The mobile payment landscape is more complex than gift card technology; however, this is a good example of how using what we already know about protecting consumers and consumer data can help security professionals see the process from an operational perspective and determine the best way to move forward. In this case, the standards set in place by the Payment Card Industry (PCI) Security Standards Council ensure the safe handling of cardholder information, and much of that policy can be mapped on to mobile payment technologies or altered to enhance security surrounding those transactions.
The Path to Secure Mobile Transactions
Security teams can add value in the run-up to full adoption of mobile technologies by making recommendations to improve processes in other departments; while simultaneously addressing the unease that accompanies new technology by identifying potential pitfalls and addressing concerns early.
The following steps can be taken to ensure security teams are fully engaged and the entire organization is prepared to meet the challenges associated with a transition to mobile payments:
1. Identify operational vulnerabilities. According to the KPMG study, “Companies recognize that any new solution must be at least as convenient as any existing payment solution in consumers’ hands today, and must eventually be as broadly accepted as extant solutions.”
To lay the foundation for seamless integration and a positive customer experience with mobile technology, work across teams and departments to review processes around point of sale, returns and other customer-facing interactions, as well as back-office procedures. This will help reveal processes that are susceptible to breakdown.
Anything that is an issue now is likely to be an even greater risk once mobile payments are introduced, and identifying them early can greatly reduce the need for mitigation and time spent managing exceptions later.
2. Train employees. Training is imperative to ensure that any process is carried out consistently. In the course of identifying processes that are susceptible to breakdown, opportunities for training will become evident. In addition to training employees on new processes and unfamiliar devices associated with new mobile technologies such as mobile payments, time should be spent educating staff on how data is handled on those devices, how to secure them, and why it is essential to do so.
3. Educate the public. According to Juniper Research’s report, Mobile Payments Strategies: NFC, Remote Purchases & Money Transfer 2012-2017, consumer awareness of near field communication (NFC) — the technology that makes purchasing a product with the wave of an iPhone possible — is “extremely low.” In laying the groundwork for adoption, it is essential that communication to consumers be considered.
Resistance that results from fear associated with something “new and unknown” will be experienced both inside and outside of the organization — address it early and communicate clearly.
Consumers want to know mobile technologies are secure. If data is encrypted, tell them. Further, customers too often use weak passwords that fail to secure their devices. Fear of a lost or stolen unsecured device can be a powerful deterrent to adopting the mobile payment options available.
4. Identify fraud mitigation tools that will benefit your operation. As with any monetary transaction, it is crucial that the retailer using mobile payments have the means to mitigate fraud and prevent shrink.
A variety of fraud mitigation tools are available, including: online purchase authentication, transaction verification, IP geolocation, device fingerprinting and automated transaction scoring. Work with other departments to determine your organization’s need and do the research to ensure every possible measure is in place for a secure shopping experience.
The advancement of mobile technologies is happening at a speed that outpaces our ability to identify and prepare for every challenge. In the face of this, security teams cannot afford to be an impediment to adoption.
On the contrary, by getting involved early, security can help retailers meet those challenges and craft strategies that will ensure a secure shopping experience as newer and more advanced technologies continue to enter the market.
Andrew Wren serves as chief executive officer of Wren Solutions, a loss prevention technology provider helping leading retailers reduce loss and increase profits. Wren is responsible for corporate and product strategy, leveraging his more than two decades of security technology expertise. To learn more about Wren Solutions, visit www.wrensolutions.com.