May 27, 2015
Think about some of the best payment experiences you have had in mobile payments. I’m sure Starbucks is one of them. The implementation of the Starbucks app is an illustration of the critical decisions that businesses have to take when it comes to convenience over security. A vulnerability was pointed out last year and became very evident recently.
Let's talk about Touch ID. The ability to quickly touch a finger on the button and take an action that is relatively hard (not impossible) for someone else to replicate provides enough assurance to the average consumer that it's good enough. Neither Apple nor the banks supporting Apple Pay pitch it as more secure, but consumers might have understandably assumed that to be the case. Note that Apple requires the actual (alphanumeric) password to be entered when the phone is turned off and on. This mis-assumption of Touch ID security does not cost the consumer anything because the banks offer zero liability protection as a historical cost of doing business.
Moving back to mobile payments, let's look at what's already possible with smart mashups of readily available data and resources. One such example is device fingerprinting. It's good, but not good enough because devices can be lost or stolen. How about IDs without a form factor? Those are also good, but need to cut across entities (banks and merchants). What's required is a multilayered approach to identity, a network approach that builds on all of the above ideas and is continuously enhanced with information curated from various sources, creating a digital signature hat gets better over time and with use.
If you want to learn more about this topic, you should read a detailed assessment that we did a few months ago on companies leading the way in fraud and authentication. It's one of our LTP9 Leaderboards that highlight the leading companies in a particular sector. For example, Validity Inc. is a company that offers fingerprint sensor solutions for authentication, mobile payment and touch-based navigation systems. Validity’s fingerprint sensor solutions offer high levels of performance & security and focus on mobile payment transactions & cloud-based services.
Payfone is another company that operates in the segment of fraud and authentication. The company’s recently introduced Identity Certainty service is based on SIM card security and aims to extend the protocols leveraged by mobile network operators (MNOs) to financial institutions, enterprises and other entities.
According to Analyst Jordan McKee of 451 Research, Payfone believes that by harnessing the inherent identity capabilities built into the mobile networks, it can help businesses validate their customers more quickly and accurately than ever before.
Payfone Signature is a deterministic trusted mobile identity that is known to be very secure. Through relationships with tier 1 mobile network operators (MNOs), Payfone Signature leverages data directly from MNOs to permanently bind, verify and subscribe to mobile identity at the account level. According to the report from 451 Research, Payfone’s Signature can be utilized for various mobile authentication processes between the bank and its customer, including wallet provisioning, account access through mobile phones, m-commerce transactions and account maintenance.
It is important for financial institutions and payment companies to mitigate fraud risks, enhance security and build trust. A LTP survey is being conducted in partnership with Payfone to understand the voice of the readers as it relates to payments security and authentication.