Last updated: 22 April 2014
You can’t not step outside and see how mobile usage is affecting mainstream and consumer behavior – from toddlers playing with iPads to people walking into lampposts as they fail to look up from their device when out and about. Given the tremendous increase in mobile usage in recent years, it’s hardly surprising that expectations are evolving in tandem.
Rumor has it that Facebook is about to take advantage of the increasing and worldwide smartphone usage to offer mobile payments through its platform with many claiming the social network is seeking regulatory approval in the UK. If all goes well, Facebook would become a trusted payment provider, setting the scene for mobile payments in UK.
The European Central Bank recently released a set of recommendations to increase the knowledge in mobile payments threats, and thereby improve its security, and the European Commission is setting out new regulations for mobile payment services. So, it’s reassuring that Facebook is looking to follow the appropriate channels. However, what are the recommendations to ensure secure yet convenient mobile payments with your friends and family?
The ultimate recommended authentication procedure on a mobile device is two-factor technology – something the user knows (PIN) and something the user possesses (token or mobile) or, in some cases, something the user is (biometric). Any two of the three mentioned factors are considered strong consumer authentication when independent from each other, especially given at least one of them cannot be stolen online.
As always, we expect fraudsters to be one step ahead (in social engineering fraud specifically), which is why a software development kit is necessary in all cases to secure the mobile applications and turn the customers’ mobile phones into strong authentication devices. We’ve previously blogged about Twitter adopting two-factor authentication but it’ll be interesting to see how the Facebook application process develops.
One success story of a company setting a new mobile wallet standard is Sixdots in Belgium, a joint venture between Belgacom Fortis and BNP Paribas. This is a perfect example of strong authentication, brought to an open platform which is user-friendly – convenient yet secure. Take a closer look here.
We will increasingly see these new payment services being performed and separated from the bank’s traditional channels. Banks will therefore need to implement solutions that monitor high-risk transactions in order to detect any sign of fraudulent attack. Will banks follow suit to ensure their piece of pie in the future mobile payments landscape? Otherwise security could be compromised… and no one ‘likes’ that.