Mobile payments technology, which enables organizations of any size to conduct immediate business transactions from almost anywhere, is a hot topic right now. And it’s only going to get hotter.
According to “Mobile Payments: 2010 to 2014,” a March 2010 report by digital media research and consulting firm Generator Research, the worldwide market for mobile payments will grow to $633.4 billion by 2014. The report also predicts that mobile payments users will grow 600 percent, to 490 million, by the same year.
When evaluating any type of mobile payments product or service for your retail or transaction-based operation, security and compliance are vital considerations. PCI DSS (Payment Card Industry Data Security Standard) was created to increase controls surrounding credit card payments, and PA-DSS (Payment Application Data Security Standard) is a global security standard created to provide the definitive data standard for software vendors that develop payment applications.
Consumers are becoming increasingly aware of standards and regulations, and have expectations of absolute security when making mobile purchases. At the same time, mobile viruses are becoming more prevalent as the intelligence on mobile devices increases. Data safety is critical.
So, when starting your search for a mobile payments solution to add to your operation, put at the top of your list the vendors placing the highest priority on security and credit card regulation compliance. And be aware that “secure” could mean different things to different providers.
Not all mobile payments solutions are created equal, because there’s an important distinction between software- and hardware-level data encryption. Security should start with the hardware: the small card swipe device, or reader. Some mobile payments solutions do not encrypt data when the credit card is swiped. Instead, they rely solely on software for that critical function. These software-only encryption solutions are neither reliable nor safe.
Any hardware that’s plugged into the audio jack of a mobile phone should have encryption capabilities to help ensure that credit card numbers and other confidential transaction data are not stolen. But that’s not to say that software-based encryption is not important. It is, because it helps ensure that a keystroke-logging virus isn’t transmitting credit card numbers.
Secure mobile payments solutions offer both hardware and software security features. Some smaller mobile payments software shops create their products without a full picture of the payments process. And, their lack of payments knowledge could result in vulnerabilities for your confidential data.
Make sure your provider is a payments expert, and the mobile payments product the vendor offers is end-to-end encrypted, meaning cardholder data is rendered unreadable using complex algorithms at the exact moment of credit card acceptance.
Mobile payments solutions that encrypt at both the hardware and software level make it virtually impossible for someone to install malicious applications that record keystrokes and electronically skim and transmit card numbers.
Bottom line: While mobile payments technology is a hot trend — expanding sales channels by helping businesses meet customers wherever they are — don’t put your reputation or your customers’ credit card accounts at risk. If a vendor’s system doesn’t focus on all aspects of payment security, regardless of what point-of-sale (POS) device they use, the security solution may not be as secure as you expected.
Rick Stanford is senior vice president of Sage Payment Solutions.