Skip to main content

FAQs & Webinar Recording - Mobile Payments: Mitigating Risks & Reducing Fraud

The move away from cash. Rising smartphone adoption. Improvements in connectivity.

These are some of the reasons that are driving consumers, merchants and financial institutions to embrace app-based retail, mobile banking and in-app payments. Behind the convenience and improved user experience, how do mobile applications work? What measures are in place to mitigate risk and reduce fraud? What certification programs are required for mobile applications?
 
If you are involved in the development of mobile payment or banking applications, or are part of an Issuer, this hour-long webinar will help you understand the intricacies of developing and implementing mobile solutions. Here are some of the questions asked during the webinar:

  1. There are some markets aggressive in adoption, and with manufacturers providing OEM-pays, and issuing banks or mobile payments software development companies having greater adoption, there are greater market forces driving payment issuance via mobile. What fraud levels are seen with mobile payment solutions?
    Due to mobile payments leveraging EMV-style transactions fraud is relatively low. There fraud is seen is with regards to mobile payments, is more at the enrollment stage when user credentials are spoofed to enroll cards and perform fraud. It is therefore vital to implement proper controls and properly identify card holders when enrolling users and digitizing their cards.
     
  2. Evaluations and assessments are key to mitigating risks - are mobile platforms themselves part of a security assessment?
    Mobile platforms are not part of the evaluation scope for mobile payments. Third-party software components used within the mobile payment solution however are part of the evaluation scope.
     
  3. Do I need to use third-party software protection tools, are there alternatives or can I build my own?
    It is possible to build third-party tools, but the expertise and expert knowledge typically required to build a software protection tool of sufficient quality is very different from what is required to develop a mobile solution.
     
  4. Security is an ongoing process, how often does security testing (or other certifications) need to be repeated?
    All schemes mandate that a security evaluation be repeated every year. The yearly evaluation is lighter than the initial security evaluation and can be completed relatively quickly.
     
  5. Time to market is always a critical factor. How long do certifications of a mobile payment (solution) typically take?
    This depends on the type of solution being certified. A composite evaluation can take about six weeks with around double that for an SDK security evaluation.
     
  6. Are there any PCI standards applicable to mobile payment solutions?
    PCI standards apply to payment acceptance solutions and not to mobile payment solutions.
     

Click here to view the recording now.