There was an interesting news story posted on Finextra last week entitled 'UK government sets guidelines to combat contactless m-payments fraud' about the UK government's new guidelines designed to tackle fraud associated with mobile phone-based contactless payments. The Home Office says it has been working with the industry to make sure tough security measures are in place to prevent phone thieves or cloners from being able to take advantage of the new technology.
Moves by UK government to lay down guidelines designed to tackle fraud associated with mobile phone-based contactless payments and to increase public confidence are welcome if issuers and acquirers are to make the most of this new channel and grow payment volumes.
Whilst government guidelines are one way to ensure that adequate security measures are in place, it must also be combined with an industry commitment to best practice security. To date, the industry has been careful to add security on both the contactless devices and in the processing network, including a unique built-in secret key on the card which generates a unique CVV. It's also interesting to note that the processing of contactless payments does not require the use of the cardholder's name and some cards do not even include the cardholder's account number. Furthermore, contactless transactions can only be processed once which prevents incidents of "repeat attacks" from occurring, which can affect other types of transactions.
Clearly, the security of any new transaction channel must be a priority if it is to enjoy widespread success, so it is good to see that both the payments industry and the Government have contactless security firmly on the agenda. But other challenges associated with mobile contactless, such as preparing the payments infrastructure for increased transaction volumes where on-line transactions are the norm, require just as much attention if contactless payments are to be the success that everyone in the payments industry hopes they will be.