When was the last time you paid for something using cash? Last year in the UK, cashless payments had overtaken the use of notes and coins for the first time in history, and the trend is set to continue as cash payments are suspected to fall another 30% over the next ten years, while UK consumers are predicted to spend a whopping £53.6bn a year using their smartphones and tablets by 2024. New mobile payment apps like Google Pay, launched in May, and last year’s Apple Pay, are revolutionising the way we pay for our goods and services, but as with any new technology, along with it, comes new sets of unique cyber security risks.
The data threat landscape when dealing with mobile payments is vast, and the protection of every aspect of the mobile ecosystem is crucial in ensuring the industry continues its steady rise in success. Attention needs to be paid to securing identity on the device, data in transit and the security of access to information on back end systems. The onus is not just on the individual to ensure that they are protecting their device with secure passcodes and screen locks, it is also the responsibility of the organisations processing the data to ensure it is adequately secured.
The impact of a breach can be disastrous, not just for the individual customers affected, but for the entire organisation that has been targeted and potentially the industry as a whole. British mobile payments company Optimal Payments Plc has already fallen victim to a cyber attack scandal last year, when it was reported to have been investigating allegations that personal data belonging to some of its customers had been compromised and was available in the public domain. The incident resulted in Optimal’s shares dropping 11% in just one day.
When it comes to protecting stored data at rest, the only logic precaution is encryption with access controls. Even though it is practically impossible to ever guarantee 100% protection from a breach, at least if a hacker does get their hands on any sensitive data, encryption means that it is of no use and minimises any potential damage that the compromised data could cause. Securing data in transit is equally as important for over-air payments, and the best way to ensure security is by applying payment specific security products like the Thales‘payShield 9000’ that performs tasks such as PIN protection and validation, transaction processing, payment card issuance, and key management.
As the mobile payments industry continues to grow, so too will the number of opportunistic cyber criminals, and unless organisations are taking the necessary steps to ensure all data is protected and encrypted, we will be seeing a lot more incidents similar to that which affected Optimal Payments , potentially hindering the growth of an otherwise booming industry.