Mobile applications promise to revolutionize the way we pay. More people than ever are shopping directly on their phones, using mobile applications – and with technologies like Google Pay, Samsung Pay, and Apple Pay becoming more widespread, our phones are poised to become our primary methods of payment.
In 2018, payments on mobile applications will be more important than ever before. And because of this, it’s critically important to secure these payments, and ensure that data is not stolen by malicious hackers, or lost due to poor security.
The average cost of a data breach is $4 million – and when GDPR takes effect in Europe this summer, companies who fail to secure customer data could face fines of 20 million Euros, or 4% of their total revenue.
In this article, we’ll take a look at just a few ways you can secure payments on mobile applications.
1. EMV Payment Tokenization
EMV payment tokenization is a great technology to adopt, in order to prevent fraud and secure payments on mobile applications. This technology is often used to secure in-store payment methods, such as NFC, which are used by Apple Pay and similar technologies.
EMV payment tokenization creates a unique “token” for each specific transaction type, device, and merchant – including e-commerce payments. This helps keep mobile payments secure, and also allows merchants to quickly identify areas that are a potential threat. Potential vulnerabilities can be quickly tracked and identified – and secured before they result in a serious data breach.
EMV payment tokenization is not yet mandatory – but in 2018, we expect more and more companies to begin adopting this practice, as it’s a very effective way to protect user data, and adhere to modern security requirements.
2. Following Encryption Best Practices
Despite many advances in technology, many data breaches are caused by the most unlikely problem – shopper information and credit card numbers being stored in plain text. Often, these databases are located within merchant networks – and are not likely to be attacked. But if a hacker gains access to a database that contains any unencrypted shopper information, the consequences can be devastating.
The most recent example of this is an online pet store, which stored user credit cards in plain text and left them vulnerable to exposure for over 6 months. There is also speculation that the Equifax data breach involved plaintext user information.
User information such as credit cards, addresses, and any other personal information should always be encrypted – both when it’s being entered and transmitted, and when it’s stored in databases, and there are many modern mobile SDKs and APIs which support hardware-level encryption. Making use of these can dramatically enhance your mobile payments cybersecurity protections.
3. Identify And Reject Compromised Devices
Fraud doesn’t just happen when credit card information is stolen. Stolen mobile devices can also be used to make fraudulent purchases – especially if personal information like credit card numbers are stored within mobile shopping apps.
To deal with this issue, it’s important to focus on two primary areas of technology:
- Detecting compromised devices – Mobile apps should be built to recognize “jailbroken” and otherwise modified mobile devices, and reject them for mobile purchases. It’s also a good idea to use hardware monitoring to detect suspicious activity, such as a potential malware infection, which could be a sign of fraudulent activity.
- Identity verification – Modern smartphones often have fingerprint sensors, and we suspect that these identity verification features will be much more important for mobile transactions in the future. By requiring a shopper’s fingerprint, fraudulent purchases from stolen or lost phones can be eliminated entirely.
Watch Out For These Trends In Mobile Payments Cybersecurity In 2018
As mobile payments continue to become more and more common, we suspect that the issue of mobile cybersecurity will be more important than ever. So be on the lookout for these trends, and be at the forefront of the mobile payment revolution!
For more about Mobile payment security: