2016 Prediction #8: Rapid Adoption of Mobile Payments will Accelerate Cybersecurity Threats

Joerg Sieber


This is the eighth in our series of cybersecurity predictions for 2016. Stay tuned for more through the end of the year.

Top-10-Predictions-Banner

Mobile payments are quickly changing the way the world pays for products and services. We’ve been talking about this for years, but the train is now leaving the station. And you’d better be on it.

While increasingly common in Europe, mobile payments are only accounting for a small, but fast-growing segment of payments in the U.S. According to a study published by the Federal Reserve in August 2015, only 10 percent of financial institutions in the U.S. currently utilize mobile payments. The majority of all U.S. payment transactions in 2015 were still made with by check, credit card, and cash.

However, with organizations like Starbucks, PayPal, Amazon, Square, Google, and Apple – to name a few – supporting digital payments, we’ll increasingly see consumers and financial institutions move to mobile payments because of speed and convenience. The same study by the Federal Reserve shows that more than 50 percent of all financial institutions are planning to offer mobile payments in the 2016 to 2017 time frame.

As with all fast-growing industries, fragmentation is common in today’s digital payment industry. Multiple vendors and technologies are competing for attention and offering different ideas for where the consumer’s electronic data should reside: on a card, on a phone, or in the cloud. This opens the door for new industries to emerge, such as Trusted Service Managers (TSMs) that provide over-the-air provisioning capabilities to mobile devices. With this comes the use of cloud applications for mobile provisioning.

New processes create new security vulnerabilities, and, according to the Federal Reserve study, approximately 75 percent of all financial institutions expressed security concerns over the implementation of mobile payments. Over-the-air provisioning of payment credentials and applications, for example, creates new attack vectors for cybercriminals to steal consumer data – not only payment information but also information about the purchased merchandise itself from the cloud or individual devices. As a result, any company offering or accepting mobile payments needs a very clear understanding of exactly where and how sensitive account data is stored and transmitted, to proactively secure consumer information.

As with many technology evolutions, it is not a question of if, but when a financial institution will get on board with mobile payments. 2016 will be a year of major shift in the industry. Securing the cloud to protect mobile payment information should be a top consideration for all organizations in 2016.

Want to explore more of our top 2016 cybersecurity predictions? Register now for Ignite 2016.

Ignite 2016

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS