The Risks of Mobile Payment Applications

Amongst the plethora of new generation applications for smart phones, such as the Iphone and HTC, are a select group of apps that allow you to process payments. These apps allow you to process payments from customers or clients on the go, usually requiring an ancillary device to swipe the card.

The director of security firm SecurityMetrics, which simplifies compliance for Payment Card Industry Data Security Standards, Gary Glover, was reportedly of the opinion that these apps are risky, especially for small business users. When used across a wireless network that may is not a dedicated network, there is the risk of data interception because there is no firewall protecting the data being transmitted. As of June 24th 2011, the PCI Standards Council reported that any mobile payment application on consumer devices (smartphones, pdas, etc) would require further review to see if it they meet the standards set by the PCI.

Although the peripheral hardware can be secure, it is the actual processing of payments on the phone that raises most concern. In part a cause for concern is the rapidly evolving nature of mobile phones, which makes it hard to establish standards for payments on mobile phones.

However, this is not to say that mobile phones cannot reach the standards set by the PCI, just that it is currently difficult to ascertain whether they do in fact comply with the standards.

If you’re considering using a mobile payment system, then it is worth considering the following:

• Use applications from reputable companies
• Stay abreast of the acts of the PCI council for creating a vetting procedure and exercise your own sense of judgment to evaluate an application
• Only allow employees to use the application on designated business phones, rather than allowing them to use their own smartphones to process payments.

Currently, traditional store-based payment methods should be preferred, but the potential of mobile payment applications should not be underestimated.