- Identifying, assessing and mitigating the specific risks associated with providing mobile payment services.
- Using strong customer authentication and registration controls.
- Implementing a robust data protection mechanism to protect sensitive data wherever it is transmitted, processed or stored.
- Implementing secure processes for authorising transactions, as well as robust processes for monitoring transactions and systems
- Engaging in enhancing customer understanding and providing information on security issues related to the use of mobile payment services with a view to enabling customers to use such services in a safe and secure manner.
December 3, 2013 by Leave a Comment
Improving Security of Mobile Payments
A couple of weeks ago the European Central Bank (ECB) published a draft document for public consultation on Recommendations for Security on Mobile Payments. These recommendations were developed by the European Forum on the Security of Retail Payments, SecuRe Pay. This document follows similar recommendations for internet payments, and for payment account access services. Creation of standards and guidelines around payments is always a good thing, and that applies to security in mobile payments. However, the ECB is careful not to “set specific security of technical solutions. Nor does it redefine, or suggest amendments to, existing industry technical standards.” In my view, this is absolutely correct – mobile payments remains an incredibly diverse and rapidly developing landscape, and to attempt to impose specific security requirements on all of them would be a mistake. Instead, ECB focuses on five guiding principles for mobile payment service providers: