A recent study by IIM Bangalore identified serious worries over smartphone based payment services.
At a time when smartphones are essentially ubiquitous and digital wallets are picking up in popularity, mobile payment security concerns persist. According to a recent study, worries over risks of privacy and security continue to be problematic.
Among the main issues appears to be the lack of global consistency in terms of mobile security standards.
A study conducted by the Center for Software and IT Management at Indian Institute of Management, Bangalore revealed some of the top mobile payment security concerns in the Indian ecosystem. The research also placed a number of questions about security and privacy in the spotlight.
CSITM chairperson Prof. Rahul De explained that “We conducted experiments with five popular mobile payment systems, in four broad categories – wallets (PayTM, FreeCharge), direct link with user’s bank (BHIM), specific bank’s app for account holders (iMobile by ICICI Bank), and basic USSD service (dialing *99#).” Professor De is also among the Decision Sciences and Information Systems faculty at IIM Bangalore.
The study looked into six of the main mobile payment security concerns affecting the marketplace.
That research combined those concerns with six basic security principles that brought together the RBI norms for electronic banking transactions with the Besel Committee’s Risk Management Principles for Electronic Banking.
The six principles used in the study included:
• Transaction management for subsequent repudiation
• Confidentiality breach risk
• Accessibility and availability of services
• Authentication process strength
• Data and transaction integrity procedures
• Customer information privacy maintenance procedures
Professor De said the study identified a range of different serious privacy concerns in every one of the mobile wallets included in the study. For example, several of the mobile applications, such as Freecharge, have no direct link between their wallets and third party vendors like BigBasket and Uber. On the other hand, other applications like PayTM automatically link with vendors, making it possible for them to charge and deduct certain amounts of money without the user’s explicit consent. Professor De also pointed out that there were many types of mobile payment security concerns in terms of confidentiality breaches among every studied method except for USSD.