SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Hold onto your (mobile) wallets: Mobile payments raise security concerns
Tue, 29th Sep 2015
FYI, this story is more than a year old

Mobile payment data breaches are high on the list of concerns for cybersecurity experts, with a survey of more than 900 cybersecurity professionals revealing 87% expect an increase in breaches over the next 12 months.

Interestingly, however, the survey by global cybersecurity association ISACA shows that while they may be concerned, 42% or respondents say they have used this payment method in 2015.

John Pironti, ISACA risk advisor and president of IP Architects, says mobile payments represent the latest frontier for the ongoing choice we all make to balance security and privacy risk and convenience.

“ISACA members, who are some of the most cyber-aware professionals in the world, are using mobile payments while simultaneously identifying and contemplating their potential security risks,” Pironti says.

“This shows that fear of identity theft or a data breach is not slowing down adoption – and it shouldn't – as long as risk is properly managed and effective and appropriate security features are in place.

The 2015 Mobile Payment Security Study shows only 23% of those surveyed believed mobile payments are secure in keeping personal information safe, with 47% saying they weren't secure and 30% unsure.

Unsurprisingly, cash was deemed the most secure payment method at 89%, but only 9% of the cybersecurity professionals were prepared to use it.

Overall the global mobile payment transaction market is predicted to be worth US$2.8 trillion by 2020, with solutions being offered by the likes of Apple, with Apple Pay and Google, with Google Wallet, along with PayPal and Venmo.

The key vulnerability identified by the ISACA survey respondents was use of public Wi-Fi (26%), followed by lost or stolen devices (21%), phishing or shmishing – that would be phishing attacks via text messages – (18%).

Weak passwords were identified by 13%, and user error rated 7%.

An optimistic 0.3% of respondents felt there were ‘no security vulnerabilities'.

ISACA says respondents felt the most effective way to make mobile payments more security is using two ways to authenticate identity, followed by requiring a short-term authentication code. Far less popular was installing phone-based security apps.

Christos Dimitriadis, ISACA international president, says people using mobile payments need to educate themselves so they are making informed choices.

“You need to know your options, choose an acceptable level of risk and put a value on your personal information,” Dimitriadis says.

ISACA suggests people ask themselves what level of personal information and financial oss is ‘acceptable' to balance the convenience of mobile payments.

Knowing the options available to manage your risk is also key. “Using a unique passcode should be mandatory, but also look into encryption, temporary codes that expire and using multiple ways to authenticate your identity,” ISACA says.

The cybersecurity association also recommends users be aware of what information is being shared – name, birthday, pet name, email, phone number.

“These pieces of information can be used by hackers to gain access to accounts. Only provide the least amount of information necessary for each transaction.