Almost anything can affect the success of a business. Economics, location ...Read More
Dan England: Moving Full Speed Ahead
Utah Needs More Women in STEM Fields
The 2012 Election
How Open Should Government Be?
Moment of Truth
A Grand Exit
Through the Roof
Mobile payment apps, which let customers pay for purchases with a swipe of their mobile device, are proving a boon for merchants and consumers alike. Mobile payments let micro-businesses, like artisans or landscapers, easily accept credit card payments and enable consumers shop cash free.
But how safe are mobile payment apps or mobile credit card swipers? How can consumers protect themselves when paying via their iPhone? Are businesses liable for safety breaches?
Far from being leery of mobile banking technology, consumers seem to be embracing it with enthusiasm.
Mobile apps are so convenient that retailers are using them to extend their brand and their ability to sell, says Tom Karren, CEO and co-founder of MokiNetworks, a Lehi-based company that builds mobile and cloud apps. “We are even seeing cases where retailers are putting mobile commerce applications on dedicated devices inside brick and mortar stores to extend their ability to sell items that they may not have in stock,” he says.
“Customers just love the ease and convenience of mobile,” says Brian Pearce, senior vice president and head of the Retail Mobile Channel at Wells Fargo’s Digital Channels Group.
In the first quarter of 2012, Wells Fargo had more than 7.7 million customers using mobile services. “It’s just a really, really popular way for our customers to manage their financial lives,” says Pearce. “And as a bank, we’re interested in being where our customers are. It’s really important to be able to connect with our customers and be able to provide them with our financial services anywhere that works for them.”
With that convenience, though, comes the risk of financial data being compromised. Pearce says Wells Fargo deals with that in two ways: maintaining a robust security structure and educating customers.
“One of the keys to developing an app securely is to never store information on the device,” Pearce says, pointing out that all bank customers’ financial information is stored solely on Wells Fargo secure servers.
To help educate consumers, Wells Fargo created a “Fraud Information Center” on its website. Among the most important tips on the website, Pearce says, is that consumers should download mobile apps only from reputable sources, and they should never open attachments, click on links or respond to emails from suspicious or unknown senders—information that’s helpful to all mobile app users.
Scott Nelson, vice president of marketing for ProPay, agrees with Pearce on all counts.
The mobile payment apps market is seeing explosive growth, but “the biggest issue is whether or not these applications are secure,” says Nelson, whose Lehi-based company provides credit card processing and electronic payment services for customers ranging from home-based entrepreneurs to multi-billion-dollar organizations.
While many payment apps require credit card information to be keyed in, devices that allow credit cards to be swiped are becoming more common, Nelson says.
These swipe devices typically plug into the audio jack of a smart phone, iPad or Android device and allow real-time authorization of a credit card transaction. However, the same security issues apply for these devices as for apps.
“Make sure you purchase a swipe device that is secure, that the credit card data is encrypted immediately at swipe so that your credit card data isn’t flowing out in clear text,” Nelson says. “Some devices on the market don’t encrypt, and that just puts the merchants and the customer both at risk.”
The safety of an app depends on whether the developer created appropriate levels of security for how the data is captured, stored and transmitted, Nelson says.
To ensure that data is secure, it should be encrypted as soon as it’s captured, Nelson explains. Unencrypted data that’s sent through a phone to a processor can be intercepted. “That’s how a lot of fraud occurs, so it’s important that the applications encrypt the data at the swipe or at the point of entry,” he says.
Data breaches can cost dearly: credit card companies can assess fines if a breach occurs and the merchant is found to be non-compliant with the PCI Security Standards. These standards were developed by the PCI Security Standards Council, an organization created by the five major credit card brands to develop data security standards for the industry.
These standards apply to all organizations that store, process or transmit credit cardholder data. The compliance requirements vary depending on the size of the business; however, the standard is enforced by credit card companies, which charge penalties for non-compliance.
“The fines and fees, etcetera, could really hurt a small business,” Nelson says.
The PCI website, www.pcisecuritystandards.org, offers information about how merchants can comply with the standards, but each credit card brand has specific requirements as well.
PCI also provides guidance for software developers and app manufacturers whose products are used in credit card transactions.
“[We] provide products and services that help our customers be compliant with standards and mitigate risk,” says Karren of MokiNetworks. “[Companies] cannot afford to miss out on the opportunity to do business with mobile apps and devices since consumers are going there in droves. Mobile commerce presents new opportunities and challenges for businesses. In the end, it’s about providing convenience to customers.”