Mobile payment solutions are popular with small businesses due to their low costs and customer engagement opportunities. While these payment options are gaining popularity, business owners will need to exercise diligence in order to avoid common security pitfalls.
Mobile payment solutions have simplified and enhanced customer experiences, as well as increased sales opportunities for business owners. As mobile payment solutions become more widely used, businesses are under pressure to facilitate a cashless process that can complete any purchase.
While mobile payment solutions provide new revenue streams for businesses, the security risks that come with implementing and providing mobile payment options can be cause for concern. The main mobile payment security risks for business owners are:
- Data security
This article will discuss each of these mobile payment issues and provide the simple steps for business owners to overcome them.
Protect Your Business Against Fraud
Thieves are always looking for ways to defraud someone while keeping their methods and identities a secret. In the mobile payment world, fraudulent activity has very specific traits.
Mobile payment fraud happens more through “card-not-present” portals than traditional point-of-sale systems, such as Square and GoPayment. However, even those providers are not immune to fraud.
A LexisNexis study found that 58% of fraudulent transactions involved a credit card, while just 23% involved a debit card, making the latter the better payment method for merchants. However, a survey of consumers conducted by the Information Systems Audit and Control Association (ISACA) shows that most people shy away from using debit cards because they are fearful of theft during a mobile payment transaction.
Some fraudsters will use fake cards with a non-working magnetic strip in order to get the merchant to process the “card-not-present” transaction. Businesses can protect themselves by authenticating the identity of the consumer and his or her payment method when processing card-not-present payments.
A business owner needs to remain more vigilant against fraud by understanding what types of crimes are committed in relation to mobile payments. Familiarize yourself with existing security technology, such as encryption, two-factor authentication, tokenization, and biometrics.
In fact, newer mobile payment devices can incorporate biometric authentication, such as user fingerprint identification. If older devices are being used, employ alternative identification methods, such as two-factor authentication or virtual tokens.
Learn How to Avoid Chargebacks
Another fraud threat businesses may encounter is chargebacks.
A chargeback is the process that occurs once a customer refuses to accept responsibility for a charge on his or her credit card. Banks can forcibly require businesses to give money back to a customer if they feel the cardholder’s request is legitimate. Furthermore, the customer has no obligation to return to the business whatever was purchased.
Chargebacks are meant to protect customers’ safety and their existence encourages transparency among businesses.
Chargebacks often occur in three different scenarios:
- Chargebacks often occur when customers are hit by credit card fraud. Businesses are responsible for weeding out fraudulent orders and if they do not, they are responsible for refunding the customer.
- A chargeback may be initiated by the issuing bank due to a technical issue, such as when no authorization approval code is received.
- Some customers also abuse the chargeback process by claiming falsely illegitimate purchases.
Mobile payment solutions increase the risk of chargebacks.
Chargebacks, in addition to being costly, can damage a business's reputation. Excessive chargebacks can lead to closed merchant accounts, effectively killing the incoming revenue stream.
Chargebacks, in addition to being costly, can damage a business's reputation.
When thieves gain access to stolen account information and conduct unauthorized transactions through mobile payment, the innocent cardholder is entitled to chargeback protection. While chargebacks do sometimes happen for legitimate reasons, use of customer service practices based on “know-your-customer” principles, and merchant accessibility, can substantially reduce or eliminate chargebacks.
Because mobile payment solutions can facilitate card-not-present transactions, the increased risk can be a significant threat for merchants.
Advanced mobile payment technology can be used to validate that a payment card is genuine and facilitate the authorization of the transaction. Additionally, new chargeback processes were implemented earlier this year. The new guidelines were enacted to reduce the number of chargebacks business owners have to deal with, automate the process so disputes are resolved quicker, and streamline the way chargebacks are coded to make everything simpler.
Keep Your Customers’ Data Secure
The nature of the mobile payment process, with multiple entities and electronic handoffs, increases the number of security issues. A transaction includes the acquirer, card issuer, payment card network, and a host of others. Cyber criminals can exploit each point in the transaction.
Most organizations diligently secure their networks and applications. However, they tend to utilize mobile payment technology that protects their proprietary data, but that protection doesn’t extend to the information stored on customer devices. That, in turn, could put the customers' data at risk to hackers.
For example, thieves can easily hack the mobile payment system to steal credentials, insert malicious code, tamper with security logic, or reverse-engineer applications. These thieves have evolved their techniques and come up with new ways to exploit mobile security holes.
Certification of Payment Card Industry Data Security Standards (PCI DSS) is required for every merchant or business accepting credit or debit cards. These standards require businesses to meet 12 criteria, including:
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement strong access control measures
- Regularly monitor and test networks
- Maintain an information security policy
Recent retail, government, and healthcare security breaches demonstrate that customer and card data security should be a top priority. Preventing mobile payment security risks is paramount for any business.
PCI DSS-certified payment service providers ensure the highest level of security. These providers have blacklists and historical data to identify thieves and their trends. They detect potential security breaches and fraudulent transactions while enabling valid transactions to go through.
Find the Right Mobile Payment Provider
Mobile payments can positively benefit a business, but there are also security risks that can cause concerns. Finding the right mobile payment processing partner, one that provides specific advice and strategy for protecting your business, is key.
The implementation of best practices to avoid fraud, chargebacks, and data security breaches will allow your business to safely adopt mobile payments and experience strong business growth. Merchants that do so will realize a host of benefits, including customer satisfaction, increased sales, and decreased costs, which can improve your bottom line.