By: Mark Raleigh, Director, CoreCARD Software, Inc.
Mobile wallet is becoming a hot item in the payments space.Many payments industry experts see a promising market for the technology.Here’s a quick look at some of the high level questions around security of using a mobile wallet.
1. How does it work?
Typically, a mobile wallet is just another form factor, replacing or supplementing the need to hold plastic. Your phone can be used to complete a transaction at the point of sale through NFC (near field communication). The phone would use an application to provide the details necessary to complete the transaction and validate the user’s identity. The mobile wallet may be linked to an existing debit or credit account through a bank or card issuer or it may be a pre-paid account. Existing technology is used to forward the transaction information through the proper channels for authorization and settlement.
2. Is it safer than using a regular debit or credit card?
A typical mag-stripe card has built in safe guards to protect the holder from fraud when the card is used. A chip card typically has more safeguards than a mag-stripe card. A mobile wallet used in a transaction provides the possibility of some new security benefits and possible new security concerns. A mobile wallet may be able to more securely store personal information needed in the transaction – by storing information encrypted on the SIM card like a chip card does. Also, the mobile wallet application can be password protected. Thus there are two layers of security built into mobile wallet: at chip level and at application level. Another argument that proponents make in favor of mobile wallet is that it takes about 12 hours for a person to notice his/her lost or stolen credit card but it takes only about an hour to realize that you have lost your phone. Mobile wallet looks secure on paper but so did magstripe cards in the beginning. Mobile Wallet is not without its security challenges. Since the card information can be accessed by wireless RFID readers, sniffing card information during the transaction is a possibility. The current marketplace for mobile wallet applications could possibly favor speed to market over security at first. When (not if) security flaws are revealed and exploited, there will no doubt be a need to put an emphasis on security no matter who controls the application on the mobile wallet. The new form-factor can go either way on the potential for fraud. While the security of using a phone to store personal information may be healthier than a mag-stripe, it may depend on the phone and the application itself.
For full article, visit: PaymentSolutionsBlog.com
