Security of Proximity Mobile Payments
Publication Date: May 2009
The opportunities offered by the advent of proximity mobile payments are clear; differentiated payment services, increased transaction volumes, faster transactions, increased customer convenience, operational efficiencies and the ability to increase customer loyalty through targeted gift and loyalty programs. With implementations already in place in Europe and Japan, strong consumer interest and the ability to leverage the contactless POS infrastructure already in place, NFC-enabled proximity mobile payments show much promise. But how will security be managed in an ecosystem with so many stakeholders, each managing their own unique aspect of the process? The news is good.
Both the financial and mobile industries have made much progress in defining how NFC-enabled mobile payments will take place and how financial information will be secured. Security is bolstered by the use of industry standards and by the technology supporting proximity mobile payments. Industry organizations have defined standards based approaches to ensuring that payment account information is delivered securely to the mobile phone and stored securely in the phone’s secure element.
The NFC-enabled mobile phone leverages the existing ISO/IEC 14443 standard for communicating payment information from the phone to the merchant’s POS terminal. Appropriate risk analysis of an operational model for proximity mobile payments can identify where there is potential for fraud or misuse, develop mitigation measures and assign responsibility. From the consumer’s perspective, the proximity mobile phone payment looks just like a contactless credit or debit card transaction.
Mobile phones can also leverage two-factor authentication technology to secure the payment application and information. Requiring a passcode or a fingerprint to initiate or respond to the terminal’s attempt to initiate or validate a transaction can provide the consumer with additional comfort and a sense of control over a transaction.
While implementations may vary, industry players are moving in a consistent direction. Industry organizations are working to increase ease of access, global interoperability and security of mobile payment technology to consumers. Pilot studies in the United States and implementations worldwide have tested both the technology and the mobile payments process. Proximity mobile payments technology is solid, and will serve this exciting new payment frontier well. Industry stakeholders can leverage the proven technology and a merchant infrastructure that is ready to go to take advantage of consumers’ ever-growing love of mobile technology.
About the Smart Card Alliance Payments Council
The Payments Council is one of several Smart Card Alliance technology and industry councils. The Council was formed to focus on facilitating the adoption of chip-enabled payments and payment applications in the U.S. through education programs for consumers, merchants, issuers, acquirers/processors, government regulators, mobile telecommunications providers and payments service providers. The group is bringing together payments industry stakeholders, including payments industry leaders, merchants and suppliers, and is working on projects related to implementing EMV, contactless payments, NFC-enabled payments and applications, mobile payments, and chip-enabled e-commerce. The Council’s primary goal is to inform and educate the market about the value of chip-enabled payments in improving the security of the payments infrastructure and in enhancing the value of payments and payment-related applications for industry stakeholders. Council participation is open to any Smart Card Alliance member who wishes to contribute to the Council projects.