There are still serious questions about mobile money and security that need to be answered

Mobile wallet

I read with interest Wallettec CEO Johan Meyer’s recent insights on the future of mobile banking, in which he quite correctly states that mobile payments are “inevitable”.

In fact, mobile payments can’t even be described as the next big trend, because they are happening right now. The mere fact that in the UK nearly a third of all online sales were made over mobile devices between November 2013 and January 2014 paints a telling picture of where we stand now.

As Meyer points out, the Mobile in South Africa 2014 AMPS Report states that the country “has one of the highest mobile penetrations in the world with 87% individual mobile phone ownership and 36% of those being smart phone owners”.

As such, it is not hard to see that South Africa is clearly primed for the widespread introduction of mobile payment systems.

However as inevitable as these are, so too are the risks involved, and perhaps more importantly, the ability of businesses and service providers to alleviate concerns so that they may gain and retain consumer trust as new technologies develop.

In South Africa this is already a well-documented problem. The 2013 Norton Report, an annual research study into online behaviours, found that the country had the third highest number of cybercrime victims in the world after Russia and China.

It therefore becomes imperative that consumers are as aware of the security specifications of mobile payment solutions as they are the benefits of the various applications. In my own business, which deals with hundreds of millions of rands in collections and payments every month, we have sought to bring across to our customers that we appreciate that their decision to entrust their money to us has not been taken lightly.

What we also appreciate is that actions speak louder than words, and for this reason we employ the latest and strictest online security measures to give customers peace of mind.
Given our dealings with banks, we make use of heavily encrypted communication, from your computer all the way to the bank, and back again. Private information is encoded in such a way that only the trusted server that we are communicating with can decode and read the information.

That being said, since mobile payment solutions are a relatively new phenomenon in South Africa, additional security invariably will need to be closely scrutinised and rolled out.
To this end, one of the most important security developments of recent times are Point-to-Point Encryption (P2PE) solutions.

Essentially what P2PE seeks to do is eliminate criminal elements capturing or intercepting data between the service provider terminal and the data centre, in other words, during the actual transferral process.

This is done by way of encrypting data BEFORE it enters a mobile device, so that there is no chance of it being intercepted “mid-flight”, as it were. This technology is already being widely used in the United States.

The way it works is that a solution provider will provide the user with a card reader that works with his or her mobile device. The solution provider will also have a list of approved card readers that have been tested to work securely with their solution.

Coupled with this is the provision of a P2PE self-assessment questionnaire that asks the user to adhere to strict policies as laid out by the encryption plan. This is in order to safeguard the transaction process in its entirety.

Another development is the advent of host card emulation, or HCE. HCE is highly considered as being an excellent replacement for a security measure currently in place, the so-called Secure Element, a specialist security chip that stores a user’s credentials.

But whereas SE is a physical element, HCE creates an exact replica of chip – except using software.

Of course while every effort is being made to perfect mobile payment security given the staggering amounts of money sums involved, teething problems will occur.

Much has been made of the proposal of “tokenization”, whereby instead of having to connect to the internet every time you transfer money, virtual cards are stored on your phone.

As is typical with a burgeoning industry, various forms of technology are being championed by different companies, and for various reasons, so the jury is still out on which standards will stick.

Still, it is highly evident the race to find the perfect security measure for mobile payments is most certainly on, and that bodes well for South Africa as we continue to embrace mobile payments at break-neck speed.

More

News

Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.