Securing The (Technologically Advanced) Joneses

Can security methods advance at the same pace as technology innovations in the payments space? This week’s Retail Security Tracker takes a look at how new offerings in mobile payments, biotechnology and the IoT are putting the methods needed to protect consumers to the test.

SHUTTERSTOCK

As payments technology continues to advance into more and more high-tech applications, so, too, is security developing more sophisticated solutions. From cashless payments, to biometric security, to new measures that can be applied to the smartwatches on consumers’ wrists, the payments security industry is hard at work trying to keep pace with the rate of innovation within payments itself.

With consumers weighing the risk and rewards of adopting these new payment technologies, there is a lot at stake for retailers and how they facilitate payments technology at the point of sale. Here are three top stories from this week in retail security:

 

How secure are mobile payments apps?

Perception and reality are often not only not aligned, but woefully misaligned. According to a recent study published by Arxan and reported on by Mobile Payments Today, nearly 84 percent of users of mobile health and payments apps believe them to be secure. The reality? 90 percent of payments and health apps had critical security risks.

The study looked at apps from the U.S., the U.K., Germany and Japan, and uncovered a rift between consumer assumptions and actual facts revealed through app security testing. Ninety percent of the mobile health and finance apps tested contained at least two of the Open Web Application Security Project Mobile Top 10 Risks. Android apps proved to be slightly more secure than iOS apps, with more than half (59 percent) of Android mobile finance apps tested having at least three OWASP Mobile Top 10 Risks, while 100 percent of the iOS apps tested had at least three top risks.

“Mobile apps are often used by organizations to help keep customers ‘sticky,’ yet in the rush to bring new apps to market, organizations tend to overlook critical security measures that are proving crucial to consumer loyalty,” said Arxan CMO Patrick Kehoe in a statement.

 

Bio-security to pave the way for cashless payments

According to research firm RBR, 417 billion transactions in 2014 were cashless, and the final number for 2015 is expected to be significantly higher. With more and more consumers opting for mobile payments apps and other touchless payments options, technology is struggling to secure these transactions as fast as people are making them.

But, as Point of Sale points out in a recent article, while in some countries cashless transactions are commonplace, in others, cash still rules. While cashless payments have continued to increase annually around the world since 2010, ATM cash withdrawals have risen at nearly the same rate, revealing the global population still prefers to use cash. In Sweden, payments with currency account for only 2 percent of its economy; meanwhile, in the tech-loving U.S., nearly 8 percent of payment transactions still involve physical currency.

The lack of incentives to replace cards with digital payments apps is one deterrent. But security issues reign supreme in keeping consumers from adopting digital payment technology. 36 percent cite security and 31 percent say convenience are the biggest barriers to mobile payment adoption. Data breaches at high-profile retailers continue to make customers uneasy and unlikely to wholeheartedly place their trust in mobile payment technology. Consumers are eager to see more evidence of security measures in place before they make the leap to mobile payment technology.

Enter biometrics. Think “selfie” security and fingerprint technology, or wearable gadgets and retina scans as highly visible and interactive security measures that could turn the tide for mobile payments. Innovations like MasterCard’s new facial recognition scan are interactive security measures targeted toward the selfie-loving millennial generation, but for consumers that place a high value on security, Point of Sale argues, mainstream technologies like this may not be enough to win them over.

It will be interesting to see how the industry strikes a balance between highly visible security measures, including biometrics, and the more “tried and true” security measures that can actually ensure the security of consumer payments.

 

Body (tech) armor

As the popularity of wearables continues to grow, so, too, will attacks focused on these fun new pieces of personal technology. Partnerships like the one PYMNTS recently reported between global digital security solutions company WISeKey and cybersecurity firm Kaspersky Lab will help protect wearable devices from cyberattacks.

The two firms announced they are developing technology that will bring authentication and data encryption to wearable devices and enable them to securely connect and exchange payment data.

“This cooperation between WISeKey and Kaspersky Lab represents a breakthrough in IoT cybersecurity. The combination of trust and convenience that will be delivered to wearable devices opens the door to implementations in other sectors, where the same approach can support a variety of other IoT applications,” Carlos Moreira, CEO of WISeKey, explained in a press release.

According to data from BI Intelligence, the connected wearables market will grow by 35 percent over the next five years, raising concerns about how secure these devices really are.

Kaspersky Lab CEO Eugene Kaspersky said: “We live in a truly connected world. But as the number of connected devices continues to grow, so does the number of threats. And unfortunately, there are millions of devices in active use today that were never designed to be secure. But security should be built in from the very outset. There’s an urgent need to establish and implement higher levels of security for IoT devices, and we’re happy to work with WISeKey in the development of such a solution.”