Story image

Hold onto your (mobile) wallets: Mobile payments raise security concerns

29 Sep 2015

Mobile payment data breaches are high on the list of concerns for cybersecurity experts, with a survey of more than 900 cybersecurity professionals revealing 87% expect an increase in breaches over the next 12 months.

Interestingly, however, the survey by global cybersecurity association ISACA shows that while they may be concerned, 42% or respondents say they have used this payment method in 2015.

John Pironti, ISACA risk advisor and president of IP Architects, says mobile payments represent the latest frontier for the ongoing choice we all make to balance security and privacy risk and convenience.

“ISACA members, who are some of the most cyber-aware professionals in the world, are using mobile payments while simultaneously identifying and contemplating their potential security risks,” Pironti says.

“This shows that fear of identity theft or a data breach is not slowing down adoption – and it shouldn’t – as long as risk is properly managed and effective and appropriate security features are in place.”

The 2015 Mobile Payment Security Study shows only 23% of those surveyed believed mobile payments are secure in keeping personal information safe, with 47% saying they weren’t secure and 30% unsure.

Unsurprisingly, cash was deemed the most secure payment method at 89%, but only 9% of the cybersecurity professionals were prepared to use it.

Overall the global mobile payment transaction market is predicted to be worth US$2.8 trillion by 2020, with solutions being offered by the likes of Apple, with Apple Pay and Google, with Google Wallet, along with PayPal and Venmo.

The key vulnerability identified by the ISACA survey respondents was use of public Wi-Fi (26%), followed by lost or stolen devices (21%), phishing or shmishing – that would be phishing attacks via text messages – (18%).

Weak passwords were identified by 13%, and user error rated 7%.

An optimistic 0.3% of respondents felt there were ‘no security vulnerabilities’.

ISACA says respondents felt the most effective way to make mobile payments more security is using two ways to authenticate identity, followed by requiring a short-term authentication code. Far less popular was installing phone-based security apps.

Christos Dimitriadis, ISACA international president, says people using mobile payments need to educate themselves so they are making informed choices.

“You need to know your options, choose an acceptable level of risk and put a value on your personal information,” Dimitriadis says.

ISACA suggests people ask themselves what level of personal information and financial oss is ‘acceptable’ to balance the convenience of mobile payments.

Knowing the options available to manage your risk is also key. “Using a unique passcode should be mandatory, but also look into encryption, temporary codes that expire and using multiple ways to authenticate your identity,” ISACA says.

The cybersecurity association also recommends users be aware of what information is being shared – name, birthday, pet name, email, phone number.

“These pieces of information can be used by hackers to gain access to accounts. Only provide the least amount of information necessary for each transaction.”

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.