You’ve seen the advertisements – it seems like all of the newest smart phones on the market have the capability to make mobile payments. Phone companies claim it’s a safer, more secure option than paying with a credit card, and with just tapping your phone to a machine, it’s also easier and faster. But doesn’t this capability expose consumers to an increased risk of fraud or identity theft? It does.
Time Saving, But Risky
On September 8, the United States Secret Service, in collaboration with the PCI Security Standards Council, issued a Joint Advisory Bulletin focused on Mobile Payment Systems Vulnerabilities. The Secret Service advised that it has “observed a steady increase in criminals exploiting vulnerabilities in the account provisioning and verification process for near field communication (NFC) payments to commit fraud. Specifically, criminals are using stolen identity information to establish fake accounts on NFC devices and make illicit transactions both online and at ‘brick and mortar’ retailers.”
The best way for retailers to combat this type of fraud and protect their customers is to implement and follow best practices focused on protection of personal data. This requires educating employees about the threat and the best practices to address the issues, and adhering to the required standards set forth by the PCI Standards Council.
5 Methods for Retailers to Enhance the Vetting Process
The PCI Security Standards Council and the financial services industry provide valuable training and advisory resources for use by merchants and mobile device manufacturers to prevent and react to mobile payment fraud concerns. Training for customer service personnel should include:
- Device fingerprinting
- Usage patterns
- Sharing registration data across financial institutions to identify duplicate registration attempts
How should retailers manage and mitigate this risk? Follow best practices. Train employees. Require and enforce the use of approved mobile devices and applications. And just be aware of the issue. These actions will help law enforcement, merchants and the industry address this type of fraud and keep everyone a little safer from fraud.