Skip to main content

Mobile payments are still fundamentally insecure

There is a lot of industry noise about mobile payments currently, thanks in part to the launch of Apple and Android payment innovations. Mobile is being hailed, by some, as the future of the digital payments landscape, and the catalyst to economies becoming cashless.

We Brits are well acquainted with digital payments, UK consumers are by far the biggest online shoppers in Europe. Australia leads the way in contactless payments worldwide, but the UK is among the only European countries to adopt contactless – far ahead of the American system, which is the western country with the lowest contactless infiltration with just 14 per cent of Americans owning a contactless card.

If mobile payments are to see widespread adoption, there are serious security challenges that need to be addressed. There are numerous new security technologies being tabled by FinTech start-ups and established technology companies alike, but they still don’t solve all the security complications. Biometrics like ‘selfie’ security and fingerprint technology, or wearable gadgets and retina scans, are all becoming part of the discussion. Some of these ideas may well be adopted but many won’t, due to high implementation costs or low user uptake.

Ubiquity of solutions is key

While a small number of British consumers are already adopting mobile payments, mostly Apple Pay, it is still slow and clunky compared to contactless card payments. There are a vast number of consumers that are still clinging to cash, which is surprising in a financial economy as sophisticated as the UK’s. Clearly the average consumer still inherently trusts cash more so than digital when it comes to payments. Although cash, due to counterfeiting, suffers the same security issues as digital from the perspective of the card issuers and banks.

It’s always promising to see innovations in the FinTech and payments industries to make payments more convenient, but new innovations must also be secure. Furthermore, ubiquity is really fundamental – new technologies must be able to be adopted by all of us: banks, card issuers and everyone in society – the old and the young. We’re not far off becoming cashless, but new technology has to cover everything, aligning with the needs of today’s and tomorrow’s consumers.

Proof of identity is just the beginning

Having a mechanism to prove the identity of the user does not address the entire security problem. Security solutions must mitigate against fraud first before the economy can go completely cashless. If we do eliminate cash payment instinctively, due to the mass adoption of new digital payments solutions – great – however, forcibly abolishing cash is a waste of time. The consumer needs to be pushed towards one solution or another – mobile or card – the banks could be divided on the issue, and some may choose to push their customers towards card and others toward mobile. Utilising the existing card technology can only be a good thing for the banks and card issuers, it’s cheaper to implement and is essentially pay-per-click from merchant to bank or issuer.

Gimmicks can't be mainstream in security - selfies aren’t going to win over the security conscious consumer. In order to win the battle between convenience and security, we needn't try to reinvent the wheel. Ultimately, new measures in payments need to balance security and convenience, whilst being efficient to implement from a technological and cost perspective for the banks. Security can save the banks and card issuers money in the long term; the losses owing to fraud are increasing year on year and many solutions posed are inexpensive by comparison.

Mobile payments technology is still in its infancy

Mobile is a fundamentally insecure cashless payments solution, as smartphones are connected to the Internet – making them open to hackers. Saying that, wearables have the potential to prosper more so than mobile payments down to sheer convenience to the customer. Retina scanners and vein pattern recognition less so, as they are far too expensive. Fingerprint recognition has potential as an additional layer of security, but is expensive and not fool-proof.

There is not yet a solution that can provide universal security and convenience - too many merchants do not accept mobile payments, for instance. Essentially, what we need is a solution where nothing (infrastructure-wise) has to change to achieve real innovation. Though currently the gap between card and mobile is too wide, we need something in between the two to really pique the interests of the banks. Future solutions we create must be viable on all fronts, i.e. something consumers want to use and banks can afford to deploy.

The chatter about mobile payments is prevalent at the moment, but it doesn’t solve all the problems that the banks and card issuers currently face. New payments solutions need to be ubiquitous - innovations are not only for the young millennials but must appeal to all generations if we are to see mass uptake. The security versus convenience dilemma still remains despite the emergence of mobile payments, as mobile is still the most insecure method of payment due to the fact that devices are connected to the Internet, and the functionality is glitchy. Mobile payment is still in its early stages and the accompanying security solutions need to do more than just prove identity. Mobile payment providers are yet to come to the banks with a solution that has robust security whilst meeting the convenience desires of the consumer.

Simon Hewitt, CEO and Founder ScramCard

Image Credit: Shutterstock/Robert Kneschke