Embed Size (px)
Citation preview
What Merchants Need To Know About Security For Mobile Payments
Mobile payments have become an increasingly popular method for consumers to buy products both in-‐store and online.
WITH THE GROWTH OF THIS RECENT TECHNOLOGY COMES THE WORRY FOR SECURITY BREACHES. HOWEVER, THERE ARE WAYS MERCHANTS CAN PROTECT THEMSELVES AS WELL AS THEIR CONSUMERS AGAINST MOBILE PAYMENT FRAUD.
According to the “Consumers and Mobile Financial Services 2015” report, 39 percent of all U.S. mobile payment users made payments using their smartphones in 2014.
PCI Compliant Merchants who chose to accept mobile payments must observe the guidelines in the Payment Card Industry Security Standards Council’s data security standards, just as they do with payment cards. The standards set within PCI are set to help protect cardholder data and sensiQve transacQon informaQon in addiQon to eliminaQng security exposures.
PCI Compliant
The PCI SSC procedures have 3 main purposes that cover the leading risks that are linked with m-‐payment transacQons: • Prevent account data from being intercepted when
entered into a mobile device• Prevent account data from compromise while being
processed or stored within the mobile device• Prevent account data from intercepQon while being
transmiUed from the mobile deviceSource
If a merchant does not choose to be PCI compliant and suffers a data breach, they can face liability costs in addiQon to heWy fines. As a result, all merchants should make sure they are PCI Compliant to not only safeguard their business, but to addiQonally ensure the security of their consumers.
Wi-‐Fi Another way merchants can protect themselves from mobile payment fraud is by establishing their Wi-‐Fi connecQon on a secure network that is discrete from a public Wi-‐Fi network. By implemenQng P2PE within their in-‐store Wi-‐Fi network, the risk of fraud occurring is decreased.
Source
This is achieved as the data transmiUed is encrypted within the network, so that if it were somehow intercepted, it would be valueless to hackers.
TokenizaEon TokenizaQon is yet another form of security technology designed to help prevent fraud from occurring. With tokenizaQon, a one-‐Qme number is used to represent a debit/credit card during a payment transacQon. Since this token can only be “de-‐tokenized” by the tokenizaQon service provider, it is useless to a hacker trying to obtain card informaQon.
Rodrigo Meirelles from Visa concluded, “In addiQon, tokens eliminate the need for merchants to store payment card account numbers. This increases transacQon security, reduces the risk of fraud in digital channels such as e-‐commerce and further enhances issuers’ ability to manage risk and provide customer support.”
Source
NFC Using a NFC terminal will allow merchants to stay efficient and up-‐to-‐date with the latest technology. Due to the close proximity it takes to make the transacQon, it would be very hard for a hacker to acquire a consumers informaQon.
That said, if merchants make the upfront investment to upgrade their payment processing technology that supports both EMV and NFC, they can be sure their customers' payment informaQon is safer than it would be using a non-‐upgraded POS soluQon.
Mobile Payment fraud is an issue that is on the rise due to the popularity of mobile devices. By becoming PCI compliant, selecQng a P2PE soluQon, establishing your Wi-‐FI on a secure encrypted network, , using tokenizaQon, and upgrading to NFC-‐enabled equipment, merchants can adapt and grow their business into a safe and secure place to do accept payments via mobile devices.
Contact First American Payment Systems today to learn more about mobile payment security and how your business can
protect itself against mobile payment fraud
First American Payment Systems
