How to use mobile pay securely while keeping hackers away
Digital payments are on the rise. In fact, they’re skyrocketing. And if you haven’t exactly jumped on the bandwagon as a business owner, manager, or consumer—you’ll likely be taking the leap soon. Consider this: An in-depth report by BI Intelligence predicts the in-store mobile payment volume of the major wallets (like Apple Pay, Android Pay, and Samsung Pay) will reach $503 billion in the U.S. over the next couple of years. That’s a compound annual growth rate of 80% between 2015 and 2020.
Step outside the U.S. and the numbers are even more astounding. A recent study by Capgemini and BNP Paribas found that digital payments are expected to hit a whopping 726 billion globally by 2020. China, for example, is leading the way with mobile payment apps like WeChat Pay and Alipay, and saw the volume of mobile payment systems more than double to $5 trillion in 2016. Digital payments are so entrenched in the culture, that even popular tourist areas for the Chinese are having to adapt, including Japan and Hong Kong.
The state of security for small and medium-sized businesses
Get expert advice on protecting your business from cyber threats.Get the free e-book
And it’s no mystery why mobile payment processing is so popular. Here are just a few of the benefits:
- Convenience. No cash or cards are required. Everything is digital.
- Speed. Transactions are completed in seconds. There’s no need to swipe credit cards, provide change, or even provide paper receipts.
- Better budgeting. Since all transactions are digital, it’s easy to track purchases, spending, etc.
- Safety. If cash is stolen, it’s gone. With digital pay, it’s easy to block the mobile wallet remotely to cut down on theft.
- Discounts. Gone are the days of punch cards and coupon clipping. Integrated loyalty programs benefit consumers and businesses alike since they can be stored within the mobile wallet. Coupons, delivery updates, card balances, reminders about an offer’s expiration date—it’s all at your fingertips—keeping business connected to customers.
- Valuable data. Digital purchases deliver a wealth of valuable information about customers—information businesses can use to improve the customer experience, while giving deeper insights into their shopping behaviors, patterns, etc.
The perks are undeniable. But in the days of high-profile phishing schemes and hackings, is there really a way for smaller businesses to mitigate risk to themselves and their customers in an increasingly digital world? Consider the fact the average amount an enterprise in North America shelled out for a breach was $1.3 million in 2017, while small and medium business owners paid about $117,000 on average, according to a 2017 report. So, what can businesses do to ramp up cyber security while providing customers with digital payment options?
The key is updated technology.
Whether you want to receive mobile payments, or let your customers pay with Bitcoin, your business will obviously need to have new hardware, like terminals and phones that support Near Field Communication (NFC), plus a great internet connection, and—most importantly—an updated and secure infrastructure. A critical part of this step is choosing an enterprise-grade threat solution that delivers trustworthy and tested protection for your business’ digital environment. It should provide:
- Automatic updates. WeChat, with nearly 900 million users, was hacked in 2015 via a security flaw that was later patched. To prevent this from happening to your business and, in turn, your customers, make sure that all the software your company uses keeps you constantly up to date on the latest security fixes, patches, and improvements, as well as the newest features and tools.
- Rich insights into the latest threats. Criminals are continually targeting customers with phony emails designed to look like those of legitimate businesses—like the case with the PayPal phishing scams that seem to happen year after year. They send a very real looking “PayPal” email to users in an attempt to steal valuable information. To avoid this as a business, it’s important to have technology that lets you: know about threats from a dashboard, tracks phishing or malware campaigns aimed at your customers, and searches for threat indicators from user reports and other intelligence sources.
- Transparency and control. Back in 2016, a couple of hackers stole the phone numbers, email addresses, and names of nearly 60 million Uber users, as well as their drivers. How? They lifted the info through a third-party, cloud-based service, and then used it to access information in an Amazon server. It’s not an uncommon method. In fact, more than one-third of global data breaches involve third-party organizations, such as outsourcers, contractors, consultants or business partners. Lesson learned: Total control of your data is essential for managing security. Insist on having thorough access controls to give you the power over who can dig through your data. But be aware, accidental threats from within your company are a serious concern and can be costly, as well. To prevent accidents, your cloud provider should offer data loss prevention (DLP) technology that minimizes the risk of data leaks.
What ways are businesses making the actual checkout process more secure? Simply making the leap to mobile pay has its benefits. Here are a couple:
Your outdated POS system will get the boot. A 2016 report found that point-of-sale breaches are among the most common types of cyber-attacks. One benefit of deciding to accept mobile pay is that you’ll probably have to update that old POS system with one that supports NFC technology. It not only makes for a slicker checkout process, but updating your POS software also makes it less vulnerable than legacy software, which may no longer be supported with the latest security updates.
You get two layers of protection. Since new NFC devices will, no doubt, be EMV-ready, you get two for the price of when it comes to upping your safety measures. EMV “chip cards” are more secure than cards with magnetic strips, making it almost impossible for criminals to copy credit card data. And NFC-enabled mobile wallets, as discussed earlier, add an extra layer of protection against fraud. They use tokenization, which means the actual card number is never transmitted, only random numbers (tokens) are, which protects your customers’ information.
Long story short: There’s a lot of time, money, and data to be gained—and lost—with mobile payment. But as long as businesses protect themselves with the right tools, and stay ahead of the game, it’s a virtual win-win for everyone.