Mobile Payment Security: What Your Customers Need to Know
The digital direction of payments presents both a challenge and an opportunity for mobile product owners and developers. People expect a flawlessly secure and user-friendly experience when they conduct financial transactions using a mobile app.
Cash may still be the most secure form of money exchange, but only 9% of cyber security pros said they actually prefer to pay with old-fashioned bills, according to a survey from ISACA, a nonprofit cybersecurity group. For accessible financial services anytime, anywhere, mobile customers are making the tradeoff.
An American Bankers Association (ABA) survey found that 21% of consumers have used a mobile app to make a payment, but only 11% actually trust alternative payment providers to protect their money and personal information.
With enhancements being developed faster than ever in the mobile payment industry, here are some tips for keeping your customers’ data secure on mobile and making sure they understand that their digital safety matters to you.
1. Don’t keep data longer than necessary
The major concern for most mobile users is that they have no control over where their data may end up. Are they sharing it just with your app or are they sharing it with third parties? How strong are those third parties’ data security protocols? These are the questions that consumers are beginning to think through more carefully.
If you’re storing data on the customer’s mobile device, be sure to protect it properly with encryption, especially if some of the data you’ll be storing on the device includes the customer’s personal information.
A few years back, white hat hackers uncovered that one of the most popular apps for mobile payment aficionados was storing personal information in clear text that could be easily accessed. Luckily, that problem was fixed swiftly after it was uncovered, but the lesson is a good one for any app creator — store your customers’ data in a secure way.
The free-to-use platform, founded in 2009 as a payment system through text message, has since worked to make “significant” progress in this area and promises to credit money back into a customer’s account if notified within two business days.
“If customers don’t feel like they’re secure they won’t use the application,” said James Wester, a mobile payments analyst at IDC. According to PayPal, Venmo grew person-to-person payments by 213% in 2015—totaling $7.5 billion—which makes up 18% of PayPal’s total person-to-person payment volume.
Being clear about your data security policy is often a requirement of many compliance and risk management certifications.
The Spendbook app, popular among budget-conscious consumers, requires users to re-input their personal login every time they use it—a feature designed to further prevent the loss of personal financial information.
3. Use strong authentication
A Hong Kong-based center for computer security uncovered a massive issue this fall with a protocol originally designed to serve the authorization need for 3rd party websites. The issue lay with OAuth 2.0, a standard that lets users use Google or Facebook accounts to verify their logins.
The vulnerability presented a method for hackers to use an app to sign in without the user’s knowledge. In an attempt to make signing up and logging in easier for users by allowing them to make use of existing Google or Facebook accounts, vulnerabilities were created.
Be sure your authentication protocols are strong and monitored often for implementation flaws.
4. Listen to your customers, even after you’ve launched
Closely monitor your customer feedback to track for any common issues that may point to vulnerabilities. Stay on top of release schedules and new versions of your security libraries so you can make updates often and early.
The average data breach cost $4 million in 2016, according to the most recent IBM Cost of Data Breach Study. That’s a big price to pay when compared to the cost of maintaining your vigilance and updating your security standards after the launch.
Fintech’s fast pace pushes developers to be as proactive as possible in their efforts to meet evolving security demands. If your mobile fintech app is making you money, investing a small portion of that into upkeep is absolutely necessary.