Operators must work alongside device manufacturers to keep personal data and payment information safe from prying eyes.
September 29, 2015
The digital world is no safer than the physical one, and making it safe ‘enough’ is a constant battle. Among the huge range of systems that are vulnerable, the one closest to everyone’s heart is their personal data. Almost every week, the news carries a story of we hear about a major business being hacked and customers’ credit card and other details being stolen, and then sold. The famous Adobe hack involved 38 million customers; the Target attack resulted in the theft of credit card details of 40 million customers; and more recently, personal data of 2.4 million Carphone Warehouse customers was compromised along with credit card details of about 90,000 customers.
More worryingly, conventional wisdom used to say that the only way to make a system safe is to unplug it. Now, that too, is not an option as phones and systems can be hacked without being connected.
Tightening up Mobile Transactions
This, of course, brings into question the whole issue of contactless payments. Here, though, there is a glimmer of hope. The rise of biometric authentication is a big step forward in the security game, and so are the techniques used by Apple Pay and others in using tokens for their payments services, which avoids the danger of credit card information actually passing through the merchants’ systems.
Other security approaches are built in so that customers can activate and manage them. For example, if a purchase is over a certain amount, customers can select an extra passcode to be entered. Or once activated, the device will need the password to be re-entered after two minutes. Good as these techniques are, nothing is totally secure, and it will only be a matter of time before we hear of a person or persons unknown taking over or stealing information from Apple Pay customers.
But perhaps we are worrying needlessly. It seems that customers themselves are not as worried as the industry seems to be. Many customers do not even activate a passcode on their device, making it extremely easy for a phone to be used if it is stolen. There is also an element of customers shrugging at the risks. Even though most are basically insecure online, they accept that people get hacked or their identity stolen.
Perhaps they believe that it simply will not happen to them, that there is safety in numbers. The impetus of cool new ways of paying for both physical and digital goods is too compelling and the security issues are simply part of the cost of living.
Operators Step into Security
There is a role here for operators and device manufacturers. Apple has done good work in educating customers into how secure Apple Pay is, as long as they take precautions. But operators have a role too; as more of them change their business model and move from selling connectivity and ‘data’ to products, bundled in partnership with digital service providers, it becomes their responsibility to ensure that customers are secure when they are buying these products.
It seems that, even though security will haunt the digital industry for the foreseeable future, the impact on customers is less than one might think. Contactless payment systems are phenomenally successful and have become so in a very short time. This does not mean, however, that the industry can let its diligence slip. On the contrary, security must be considered from the beginning of any mobile payment system all the way through to the transaction.