If there is one constant in the history of technological advancement, it’s that every great innovation will inevitably be met with unfounded claims of danger and calamity. When the first public railway opened in Northeast England in 1825, some warned that the then-amazing speed of the train would damage or even melt the human body. More recently, the spread of Wi-Fi has led to many baseless warnings about “electrosensitivity” and other supposed perils.
And now it seems to be mobile payments’ turn.
No doubt because of the growing adoption of mobile payments, over recent months there has been an apparent uptick in the number of stories claiming that the technology presents a security risk to consumers.
According to this piece in Infoworld late last month, shoppers should “think twice” before using mobile payment apps like Apple Pay, and if they go ahead and do use their phones to pay should realize “they are opting for the convenience of on-the-go payments over the security imparted by traditional methods like cash or checks.”
Meanwhile, an earlier article on a lesser-known site called IT Pro Portal tries to make the case that – according to the headline – “mobile payments are still fundamentally insecure.”
Both articles are sourced by businesses selling competing technologies, or security-related services that require a sense of insecurity in order to be sold. While we are not in the business of ruining other companies’ PR, we feel that tactics like these are quite unfair to not only us, but to the broader m-payments industry as well.
In defense of the news sites, we do believe in their good intention to caution the public about a perceived threat. However, given the inaccuracies, wild conflations and unfounded claims permeating the sources of these pieces, we cannot in good conscience avoid pointing out that better research, instead of relying on a single source, would have been needed before ringing a false alarm.
As far as conflations go, the InfoWorld article erroneously names Apple Pay as an app that users might want to avoid, even though the underlying study focused on “peer-to-peer (P2P) payment apps” and “one-click merchant apps”. These are categories that are very distinct from NFC wallets such as Apple Pay, Android Pay etc.
But an even greater flaw is these articles’ failure to offer much in the way of specifics, and their reliance instead on the broadest of generalizations about mobile payments products and the m-payment industry as a whole. Specifically, the study referenced in InfoWorld was carried out on five apps on both iOS and Android, a sample size that, to say the least, does not justify sweeping conclusions. Meanwhile the, shall we say, opinion piece on IT Pro Portal (whose author happens to sell card products) presents literally zero facts in support of its claims.
More to the point, these and similar pieces fail to address what any impartial observer would likely see as the three key questions about mobile payment security: 1) Have there actually been any major security issues with mobile payments; 2) How are firms in the space responding to the security challenge; and 3) how secure are mobile payments compared to other forms of payment, both electronic and otherwise?
On the first question, there is no data to indicate any significant problem with mobile payments services, at least involving security weaknesses in the services themselves. (There was one report earlier this year indicating that for some retailers in the US fraud rates involving mobile payments outstripped corresponding rates for other types of transactions, but this tended to involve fraudsters using mobile devices to exploit stolen card details obtained via hacks of “traditional” card payment systems.)
Second, while there are undeniably some mobile payment players that focus more on creating fancy solutions than air-tight security, it is folly to dismiss an entire industry based on a few examples. In fact, it is almost impossible to overestimate the resources being put into security in the mobile payments space, where even smaller firms like Cellum are devoting millions of dollars and thousands of man-hours to the challenge, in some cases (like Cellum’s) to protect a 100% record of zero fraud or chargebacks. Of course, this effort does not guarantee that the fraudsters working 24/7 to hack or take advantage of every form of electronic payment won’t occasionally be successful; instead, it means that the firms leading development in the area know all too well that there is no security silver bullet, and that they must act accordingly.
Last but not least is the question of whether successive generations of mobile payment apps are likely to be more or less secure than cards, cash and other forms of payment. And here, finally, there seems to be reason for fear – but not about mobile payments.