Mobile payments: An Intruder in Disguise?

With great power comes great responsibility. We’ve all heard of that haven’t we. Well, here is a little modified version of that – “With great benefits come great risks”. Yes, it’s true. Especially in the case of mobile payments. While we are all basking in the glory of the “great benefits” accruing from the digitization of world of payments, the flip side of things is often overlooked. How many of us know the risks associated with mobile payment portals?

Let’s just say it’s complicated. One thing to keep in mind though, is that, irrespective of what industry it is, new developments in technology mean new vulnerabilities and risks and the only way to move forward is to be well aware of them and find ways to deal with them. I’m going to take you through some risks associated with mobile payments here. Before that, let’s take a look at how mobile payments work.

How does it work

Mobile phones contain a Near Field Communications (NFC) chip inside, which stores the bank information or debit/credit card information securely. NFC is a short-range wireless technology used for communication between various digital devices. When a consumer makes a purchase, the NFC chip transmits the relevant information through wireless technology, as the consumer enters the range of a retail register. It is similar to the Radio Frequency Identification Technology (RFID) used in contactless credit cards and transit cards.

Risks involved

First of all, the GSM or CDMA standards used by the service payment providers may be the primary cause of risks or vulnerabilities. Many service providers often use messaging protocols along with their data transmission systems for the sake of convenience or ease. But they fail to provide the required level of security encryption, which makes it easy for frauds to break in and steal important information, like for example payment authentication information.

Another issue with mobile payments is shoulder surfing and device theft which involve spying on the users of cash-dispensing machines or any other electronic devices and obtaining their Personal Identification Number (PIN) or passwords and the like. Sometimes such spying can take place even through malware like malicious programs, viruses, and other such invasive software. This risk can be avoided through an appropriate antivirus software or by using trusted sources for downloading applications.

The Point of Sale (POS) terminal device used by NFC technology in mobile payments is another risk. These terminals may get hacked and can be used within probably a distance of 20 centimeters from your device. This increases the chances for other malware to be uploaded onto your device, which in turn leads to fraudulent NFC transactions in the same name. Such risks can be minimized by having a bilateral system authentication before making a mobile payment. It also helps to keep away from false payment requests. As a matter of fact, the source of the payment request needs to be checked properly for its genuineness, as it is a clear indicator of a risk.
Then there are regular risks associated with payments as well, like the chances of someone else’s expenditure being charged to your account or the same purchase being charged twice to your account and the like. Such risks arise irrespective of whether you swipe a card to make a purchase or whether you make contactless payments.

Mobile payment basically brings with it a lot of risks along with benefits and conveniences. A major concern of the people regarding mobile payments is having to disclose a lot of personal information in order to make purchases easier. Such information, once fed into a mobile wallet stand the chance of being used by other applications in your mobile device as well, if not properly protected. Most of the time, people ignore the permissions page while downloading an app and grant permissions to Apps straightaway without reading them. Sometimes, it doesn’t even make sense for apps to request permission to access certain information that is clearly not necessary for it to function. But we tend to overlook this in the urge to install applications that we find interesting, without even knowing how our private data can get compromised through such apps. It would help to read through these once before installing apps so as to minimize the risks of your personal details being shared.