ISACA guide offers tips for secure mobile payments

Mobile payments will benefit enterprises by reaching more consumers, according a whitepaper by global IT security association ISACA.

Mobile payments will benefit enterprises by reaching more consumers, according to a whitepaper from global IT security association ISACA.

A study from Juniper Research found that the value of mobile payments for digital and physical goods, money transfers and other transactions will reach almost $630 billion by 2014.

The whitepaper, entitled “Mobile Payments:  Risk, Security and Assurance Issues”, says mobile payments will also help enterprises reduce the amount of stored data needed to meet compliance requirements, improve transaction security and fraud detection, and engage in location-based marketing.

Consumer benefits include the speed and convenience of not carrying cash and credit cards, the consolidation of many cards and an enhanced layer of security.

But while mobile payments offer many benefits, says Nikolaos Zacharopoulos, chair of ISACA’s project development team for the whitepaper, there is also a need for proactive planning and measures to manage risk.

“This can include anything from theft of identities and services; loss of revenue, brand reputation and customer information; as well as money laundering and terrorist funding,” he said.

The whitepaper identifies the risk types and the countermeasures that should be in place to mitigate them, said Zacharopoulos.

The whitepaper advises enterprise to: 

•Build robust controls into the planning process.

•Ensure that transactions are carried out only by the authorized person.

•Identify the data that are considered personal and sensitive, and ensure it is protected.

•Ensure that third parties involved have robust security governance in place.

•Pay specific attention to the originating point of a mobile transaction; the device and the user

“Security will be a major driver for the adoption of mobile payments, as trust plays a very important role when the customer decides to use a new payment tool,” said Zacharopoulos.

“While more regulation in the mobile payment ecosystem is developing, it is important that enterprises proceed with care so they can offer consumers the conveniences of mobile payments as well as the security and privacy necessary,” he said.

Mobile payments enable extra revenue opportunities for companies, but in some cases the mobile payment systems do not function because the security requirements insist on mandatory authentication via additional authentication devices, says Marc Vael, director of ISACA.

This  undermines the whole concept of mobility, and ISACA recommends a proper approach to promote mobile payment, he said, taking into account security and risk management.

Read more on IT for leisure and hospitality industry