Opinion

M-commerce: Why CIOs need to manage the risk

The age of mobile commerce is upon us. Almost two-thirds of global businesses in financial services, technology, telecoms and retail are already operating a mobile payments strategy, with US mobile payments totaling around $100bn last year, according to our recent KPMG Consumer and Convergence Survey.

M-commerce is a significant opportunity for business. It not only influences a consumer at the point of sale, it brings the point of sale to the consumer. The proportion of consumers buying goods and services via a mobile device has also soared globally, from 10% in 2008 to 28% in 2010. 

Yet consumers have concerns. Of the 10,000 we spoke to, 90% are worried about the security of their personal identifiable information (PII), although they are largely happy to allow their online usage and personal profile to be tracked providing this leads to lower costs and more tailored services.

Effectively this means that for m-commerce to truly fulfil its potential, CIOs will need to balance technology with a more holistic view of risk for their entire business. We see four main challenges, which we refer to as the "m-risks":

Culture: moving towards partnership and collaboration.

IT departments and the businesses they serve need new skills to deliver goods and services via mobile devices. Some will already have more experience in direct selling and global markets, others in technology and IT security. 

Leveraging the right kinds of experience to fill the gaps required to deliver m-commerce is already leading to joint ventures and may even involve partnering with potential rivals from other sectors.

Security: fraud detection

According to our survey, 92% of information security officers think m-commerce will drive an increase in e-crime. Current security measures risk being overwhelmed unless corporate thinking keeps pace. Existing control frameworks provide an illusion of assurance, but their main focus is on catching errors, frauds and data breaches after the event.

Security in the m-commerce era will be more highly automated, backed by more sophisticated tools to support employee compliance and decision making.  Data analytics is set to move centre stage to help spot fraud trends and security awareness generally will need to penetrate all aspects of a company’s business.

Technology: Trusting the vendors

M-commerce demands vital technology choices. For instance, most mobile technologies require some form of "enabler" to transform the device into a secure payment method. Each has its own benefits, risks and customer appeal. It is important to establish trusted advisors and vendors, recognising the difference between those that come with a pre-defined package and those offering a range of options, tailored to your specific needs.

Regulation: self-policing

M-commerce is already caught in the web of legislation and regulation. Its transnational character makes it easy for firms to fall foul of measures such as the EU’s Distance Selling Directive, as well as national regulators like the UK's Advertising Standards Authority.  Detailed and timely counsel on the legal regimes in individual markets, and the connections between them, is essential.

In due course, governments will work together to devise specific regulations for this new form of business. In the meantime, CIOs have a choice: wait for external action, or start policing their own businesses, thus setting a framework for subsequent national and international rule making.

M-commerce poses real challenges but offers immense opportunities. The revolution is accelerating rapidly: the question is not whether to join in, but how and to what level? 

Steve Watmough  (pictured) , is CIO Advisory Partner at KPMG.

 

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in January 2012

 

COMMENTS powered by Disqus  //  Commenting policy