Who can blame consumers for not equating "mobile payments" with "security?" News reports of malicious apps on Android smartphones accessing people's personal information are enough to make any reasonable person question the wisdom of loading their credit card information into their mobile devices. And though not specific to mobile devices, the recent online credit-card breach at Citigroup, the hacking of Alliance Data Systems' email marketing subsidiary Epsilon and similar incidents certainly don't help to instill confidence in technology's ability to safeguard our information.
The Consumers Union, the nonprofit publisher of Consumer Reports, raised this issue in a recent study called Mobile Pay or Mobile Mess. "Mobile payment technologies are being touted as the most convenient and easy way for consumers to use their mobile phones to make purchases," wrote the report's author, Michelle Jun, senior attorney at Consumer Union. "But in this mad dash among processors, financial institutions and other industry players to create successful mobile payment products, few have focused their efforts on assuring that consumers will be protected financially if something goes wrong with a mobile payment transaction... Consumers may be at risk of losing money if their mobile phone is lost or stolen, used to make unauthorized payments, or for other erroneous charges due to fraud or mistake."
But is the consumer skepticism over mobile payment security simply a perception issue?
IBM executive Alberto Jimenez believes it is, and that much of the concern about security risks of pay-by-phone services are a red herring for the real issues that need to be solved to get the technology off the ground.
Jimenez has a point. There are plenty of business issues that need to be sorted out — who owns the customer, which parties get paid for what — before a mobile payments system really takes off in the United States. And if the purveyors of new systems like Google Wallet and Isis are to be believed, such technology will be safer than using plastic because data will be encrypted on the phone, making it hard for hackers to steal.
But labeling security concerns as a diversion misses an important point. Even if paying for purchases with your smartphone is safer than swiping your plastic card, there's still a problem if consumers think their security is at risk. And that's a problem for banks, too, as they form partnerships to include their credit and debit cards in Google's system, and as they develop their own proprietary apps and products that haven't hit the market yet. Solid customer relationships are built on trust, and if consumers aren't confident in their bank's ability to protect their financial credentials on a mobile device, that's bound to have ripple effects on the other interactions they have with their bank.
Credit card networks, banks, software vendors and others have a compelling argument for why consumers should trust new services based on a technology called near-field communication. But they could do a better job of explaining it.
For example, when Google talked up the security features of its new Google Wallet service, Stephanie Tilenius, vice president of commerce at Google, said credit card information "is encrypted on a secure element in the phone and the credit card is never fully displayed."
The problem is most consumers don't understand what jargon like "secure element" and "encryption" mean. Google and others should do more to educate consumers on how these protections work and why their information is safe.
Bottom Line: Mobile payment providers, especially telecom network providers, need to work on security and education, and prove they're putting the right safeguards in place.
