The general message from the speakers is that awareness will be critical to smartphone payments adoption and success.
According to Money 2020 speaker David Abouchar, the senior director of product management at the online and mobile security firm called ControlScan, fraud is among the top barriers to the adoption of smartphone based payments and wallets.
According to Abouchar, there are 10 billion acts of fraud on an annual basis.
David Abouchar underscored the following important points regarding fraud and mobile security:
• What merchants understand of the payment card industry (PCI) is that the company manages the data. Essentially it is responsible for the flow and the selector of the provider that will be used like their server.
• Bad passwords are still being used, such as 123 or the word “password”.
• Scripting and sequel interjections, which are the leading cause for compromise. Many web designers are simply not building sites that are truly secure.
It was pointed out that payments, online, and mobile security awareness training are greatly needed.
Abouchar stated that it is the human element that provides the weakest link in the online and mobile security chain. There is social engineering currently in place, acting like a “good guy” hacker that is trying to break into sites. These are the individuals who try to explore different areas that could identify the weak points and vulnerabilities for their clients. These teams also break into physical locations, such as offices, to prove that it is possible to gather physical information, such as contact lists.
The issue of mobile security was further highlighted by Siva Narendra, the CEO of Tyfone. He stated that 90 percent of passwords currently being used are vulnerable. This is particularly true of mobile security as smartphones log on to cloud servers, meaning that all of our sensitive data is stored in the cloud. This has caused the smartphone payments environment to be nicknamed the “wild west”. Hackers are already scoring billions of passwords, but the hope is that the elimination of the request and response system, which will soon be occurring, will help to solve a considerable hacking algorithm, the so-called tsunami of hack schemes. Among possible new solutions to this issue could be to have a phone log in with a password, to which the cloud response, and then the user must confirm.
Check back tomorrow for the next day’s update from the Money 2020 event in Las Vegas.