The concern about mobile payments security

We use mobile payments more and more every day. The key of success of this new payment method lies in the ease of use of this new technology but it leaves some doubt about new threats, at the border between fraud and cyber risk.

Credit cards are undeniably the preferred payment method of French people. The latest study released in November 2016 about this subject by Harris Interactive confirms it: 98 % of people interviewed use their credit card daily, while only 6 % use smartphone payment.

However, the advent of means related to high-potential new technologies and, in particular, the development of  NFC technology (Near Field Communication), based on the RFID (radio frequency identification) can make a difference. The success of contactless payment by credit card does not contradict this and may even accelerate the end of an era atmosphere that reigns in the payment methods field.

 

Easy to use and relative safety…

Contactless payment by smartphone actually has many advantages for shopkeepers and customers: payment guarantee, free bank transfers and cost reduction for shopkeepers who do not need a credit card terminal.

Contactless payment through smartphones can be safer because the mobile application used for payment (for example, Apple Pay, Lyf Pay or even Easy Transac) offers the opportunity to master the activation of the NFC function on demand, which limits fraudulent uses.

 

What prevents fraud?

Contactless mobile payment, even if it has a brilliant future ahead, has a serious weakness. Like any connected equipment, smartphones are sensitive targets to attacks, viruses, trojan horses, malwares. Besides, NFC technology is not yet mature.

“Sniffers” are a new generation of pickpockets via contactless technology. Due to simple physical proximity (ideally in a crowded metro train) and an appropriate terminal, they “sniff” your credit card data and, without your knowing, withdraw around 20 euros. It is the same for mobiles, except that fraud mainly concerns data theft. NFC technology can allow fraudsters to obtain any type of information contained in a smartphone: contacts, SMS, emails, login information and passwords, and localisation information, among others.

Market players are already anticipating a progression in bank frauds through the generalisation of mobile payment.

 

What about liabilities?

In terms of bank fraud, consumers are protected. They have 13 months to contest any unauthorised transactions and to be refunded by their bank. The question still remains as to liabilities at the end when fraudsters cannot be identified. The bank will take its part of the risk – in collaboration with the insurer – but what about the liability of the application developer, of the smartphone manufacturer and of their insurers?

For massive frauds, the question about software and hardware weaknesses will have to be thoroughly analysed in order to determine liabilities as accurately as possible.

Mobile payment has become a subject at the crossroads of fraud and cyber risk, demanding knowledge on both subjects, both at the insurance and loss adjustment level.

Laurent MICHEL, Finance & Services Loss Adjuster