Out-Law News 2 min. read
28 Sep 2015, 5:10 pm
An overwhelming majority of the 900 cyber security experts surveyed by ISACA as part of its research expected an increase in data breaches related to mobile payments over the next 12 months. However, almost half of them had used a mobile payment platform since the start of 2015 according to ISACA, which acts as a professional and certification body for over 140,000 IT professionals across 180 countries.
Similarly, ISACA's research found near-universal support for cash as the most secure payment method, with 89% of the response. However, only 9% of those surveyed preferred to make payments in cash.
John Pironti, a risk adviser at ISACA, said that the research findings showed that mobile payments were becoming "the latest frontier for the choice we make to balance security and privacy risk and convenience".
"ISACA members, who are some of the most cyber aware professionals in the world, are using mobile payments while simultaneously identifying and contemplating their potential security risks," he said. "This shows that fear of identity theft or a data breach is not slowing down adoption - and it shouldn't - as long as risk is properly managed and effective and appropriate security features are in place."
The biggest potential vulnerability highlighted by survey respondents was the use of public Wi-Fi on a payment-enabled device, suggested by 26% of respondents. Loss or theft of devices and phishing, or 'smishing' via SMS, also ranked highly among 21% and 18% of respondents respectively. Only 13% of respondents suggested that weak passwords were the biggest potential security issue.
The majority, or 66%, of respondents said that the use of two-factor authentication on mobile devices, requiring users to confirm their identity via at least two methods, was the most important action that consumers could take to improve the security of their mobile payments. Only 18% said that requiring a short-term authentication code was the most efficient way of boosting security, while only 6% suggested that consumers should install a separate phone-based security application.
ISACA also asked respondents about what should be done to boost cyber security awareness among children and younger consumers. Responses suggested that children should be taught about the importance of mobile device security before the age of 13, and should not own a mobile device until they were aged between 14 and 17. Adults should enable PINs or passwords on their children's smartphones, according to 72% of respondents, while over half also suggested the use of parental control software, enabling a remote 'wipe' function and installing general mobile security software.
The UK intends to implement new internet payment security guidelines, developed by the European Banking Authority (EBA), alongside reforms to EU payments laws set out in the revised Payment Services Directive (PSD2). UK-based payment service providers will, however, have to comply with them in relation to customers located elsewhere in the EU. The new guidelines do not apply specifically to mobile payments, but set minimum security requirements for EU-based payment service providers.
