Mobile Payment Security in the News

March 30, 2015

Mobile Security Blog-01


Recently, mobile payment security has been a bit of a hot button issue. Between concerns about Apple Pay’s desire to “keep it simple” and criticism about NFC (near field communication) technology in general, it seems like everyone in the payments sphere has mobile on the mind. With Apple Pay specifically, some experts have expressed concern about the technology’s simplicity making it less secure—right now, 6% of Apple Pay purchases are made with stolen cards. Naturally, this is giving merchants and customers alike some pause. Apple Pay seems to be giving criminals another way of using cards they have already stolen since it’s fairly simple to load a new card into Apple Pay.

That said, mobile technologies like Apple Pay are generally much harder to hack. The real issues have come from the implementation rather than the technologies themselves. The stolen cards being used with Apple Pay were stolen through other means—Apple Pay has simply become the method of use, much like when someone steals a physical card and then uses it to place an online purchase.

What is comes down to is not whether or not NFC technology is secure, but whether or not the product using NFC is secure. Apple Pay is secured with tokenization, meaning that all stored information is useless to criminals if they manage to steal it. Despite any criticism Apple Pay may have received recently, Visa has stated that they believe tokenization technology itself is actually making consumers more comfortable with mobile payments. Statements like this from major credit card companies have inspired companies like Samsung to adopt the technology for themselves in their own mobile payment products.

We’re happy to see the public coming around to the notion that tokenization is the future of security for card payments. The belief that all transactions should be tokenized at the point of entry is one we’ve held for quite some time—that’s why every payment flowing through the CardConnect gateway is encrypted and tokenized using our patented CardSecure solution.

With so much pessimism surrounding the security of the current payments ecosystem, we’re actually quite optimistic about the powerful combination of EMV, P2PE and tokenization. These technologies are available to any business that wants to employ them, and they would have thwarted the recent spate of payment card breaches. The biggest question that remains is one of adoption and how it can be fast tracked.