[Dave Birch] I was talking to a client yesterday when the subject of mobile payment security came up. I was explaining some ideas for bringing some new ways to pay to the mobile phone, and one of the client team asked about security and so we went through some high-level risk analysis. The concerns expressed were perfectly reasonable and widespread, as consumer surveys confirm:

Convenience is the most compelling feature of both mobile banking and mobile payment at the point-of-sale. Participants cited the ability to perform banking functions, such as check balances and pay bills, from anywhere without the need of a computer as the major convenience of mobile banking, and the prospect of no longer carrying a wallet as the major convenience of mobile payment at the point-of-sale. Conversely, participants indicated security and fraud were their main concerns regarding these mobile applications, wondering what would happen if their mobile devices were lost or stolen.

[From Consumer Interest in Mobile Commerce Extends Beyond Banking]

As it happens, I had a ready-to-roll Powerpoint presentation on security in mobile payments so I was able to walk through it show the client how we would deal with these concerns and manage the risk down. Afterwards, I was thinking that we (ie, people who are bullish about mobile proximity payments, in this case) should be more upfront about security, because the truth is that there is more security overall in a mobile payment than a card payment.

“There’s a whole lot of upside and security advantages to mobile devices,” says James Van Dyke, president of Javelin Strategy and Research,

[From Javelin Strategy and Research » Safest way to bank online? Your cell phone]

Apart from the often-repeated point about noticing a missing phone much sooner than you notice a missing card, there’s also the issue of communications. You know where phones are and you can communicate with them, which greatly changes the risk and countermeasure situation when compared with cards. I think the question should be the other way around: from a security point of view, does it make sense to carry on with cards?

Mobile proximity payments are getting an incredible amount of attention. I’m going to be talking about some of our experiences in this field at BIMS 2008 in Amsterdam on 10th-12th June 2008. In a spirit of unbelievable generosity, the wonderful people at IIR have given me a three-day delegate pass for this event — worth an astounding THREE THOUSAND EUROS — to give away on this blog as a competition prize. So if you are going to be in Amsterdam on those dates and you’d like to come along to meet the people who matter in billing, operational support, customer management and revenue assurance in the telecommunications and billing world, then all you have to do is be the first person to respond to this post with the name of the bank that Adam Smith is talking about here…

In order to remedy these inconveniences, a bank was established in 1609 under the guarantee of the city. This bank received both foreign coin, and the light and worn coin of the country at its real intrinsic value in the good standard money of the country, deducting only so much as was necessary for defraying the expense of coinage, and the other necessary expense of management. For the value which remained, after this small deduction was made, it gave a credit in its books. This credit was called bank money…

[From Adam Smith – An Inquiry into the Nature and Causes of the Wealth of Nations – The Adam Smith Institute]

In the traditional fashion, this competition is open to all except for employees of Consult Hyperion and members of my immediate family, is void where prohibited and has nothing to do with Ant and Dec. The prize must be claimed within one month. Oh, and no-one can win more than one of the Digital Money Blog prizes per calendar .

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

4 comments

  1. People have a very odd response to questions about money. Most have internalised it since childhood and don’t really understand it at any level. Especially, their views on security are not really related to how they act. I would distrust any survey based on questioning on such aspects; the only way to see whether something works in this area is to try it, because then you test the peoples’ actions not their beliefs.
    For example, if people have a perception that PayBlahBlah.com has security problems, they won’t touch it with a barge pole. This is the fear that has allowed banking regulators to successfully clamp down on innovation in the payments area, as they “credibly” claim that they need to regulate in order to ensure “the safety of the payments system” whatever that is.
    In opposition to this, if they users believe that a payment is safe, even with compelling and contradictory evidence in front of them, they will use it. We saw this with various super-safe payment systems such as the gold-backed payments systems where the chain of integrity was fully governed. People believed in that governance, and were happy to lose a lot of money in those systems. This loss occurred through neglect, scamming & ponzis, phishing, seizure, etc, etc. And, occasionally even through failure of the governance.
    Which is to say that safety and security are marketing problems more than they are technical problems. Of course, it helps to have technical answers, but it is a mistake to believe that they are either necessary or sufficient.

  2. “Of course, it helps to have technical answers, but it is a mistake to believe that they are either necessary or sufficient.”
    Necessary, surely. All the marketing in the world won’t stop a thief from, say, cloning a mag stripe card.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: