Increasing Use of Digital Payment Technologies Generates New Security Concerns
Smartphones are quickly becoming choice for conducting financial transactions via digital payment technologies. As a result, they’re a growing target by malware producers — who are increasing their efforts to steal funds from users through Apple Pay, Google Wallet, Samsung Pay and similar mobile payment systems.
As companies use digital payment technologies to pay vendors, it is critical that they employ the right security measures.
Why Business Need to Be Concerned
Breaches to mobile payment systems was cited as the number-one cybersecurity concern facing CIOs and CISOs this year, according to Carl Leonard, principal security analyst at Websense and author of the company’s 2016 predictions report. Leonard notes three prime areas where hackers are focusing their attention: newly introduced infrastructure, new payment methodologies and mobile wallets.
Once attackers figure out how to steal from a digital wallet, they’ll continue look for bigger sources of “income,” Leonard points out. In light of how ubiquitous bring your own device (BYOD) policies have become, smartphones are also increasingly used to infiltrate and compromise the corporate network.
Fifty-eight percent of respondents used their mobile phone to make an online purchase in 2015, according to Mobile Payments Today. This year, total mobile payment transactions are projected to reach $27.05 billion, according to eMarketer.
The Security Factors Companies Should Consider
With the use of digital payment technologies and cryptocurrencies like bitcoin clearly on the rise, businesses need to deploy certain security measures to stay on the defense. This includes encrypting and tokenizing all data behind the firewall and storing the keys in a different location. Tokenization replaces a customer’s credit card number with a unique number, called a token, which is generated every time a transaction is made.
If a company is using Apple Pay, for example, the system takes pictures of the relevant credit cards used and uploads them into a person’s mobile wallet. Whenever Apple Pay is used to make a purchase, the transaction is done with a token generated behind the scenes to effectively make a purchase more secure, executives from Fifth Third Bank told Smart Business.
Although it sounds obvious, companies must also stay on top of patching and securing databases, placing them behind firewalls and only giving select employees access, Russell Glass, head of marketing products for LinkedIn, told Digital Guardian.
Yet, while consumers believe the companies they do business with will protect their personal data, this isn’t always the case. Almost 90 percent of firms that experienced a data breach in 2010 were not in compliance with the Payment Card Industry Data Security Standard (PCI-DSS), according to the 2011 Data Breach Investigations study by Verizon and the U.S. Secret Service Agency.
The SaaS Approach
To deal with these security concerns, businesses and their CPOs should consider deploying a digital payment platform that can run on top of existing services you may use to procure company devices, and integrate into smartphones, websites, mobile sites, smartphone apps and call center tools. This approach ensures consistent digital payments across all devices to payment providers worldwide, as well as PCI compliance. It also eliminates installation and maintenance costs.
When you consider that Apple Pay is growing by one million users a week and seeing five times the transaction volume of a year ago, there’s little doubt that momentum for digital payment technologies is on the rise. It’s important that businesses make security synonymous with digital payment.