We spoke about how mobile wallets are changing the payment landscape and according to the latest study by CMO.com, 56% of consumers are willing to use their mobile device to pay for products they are shopping for.
In every area, advancement in technology inevitably gives way to new vulnerabilities & risks and mobile wallets are no exception. Hackers out there actively look for loopholes in the apps and try to steal money or play foul with the consumer data, which could result into huge monetary and reputational damage to businesses.
According to the 2013 PWC mobile wallet survey, 79% of consumers are concerned that someone might be able to steal their information when it is sent wirelessly.
1. Vulnerabilities in GSM or CDMA standards
Did you know that your GSM or CDMA providers are also at risk of getting hacked? Wondering how? Service payment providers use GSM or CDMA transmission channels to authenticate your account, through various methods, say messages for instance. However, these channels do not provide the desired level of security of encryption that makes it vulnerable for hackers to intercept streams and “sniff” them on the fly.
To safeguard the user information, companies can use technology services that use special double 2048-bit electronic & encryption for the whole data stream traveling to and from your mobile device, which makes such fraud impossible because of the time needed for decryption.
2. Spy and malware programs
In unprotected devices, sometimes spy and malware programs get installed while downloading other programs from the web. These programs have the ability to intercept information entered by the user on the device such as a PIN Code, a password or any other sensitive data.
To protect your device from such malware programs, make it a rule of thumb to install antivirus software by downloading applications from trusted sources. Good antivirus software like anti-malware by Avast, AVG, Kaspersky etc. allows you to schedule scans to automatically run for you and remove any malicious code it detects, keeping the device healthy.
3. Man-in-the-middle attacks
As the name suggests, man-in-the-middle attack occurs when the attacker secretly relays and possibly alters the communication between the two parties who believe they are directly communicating with each other. It could lead to serious thefts both in terms of money and critical data.
Businesses can use mobile security tools like Appknox to detect such loopholes in the mobile payments and get a compliant solution to fix the issue. At Appknox, we are running a free security scan of mobile apps that not only scans for man-in-the-middle attacks but also checks for all the top threats that mobile businesses face today.
4. Lack of strong authentication for user login
A friend recently came across such a case when his account on one of the grocery sites was used by someone else and expenditure was made against his account. This case has become a common plight in the mobile payment domain where fraudsters access user accounts to steal information or simply buy items, causing a huge monetary loss to the customer and a grave reputational damage to the business.
Businesses should be extra careful in processing the user login credentials and should take strict measures while authenticating accounts each time the user makes a purchase. Security measures like validating account with an OTP through email or phone number can be used.
5. Physical theft of the device
“I didn’t make that transfer – my phone was stolen.” Usual sight, isn’t it?
1 in 10 smartphone owners are victims of phone threat and 12% experienced fraudulent charges on their account.
If you do not block your m-payment account soon after losing your device, fraudsters can attempt to steal your card information or use it to buy goods/services.
Businesses compromise on using security measures in lieu of convenience. They usually keep the option of auto filling the user details during login and even for credit cards. This exposes the user information for hackers to exploit in case the device gets stolen. Businesses need to draw a fine line between convenience & security and take measures for keeping the user data secure even in the case of a physical theft of the device.
An excellent solution could be to confirm the payments by sending a one-time password on an email or a message. Also, businesses can educate users to keep the payment details secure.