The European Central Bank (ECB) has warned that mobile payment technology currently used by smartphone operating systems represent a security risk as customers increasingly adopt mobile payments for their day to day purchases.
As previously reported, mobile phone payments are growing rapidly as smartphone technology becomes more widely available and as consumer trust in the product expands. The use of Near Field Communication (NFC) within smartphones enables the user to “tap and pay” for their shopping, by simply holding their NFC enabled smartphone within range of the retailer’s NFC payment receiver without them entering a pin. In the UK, customers can pay for goods up to the total value of £20, but are able to make multiple mobile payments per day – they may be randomly required to enter their pin number as a security measure.
The ECB highlighted a number of challenges which need to be addressed in order to improve the security of transactions:
“Although recently introduced types of mobile payments are still at an early stage of development and deployment, the use of mobile technology for payments may result in additional security exposures attributable to the fact that […] the current generation of mobile devices and their operating systems were generally not designed with the security of payments in mind.”
Other factors include the use of wireless technology to transmit “sensitive payment and personal data”, exposing mobile payments to greater risks than traditional methods, while the public may be “less aware” of risks compared with making internet payments from desktop PCs or laptops. [See related post]
The ECB has set out 14 draft recommendations for payment service providers to follow. The consultation is part of work undertaken by the European Forum on the Security of Retail Payments. The ECB invites feedback on the mobile payment consultation by January 2014, with service providers expected to meet recommendations by 2017.
See the ECB’s draft recommendations here.
Source: ECB Press Release
