CEO Outlook: Debunking the Myths Surrounding Mobile Payments Security

Jason Oxman
November 30, 2015 – There’s been a lot of talk about mobile wallets – each new product release sparks another conversation about whether these products are viable, and whether they can entice wary consumers who have yet to embrace mobile payments. Yet early numbers from Thanksgiving weekend are cause for optimism: The National Retail Federation found that slightly more people shopped online (103 million) compared to those who shopped in stores (a little under 102 million). Additionally, 57% of smartphone owners and 58% of tablet owners said they used their phone to research and purchase products, while 49% of respondents told Interactions that they would be using a mobile device to make purchases this holiday season.

Despite the encouraging data, there remain several obstacles to the widespread adoption of mobile payments. The biggest one is that consumers consistently see mobile payments as unsafe. Although mobile payments are an extremely secure way to pay, 70% of respondents told Inside Secure that their concern about mobile payment fraud was preventing them from using in-store mobile payment apps. The fear of fraud, data privacy breach, and identity theft precludes consumers from adopting mobile payments – and mobile wallets in particular – on a large scale.

How safe is paying with a mobile device? The answer: about as safe as it gets. Most mobile wallets on the market today are packed with a whole suite of security solutions which, layered together, make your smartphone nearly impenetrable to fraud or theft.

So it’s time to debunk some of the myths surrounding mobile payments, and mobile wallets in particular. Most mobile wallets, like Apple Pay and Samsung Pay, rely on Near Field Communication (NFC), which is the wireless form of the “smart” EMV chip cards that banks are issuing to their customers. Every time an EMV card or NFC wallet is used to make a transaction, the “chip” will transmit a one-time code that is unique to the transaction. Even if the card is counterfeited or the data is intercepted, it can’t be used to make a payment, because that one-time code is now worthless. NFC mobile wallets work in much the same way, with an added step: instead of transmitting the cardholder’s account number, the device will send a string of letters and numbers – known as a “token” – that represents the account number (and can only be interpreted by the financial institution receiving the transaction data). This process is known as tokenization, and it represents a huge leap in payments security.

But that’s not all – tokenization is just the beginning of the “layered security” that’s making mobile wallets one of the safest ways to pay. Data is encrypted while it’s in transit from the mobile device to whoever is approving the transaction on the other end. End-to-end encryption makes it even harder for thieves to intercept the transaction – but even if they do, tokenization and NFC capability make the data they find totally useless.

So hacking into payment processing networks to steal consumer data is more or less out of the question with mobile wallets. But what about stealing the old-fashioned way? Pickpocketing is going the way of the horse-drawn carriage, as new biometric forms of user authentication hit the market nearly every day. Companies are deploying cutting-edge fingerprinting, facial recognition, and a host of other technologies to make sure that no one but the owner of the phone can get into the financial account. Facial recognition scans perform “liveliness checks” to make sure an impostor isn’t simply holding a photo of the owner’s face in front of the camera. The digital algorithm stored on the device cannot be matched by anything but the owner’s fingerprint. In short, the payments security world is working very hard to stay one step ahead of criminals and hackers. Mobile wallets are the closest thing we have to a perfectly secure payments technology.

Jason Oxman is the CEO of ETA, the global trade association representing more than 500 payments and technology companies.