Tips for secure mobile payments
Posted on 18 November 2011.
With the increased use of mobile devices to pay for goods and services, traditional wallets with cash and credit cards could one day be obsolete. A new ISACA white paper examines this growing trend and offers guidance on managing risk and increasing security.

A study from Juniper Research found that the value of mobile payments for digital and physical goods, money transfers and other transactions will reach almost US $630 billion by 2014. ISACA identified consumer benefits, including the speed and convenience of not carrying cash and credit cards, the consolidation of many cards and an enhanced layer of security.

Enterprises benefit by reaching more consumers, reducing the amount of stored data needed to meet compliance requirements, improving transaction security and fraud detection, and engaging in location-based marketing (geo-marketing).

“Mobile payments offer many benefits, but we also need proactive planning and measures to manage risk, which can include anything from theft of identities and services; loss of revenue, brand reputation and customer information; and money laundering and terrorist funding,” said Nikolaos Zacharopoulos, chair of ISACA’s project development team for the white paper. “This guidance identifies the risk types and the countermeasures that should be in place to mitigate them.”

The Mobile Payments white paper provides practical advice for enterprises:
  • Build robust controls into the planning process.
  • Ensure that transactions are carried out only by the authorized person.
  • Identify the data that are considered personal and sensitive, and ensure it is protected.
  • Ensure that third parties involved have robust security governance in place.
  • Pay specific attention to the originating point of a mobile transaction - the customer device and the user.
“Security will be a major driver for the adoption of mobile payments, as trust plays a very important role when the customer decides to use a new payment tool,” said Zacharopoulos. “While more regulation in the mobile payment ecosystem is developing, it is important that enterprises proceed with care so they can offer consumers the conveniences of mobile payments as well as the security and privacy necessary.”

The white paper is available here (registration required).


More than a third of employees would sell company data

35 percent of employees would sell information on company patents, financial records and customer credit card details if the price was right. This illustrates the growing importance for organizations to deploy data loss prevention strategies.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 31st