By Eric Klein, Sr. Analyst, Mobile Software, VDC Research
Payments transacted on mobile devices have the potential for additional risk due to the requirement that multiple parties are involved in executing the payment service jointly. These risks are further elevated if data processing services get outsourced to third parties (who may not be regulated) without clear establishment of accountability and oversight. Unfortunately, due to number of mobile payment scenarios that have emerged (e.g., m.Wallet, QR, hardware-based mobile card readers etc.), the mobile payment value chain is an environment that is conducive to exploitation by criminally-minded individuals who are adept at using both technological and social engineering attacks if the appropriate security mechanisms and accountability controls are not properly established. Clearly there is a vested interest from multiple constituents to make security an intrinsic element of all mobile payment systems.
The primary actors in the mobile payment value chain are financial, payment and network service providers – these organizations must continually monitor their governance programs to ensure that the appropriate safeguards to ensure customer privacy and data security are in place. Unfortunately, the lack of clear regulations, rules and procedures are often used as an excuse by participating parties for not being proactive in their approaches.
In this vein, VDC sees initiatives and partnerships between key participants in the mobile ecosystem such as the Trustronic joint venture between ARM Holdings (a semiconductor vendor), Gemalto (a TSM provider), and Giesecke & Devrient (a mobile payment specialist) as critical to the further adoption of mobile payment solutions by consumers who by in large remain concerned with the security, privacy and reliability of these services.
