Despite the headline that states “Mobile payments are still fundamentally insecure,” the article actually identifies the lack of ubiquitous acceptance as the larger problem:
“While a small number of British consumers are already adopting mobile payments, mostly Apple Pay, it is still slow and clunky compared to contactless card payments. There are a vast number of consumers that are still clinging to cash, which is surprising in a financial economy as sophisticated as the UK’s. Clearly the average consumer still inherently trusts cash more so than digital when it comes to payments. Although cash, due to counterfeiting, suffers the same security issues as digital from the perspective of the card issuers and banks.
It’s always promising to see innovations in the FinTech and payments industries to make payments more convenient, but new innovations must also be secure. Furthermore, ubiquity is really fundamental – new technologies must be able to be adopted by all of us: banks, card issuers and everyone in society – the old and the young. We’re not far off becoming cashless, but new technology has to cover everything, aligning with the needs of today’s and tomorrow’s consumers.”
The article suggests that connectivity to the internet makes mobile phones inherently insecure, without any mention of Apple’s use of the Secure Element that clearly protects the credential once safely ensconced in hardware. The article then wanders back to the problem of ubiquity:
“Mobile is a fundamentally insecure cashless payments solution, as smartphones are connected to the Internet – making them open to hackers. Saying that, wearables have the potential to prosper more so than mobile payments down to sheer convenience to the customer. Retina scanners and vein pattern recognition less so, as they are far too expensive. Fingerprint recognition has potential as an additional layer of security, but is expensive and not fool-proof.
There is not yet a solution that can provide universal security and convenience – too many merchants do not accept mobile payments, for instance. Essentially, what we need is a solution where nothing (infrastructure-wise) has to change to achieve real innovation. Though currently the gap between card and mobile is too wide, we need something in between the two to really pique the interests of the banks. Future solutions we create must be viable on all fronts, i.e. something consumers want to use and banks can afford to deploy.
The chatter about mobile payments is prevalent at the moment, but it doesn’t solve all the problems that the banks and card issuers currently face. New payments solutions need to be ubiquitous – innovations are not only for the young millennials but must appeal to all generations if we are to see mass uptake. The security versus convenience dilemma still remains despite the emergence of mobile payments, as mobile is still the most insecure method of payment due to the fact that devices are connected to the Internet, and the functionality is glitchy. Mobile payment is still in its early stages and the accompanying security solutions need to do more than just prove identity. Mobile payment providers are yet to come to the banks with a solution that has robust security whilst meeting the convenience desires of the consumer.”
Mobile payments have multiple security models and some have a longer history of trust (Secure Element) than others (HCE), but I agree with the overriding theme of this article which wasn’t about security at all. Mobile payments will grow in volume when it delivers greater value to the consumer. That value will need to be extremely significant if the solution isn’t ubiquitous – and today none of those that target the point of sale are.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story here