The X9 Financial Industry Standards group has released new mobile standards that rounds out security recommendations that, when adopted, will secure a wide range of financial transaction types including Card not Present, P2P, mobile banking, and Electronic Benefits Transfer (EBT) to name four:
“Mobile commerce presents a number of security and management challenges, such as customer isolation, the use of merchant-unattended terminals or kiosks, non-financial platforms that may not be trustworthy, and cellular, wireless and other connections that persist after an action has concluded, as well as the risks inherent in card-not-present transactions. Additionally, a mobile network infrastructure’s security may not reliably protect data in transmission. Finally, the continuing growth of the smartphone market increases the urgency of enabling better security for the mobile device population.
From a security perspective, mobile commerce has all the vulnerabilities of the internet and wireless environments combined; from a business perspective it encompasses three disparate industries: financial services, mobile telecommunications, and mobile platforms manufacturing. The new X9.112-3 standard guides all these parties toward safer and more efficient implementations of mobile commerce. As mobile devices and services become compliant with this standard, mobile-related risks will decrease, consumer confidence will increase, and mobile-related identify theft and fraud should be reduced.
“I am delighted to announce the release of this standard,” said Steve Stevens, executive director of ASC X9. “Developers, implementers, service providers and assessors for the financial industry will welcome the guidance contained in the X9.112-3 requirements and recommendations, and end users will enjoy higher levels of security throughout every phase of a transaction, from initiation to completion.”
Some specific areas the new standard covers are:
- Person-to-person, person-to-business and person-to-terminal mobile payments, including credit/debit cards, electronic funds transfer (EFT) transactions, gift cards, etc.
- Mobile banking, including payer and payee management, bill management, portfolio management, and credit/debit card management
- Mobile technologies, including mobile browsers, mobile applications (apps), and mobile channels (such as cellular, wireless, NFC, RFID, Bluetooth, SMS (text), and MMS (video))”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group