CNP Expo: Putting Mobile in the Driver’s Seat
May 21, 2014
CardNotPresent.com Editor-in-Chief DJ Murphy began an afternoon discussion of mobile security at the CNP Expo by citing a UN study that says there are 6.9 billion subscriptions globally. So the odds are good that your customers will eventually come to you from a mobile device, whether through your mobile app, your website, or from a click-through on an email.
But there are several challenges from a security standpoint. CEO Siva Narendra of Tyfone, a mobile cybersecurity company, noted that “mobile goes hand-in-hand with cloud, meaning you are accessing private cloud info on public networks. The speed of mobile also presents a problem because the transaction usually is faster than real-time fraud prevention analytics.” Rich Stuppy of Kount agreed, and added that another challenge is the risk of losing the device itself, which could give a thief access to all of your secure information.
The lone merchant on the panel, Mark deCausmeaker of REEDS Jewelers, noted that “retailers are concerned with reducing friction and optimizing customer experience, so they are trying to ask for as little authentication as possible, but that makes it easier for scammers to get through.” From that perspective, mobile wallet apps are more appealing than individual store sites. That way, customers who may not be familiar with your brand can make a purchase without having to give you their personal data.
Narendra and Stuppy both recommended that a complete approach to mobile protection requires a layered approach of tools and methods that both prevent fraud and provide security.
All three panelists were down on biometrics as a mobile security solution. Stuppy’s main objection is that “unlike a password, fingerprints cannot be reset,” so once a data center storing biometric information is breached, the consumer has no real recourse. DeCausmeaker agreed, adding, “If you’re the merchant who put someone’s biometric data at risk, it’s tough to come back from that.”