Are the mobile payment systems foolproof? You as a user would like to think so, but the stark reality is that despite assurances that these are safe modes for transferring money, they remain a risky proposition.
With the increase in usage of mobile payment systems that, according to some estimates, is slated to touch 4.7 billion users in 2017, even businesses are increasingly adopting them. Not that such systems had not existed previously. In fact, they had existed for years, but at that time were supported by few devices and retailers. But today, the equation has totally changed, as many more consumers have switched to this mode of payment.
This brings us to the question that always sticks to the back of the users’ minds, whether it is safe to transact money through this mode. Although most people use this system with gay abandon, there is a reason to exercise caution. We can only free ourselves from this fear of fraud by evaluating just how secure or reliable such payment modes are.
Contents in This Article
A typical mobile payment system has five main components – a Financial Service Provider, a Payment Service Provider, a Mobile Network Operator, a Payer, and a Payee. In your case, a bank, where you hold your account, is usually the Financial Service Provider and takes care of all backend actions, such as processing and settling a transaction between two parties.
This transaction is facilitated by the Payment Service Provider that acts as an interface between the Financial Service Provider and the payer or the payee by using the payment software and user interfaces.
The Mobile Network Operator basically connects the Financial Service Provider, the Payment Service Provider and the payer or payee through wireless WAN service and also provides the necessary infrastructure. In addition, there are some government regulatory and law enforcement bodies that monitor compliance with the rules and laws related to mobile payments and ensure that such transactions are legal.
This makes the security of an e-payment system of paramount importance. Since the most commonly used device for such mobile transactions is the smartphone, it is critical to look at various vulnerabilities in using the smartphone as a mode of such payment.
To make a mobile payment, you are required to link one or more of your existing financial accounts to your chosen payment system that may be through credit card, debit card, ATM card, or directly through net banking on your device. This makes it essential to store the necessary confidential details in the smartphone to facilitate the mobile payment system to transact from our financial accounts.
The system is undoubtedly convenient, but may be fraught with risks, which may range from vulnerabilities found in GSM, Bluetooth, SMS, and J2ME to mobile worms and viruses. Such vulnerabilities are cashed on by fraudsters.
The biggest risk faced by such virtual payment portals are the hackers, who are always on the lookout for breaching the security of payment technologies by spotting its vulnerabilities and that of your device and software, and there is no stopping them. It is foolish to assume that the latest payment technology has overcome all of its security flaws.
So, it becomes imperative to keep your personal information safe through basic security measures, such as a strong password that is frequently changed, using two-factor authentication, encrypting data, immediate updating of installed software and only shopping on the sites considered safe.
Phishing is the fraudulent practice of sending emails disguised as from known and reputable companies to tempt the victims to reveal personal information, such as passwords, credit card numbers, ATM pins, and other such secure information to which you are privy.
What is most surprising is that despite spreading awareness about this kind of fraud, people regularly fall prey to it even to this day. The reason is not far to seek. Phishing scams bypass the software installed to block phishing emails by sending a legitimate-looking email with a seemingly innocuous attachment that the victim unsuspectingly opens with dire consequences. The lesson drawn from this is that you have to remain alerted while using emails on your device with mobile payment software that contain your confidential information.
Vishing, a type of online fraud perpetrated on net banking, is when a scammer pretends to be a legitimate business and fools the victims into revealing their net banking details. For example, in the case of Indian banks, the scammers would load Rs.10,000, the limit for non-KYC wallets, into wallets and then immediately transfer the amount into another bank account.
We all make mistakes, like opening a suspicious email attachment as explained above or remaining ignorant if our devices are hacked or using an easy-to-guess password or even compromising our password or personal data by transmitting on social media, such as Facebook and Whatsapp. Such mistakes on devices with mobile payment system can prove costly if we remain uninformed. Taking basic measures like encrypting data, educating ourselves and others, not letting others have access to our devices, etc. will help curb human error and keep our data and money secure.
Visit any mall or restaurant, and most of us start browsing for free wi-fi in the premises. Nothing can be more dangerous. This is because tapping into public wi-fi lays your device open to hackers, who waste no time in accessing your unsecured data. This does not mean that you can’t use public wi-fi. What you need to do is to simply use VPN and SSL connections. Another preventive measure is to turn off sharing and wi-fi when not using these services. There are other security solutions as well.
Technologies keep changing and so does the threat perceptions while using mobile payment systems. Although some attacks like phishing may continue to remain a concern, what with the latest threats of ‘extortion hacks’ and ‘ransomware,’ where attackers not only access personal or company details, but also threaten to release it, lest they are paid ransom money or meet some other demand.
The best preventive measure for these is to be with times and educate yourself about these trends. For this, it is necessary for individuals and organizations to understand exactly where and how sensitive account data is stored and transmitted to enable them to implement data protection solutions. It is also a good idea to interact and share with others having the same concerns through webinars.
Let us look at a few primary issues that need to be considered before opting for this mode of payment.
As the number of users rises, the rising transaction volumes can lead to performance bottlenecks for the mobile payment systems, if it is afflicted with inefficient processing limits capacity. The efficiency of such systems must be known beforehand to prevent negative customer experience.
The security system employed by mobile payment systems should not be such as to become overly cumbersome and hinder an individual’s ease of transaction or slow the organization’s ability to adapt quickly to new opportunities. This needs to be looked into when subscribing a mobile payment system.
The user must be clear as to what does one do if a fraudulent charge occurs and the complexities involved in getting the charge canceled. If the money has changed hands through this transaction, how difficult will it be to get the money back? Similarly, what all is involved in reversing a duplicate charge if it occurs.
We should also ask if there is any maximum ceiling for the transactions stipulated by the mobile payment system. This may be on a daily, weekly or monthly basis. Also important is to know if the system acknowledges and confirms a transaction through SMS or emails. Last but not the least, if the user wants to discontinue, is it easy to let go of the mobile payment system and delink the user’s financial accounts from it?
If the mobile payment system is not clear on any of the above aspects, it is advisable not to use such a system. It is better to use one, where the system does not have direct access to your financial account. For example, there are certain mobile payment systems that ask for depositing money in their cards, like a gift card. This is much safer than linking your account directly with the mobile payment system. If this gets compromised somehow, you stand to lose only the deposited amount.
It is important to reiterate that security concerns of using mobile payment systems are genuine. A case in point is India’s State Bank of India that was forced to remove the option of loading money on all major wallets through net banking, due to vishing. It is best to get fully acquainted with the mobile payment system, before opting for it. Once opted, always remain alerted while transacting money and never open anything suspicious on your device.