Over the past few years, mobile payments– defined as the execution of banking services and payment transactions using a mobile device-has witnessed tremendous uptake globally. According to industry analysts, the service had a relatively slow start, in particular, between 2000 and 2005. During this period, the scope of mobile payments was severely limited, especially in terms of the services offered-i.e. merchant payments and P2P transfers security.

Since then, however, the service has come a long way and today all significant banks offer mobile payments. In fact, one of the factors boosting the uptake of this service is the rapid proliferation of smartphones and tablets. To illustrate, according to Juniper Research, the total number of customers availing of mobile banking services stood at 0.8 billion globally in 2014. This is expected to reach 1.8 billion people by 2019, according to Juniper Research and KPMG analysis.

In a nutshell, while there is little doubt that mobile payments is the norm today, lingering concerns, especially around security, remain. Mobile security is, needless to say, a priority for any financial institution or a consumer offering or availing mobile banking services. For the customer, executing a transaction in a secure manner is a priority. Similarly, for the mobile payments service provider, ensuring the data stored in the system is secure and thus, the transaction is executed in a secure manner.

What is Mobile payments security

Step to security

The first step any financial institution ought to take in this regard is deploying a robust service security framework at the mobile payment gateways. This is expected to eliminate mobile banking frauds and help gain customer trust in mobile wallet security framework. Typically, these players adopt a four-pronged approach to mobile payments security, focusing on the systems, the access platforms, the transaction itself and the application.

The first aspect-system security-broadly includes measures such as access abstraction and 3DES encryption. Access security largely entails the best practices for PIN and password management, deploying a two-factor authentication method and masking critical data with the latest robust technologies. Transaction security for online bill payments may refer to measures such as maintaining a separate PIN for all transactions, OTP-based authorization and PKI and MSISDN monitoring. Lastly, application security typically includes adherence to AML requirements, tokenization, configurable KYC processes, anti-phishing measures and the Maker-Checker Principle.

Meanwhile, as per industry experts, other measures that can be taken include; using official applications, avoiding using public Wi-Fi networks for any banking transaction, using a reliable mobile security application and not storing any banking-related information on one’s handset.

Net, net adoption of any mobile payments service would largely depend on two factors; how secure the solution actually is and educating the audience. The customer ought to be confident that they can carry out any transaction securely. Only then will the uptake of mobile banking increase exponentially.



Mahindra Comviva is the global leader of mobility solutions catering to The Business of Tomorrows. The company is a subsidiary of Tech Mahindra and a part of the $17.8 billion Mahindra Group. Its extensive...