the opportunity to leapfrog by avoiding the mistakes made by other advanced countries and applying the lessons learned from the development of smart city infrastructure.
If managed effectively, there is huge potential for technology to increase the efficiency with which developing infrastructure can be managed.
The use of big data, the Internet of Things and the ubiquitous use of smartphones promise to revolutionise developing cities to become truly smart cities built on safe and secure infrastructure.
The line between the digital and the physical world is blurring. Action to close the infrastructure gap has never been more important and will heavily influence the potential of risks with catastrophic cascading effects.
Securing the infrastructure
In developing markets, where new players are able to gain early access, influence consumer behaviour and acceptance, it is easy to see how the systems established for payments will be under pressure by “quick and easy access”.
It could result in a weakening of the process, enabling non-credible players to enter the payment ecosystem.
It’s vital for secure infrastructure to be built from the ground up to minimise vulnerabilities and to keep pace with technological advancement.
EMV, widely known for its chip & PIN application, is a global security payment standard that serves as the foundation for future payment technologies, across cards, contactless, mobile and remote payment channels.
Already deployed in 150 countries, it is fundamental to building secure payment infrastructure. EMV technology allows dynamic data to be created, making each transaction unique and virtually impossible to replicate.
While research shows a 200% growth in transactions originating from mobile devices in 2015 compared to 2014, EMV has still not taken root in some of the world’s developing economies.
Its effectiveness as a first line of defence is clear – with significant adoption of EMV transaction penetration (chip card on chip terminal transactions) in Africa and Middle East (61.2%), Canada, Latin America and the Caribbean (71.7%) and Western Europe (83.5%).
Employing a multi-layered security approach for any organisation will lead to a decrease in fraud.
EMV is just the beginning. To ensure consumers can benefit from the same level of safety in the digital world, Mastercard is basing its future payments products on proven technologies like M/Chip that significantly reduce counterfeit fraud.
M/Chip features in mobile phones will be a key component of emerging devices. The MasterCard Digital Enablement Service or MDES is the payment company’s core platform for provisioning M/Chip-enabled payment devices with tokenised payment credentials.
MDES together with M/Chip provides the same level of EMV-like security and interoperability for the digital world as we have in the physical world
In addition, 3D Secure Standard is an automatic online security service that secures users against unauthorised use online. It uses a private code that gives added protection when customers shop at participating online merchants.
Government adoption of secure technology can also be a part of the solution.
In Egypt, with 85% of the population lacking access to formal banking, the mobile phone is rapidly becoming the method of choice for making payments and managing money.
The Central Bank of Egypt issued strict mobile payment regulations to guarantee safety and security for people, resulting in significant reduction in fraud. This is indeed a necessity considering that the mobile penetration in Egypt is currently at 115% of the total population, meaning that some people have more than one phone.
Similarly in Thailand, the government is taking active steps to improve cyber security for electronic transaction on mobile phones. Being the second largest smartphone market in Southeast Asia, the country is pursuing its ambition to become a cashless society.
Here, the government is relying on biometric technology to prove people’s identity via mobile phones as a means to reduce fraud. Like Egypt, Thailand’s saturated mobile phone market is relied upon heavily for payments and money transfers.
Nigeria is another example of how deploying secure infrastructure has resulted in huge benefits to the country’s development.
Nigeria’s National Identity Smart Cards are embedded with biometric identification chips and electronic payment capabilities, another example of biometric technology being employed to curb fraud. The introduction of the chips helped reduce fraud from counterfeit cards and transactions in Nigeria.
Adapting known solutions for a digital world
The security solutions that already exist in the physical world are ready to be implemented in the digital world. Companies just need the motivation, regulation and coordination to ensure everyone is able to benefit, wherever they are in the world.
The alternative, in today’s unregulated environment of the Internet of Things development, could be a thing of security nightmares.
Working in partnership with those who can make a difference is vital to remain one step ahead and change the current mindset from one that sees security innovations as optional, to one that recognises they are an absolute necessity.
Through the right global standards, best products and services, and a desire to constantly innovate, payment firms can ensure everyone is protected and financially included everywhere, which will ultimately define and defend the future of payments.