Perhaps associated with the report that mobile payment apps are insecure, this article in Biometric News indicates that on Tuesday the US Congress decided it will investigate the security of mobile payment solutions:
“The House Energy & Commerce Committee held a hearing Tuesday to preliminary review disruptive technologies in the mobile payments space, according to a report by Bank Info Security.
With testimonies from PayPal, Samsung Pay and the Merchant Customer Exchange, the hearing’s main takeaway was that while most mobile payments options offer stronger user authentication and convenience, they fail to provide the same legal and legislative protections as other methods.
Though the committee did not reveal any plans to take legislative action regarding this issue, it called on stakeholders to provide additional comments and concerns about mobile security over the next 30 days.
“We want to explore the new ways consumers are paying for goods through their mobile devices, and how consumer information is being secured on mobile devices,” said Rep. Frank Pallone Jr., D-N.J. “We want to be sure that information saved on mobile devices is secure, even if data on mobile devices can still be hacked.”
At least one key issue that will need to be discussed is the current regulatory framework that applies only to banks:
“Meanwhile, Sarah Jane Hughes of the Maurer School of Law at Indiana University said that lawmakers will need to determine whether Congress should enforce the same regulations regarding consumer fraud protections and privacy on mobile carriers, payments gateways and mobile service providers as they do with banking institutions.
Hughes mentioned the federal regulatory requirements imposed under the Electronic Fund Transfer Act [Regulation E] and the – EFT and [Dodd-Frank Wall Street Reform and] Consumer Protection Act, which only apply to banking institutions.
“Protections for mobile do not exist, and that is a big issue for the unbanked and underbanked, who don’t have credit or debit cards,” said Hughes. “Consumers who bill to a mobile phone statement, as opposed to a financial institution, do not have the same level of protections.”
In addition to these legal requirements, banking institutions have also expressed their concerns about the security practices of non-bank payments providers and processors, Hughes said.”
Coming on the heels of reports that two major P2P suppliers failed to incorporate even minor security functions in their apps, the timing of this investigation appears spot on.
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group
Read the full story here
