Story image

Hold onto your (mobile) wallets: Mobile payments raise security concerns

29 Sep 15

Mobile payment data breaches are high on the list of concerns for cybersecurity experts, with a survey of more than 900 cybersecurity professionals revealing 87% expect an increase in breaches over the next 12 months.

Interestingly, however, the survey by global cybersecurity association ISACA shows that while they may be concerned, 42% or respondents say they have used this payment method in 2015.

John Pironti, ISACA risk advisor and president of IP Architects, says mobile payments represent the latest frontier for the ongoing choice we all make to balance security and privacy risk and convenience.

“ISACA members, who are some of the most cyber-aware professionals in the world, are using mobile payments while simultaneously identifying and contemplating their potential security risks,” Pironti says.

“This shows that fear of identity theft or a data breach is not slowing down adoption – and it shouldn’t – as long as risk is properly managed and effective and appropriate security features are in place.”

The 2015 Mobile Payment Security Study shows only 23% of those surveyed believed mobile payments are secure in keeping personal information safe, with 47% saying they weren’t secure and 30% unsure.

Unsurprisingly, cash was deemed the most secure payment method at 89%, but only 9% of the cybersecurity professionals were prepared to use it.

Overall the global mobile payment transaction market is predicted to be worth US$2.8 trillion by 2020, with solutions being offered by the likes of Apple, with Apple Pay and Google, with Google Wallet, along with PayPal and Venmo.

The key vulnerability identified by the ISACA survey respondents was use of public Wi-Fi (26%), followed by lost or stolen devices (21%), phishing or shmishing – that would be phishing attacks via text messages – (18%).

Weak passwords were identified by 13%, and user error rated 7%.

An optimistic 0.3% of respondents felt there were ‘no security vulnerabilities’.

ISACA says respondents felt the most effective way to make mobile payments more security is using two ways to authenticate identity, followed by requiring a short-term authentication code. Far less popular was installing phone-based security apps.

Christos Dimitriadis, ISACA international president, says people using mobile payments need to educate themselves so they are making informed choices.

“You need to know your options, choose an acceptable level of risk and put a value on your personal information,” Dimitriadis says.

ISACA suggests people ask themselves what level of personal information and financial oss is ‘acceptable’ to balance the convenience of mobile payments.

Knowing the options available to manage your risk is also key. “Using a unique passcode should be mandatory, but also look into encryption, temporary codes that expire and using multiple ways to authenticate your identity,” ISACA says.

The cybersecurity association also recommends users be aware of what information is being shared – name, birthday, pet name, email, phone number.

“These pieces of information can be used by hackers to gain access to accounts. Only provide the least amount of information necessary for each transaction.”

IP theft: A global issue catching NZ businesses off guard
“We have this incredible record of innovation in New Zealand. But our innovative businesses haven’t always been meticulous in shoring up their IP."
Why A/NZ organisations need to improve compliance protocols
Only a mere 4% of IT decision makers and data managers surveyed said their organisation faced no data management challenges. 
What the people say - Gartner’s November Customers’ Choices
A roundup of the latest Gartner Peer Insight Customers’ Choices from Backup and Recovery to Business Intelligence and Analytics, and more.
BlackBerry buys out cybersecurity AI firm Cylance
“We are eager to leverage BlackBerry’s mobility and security strengths to adapt our advanced AI technology to deliver a single platform.”
Data protection is key to building customer trust
"New data compliance rules offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty."
NZ Internet Task Force joins iSANZ Hall of Fame
NZITF chair Barry Brailey and former chairs Mike Seddon and Paul McKitrick received the award in Auckland last week.
Quantum computing: The double-edged sword for cybersecurity
Quantum computing is quickly moving from science fiction to reality.
Three ways to achieve data security whilst enabling BYOD
"A mobility strategy is now more important than ever before, that said, selecting the right one is often no small task."