Tags Posts tagged with "nfc"

nfc

0 55

History tells us that safety and security are afterthoughts. From the Gold Rush at the end of the 19th century to the technology Gold Rush at the end of the 20th, the rush for riches was so great that the idea of security was thrown to the wind. Revenue assurance only came to the Mobile table once the rush for customers had subsided and the focus moved from top line revenue to bottom line margin.

It is happening again. As the rush for market share of the payments market heats up, companies large and small are inventing new ways of transferring funds – paying people – easily. This aim for easy to use, attractive products creates a potential nightmare for consumers; easy is seldom secure. The whole concept of mobile wallets, while attractive, means that when someone steals your phone, they steal your wallet too – worse, you can’t phone for help! It is not just NFC that is at ‘fault’ here, although it is an obvious example. If you have your credit card or bank details stored in a mobile phone you have a monetary instrument and that is attractive to Bad Guys.

The potential of NFC is enormous. It will enrich and enable the whole shopping/living experience of millions of people and will create opportunities for operators and third parties that we can only imagine. It is the difference between shopping in a warehouse and walking the aisles of Macy’s or Harrods.

For a moment, though, let us step to the Dark Side. As you walk into the store, your phone lets the store system to pick up your details as you walk inside its co-ordinate boundaries. Google have quietly patented a face recognition technology that enhances this ability. No records exist, until a transaction takes place, but when you walk through the door into the store, you have opened the door into your phone. This means that your phone, and therefore your wallet, can be cloned. A Disgruntled Shop Assistant could potentially steal your details or there may be a Bad Guy in the store with you, and it is possible for him to clone your phone while simply standing close to you.

Another threat is the excellent concept of the QR code or NFC tag. Again, they are easy to produce – three clicks and the means to produce are in front of you. Point your phone at a QR code or NFC tag and it is possible, easy in fact, for someone to take control of what happens next. They could have designed the code so that you are re-directed to a site that is fizzing with malware, that can empty your phone of all its information, sends this to a clearing house and on to other Bad Guys. The very ‘connectedness’ of the ubiquitous mobile device could potentially be harnessed to launch Distributed Denial of Service attacks of unprecedented scale. Unlike having your ‘wallet’ stolen it is likely that you will not even know that it has happened. And this gives the Bad Guys a real head start. You will not know when it happened, who did it, and, frankly by the time the authorities are involved the ‘who, when and where’ will be entirely academic

As with the new acknowledgement that people need educating about online security, it is time that we take a very serious look at the security of new technologies that are making payments easier. There need to be standards and accountability, as there are in the credit card industry.  If your credit card is stolen the liability lies with the credit card company – as long as you report its loss in a timely manner. Not so, yet, with the phone company – or if so, accountability is patchy at best. If your phone is stolen and you receive a huge phone bill as a result of someone else’s online shopping spree, the phone company has no liability and it is their discretion alone that will let you off or not.

There are some ideas emerging. Many of them revolve around a second stage authentication and one of the most promising is that when you use your phone to pay, a photo of you will appear on the terminal in the store. This works fine as long as a) there is a photo of you on your phone and b) your kids have not borrowed your phone!

As with any Gold Rush that can create riches and a better life for consumers, security is likely to remain an afterthought. But in this connected world, where one person can steal the identities of 100 million others, this is no longer acceptable. There are too many people, too much money at risk. We need to have security built in.

0 114

KARIBU !!!

‘ M-Pesa’  has been leading the revolution of mobile wallets across the globe. Over 50% of the adult population in Kenya today use M-Pesa service to send money to far-flung relatives, to pay for shopping, utility bills or taxi ride home. While East Africa has been dominating the numbers in the past few years other regions including APAC, EMEA, Europe and Americas are about to explode sooner or later with their own models – NFC, Google Wallets, Mwallets, Apple Passbook,etc

More operators are walking down the path of offering Mobile Banking services in some form or the other every year. These players might get caught off-guard & face what a leading operator in Uganda recent got  hit with– a million dollar mobile money fraud loss !! News articles indicate that a recent internal fraud in a leading operator in Uganda lead to 3.5 Million Dollar loss, Mobile Money boss losing his job & 8 other employees getting fired. Operator also received reprimands from the regulator and had significant dent to its brand image. This mess also opened up competition for other players in the country.  Regaining confidence of customers and regulators will not be an easy job for such operators. They will be looking to enhance security within their mobile money offerings.  It might be a differentiator and lead to uplift in adoption.

This incedence clearly presents a learning for other operators about to offer Mobile Money services. Moving forward, one of the key areas of focus for operators will be to provide a secure mobile money platform to users and manage frauds beyond the traditional regulatory requirements. Below infographic highlights some variants of Mobile Money frauds already rampant within operations and potential damage they might cause.

Mobile Money Risks – Infographic

Kindly follow the link for more information.

3 100

It’s clear to all that the advance of mobile money and NFC services has become an unstoppable force, with the latest estimates putting global NFC m-payment transactions at US$50 billion by 2014. For the Fraud & Security teams in mobile operators this heralds arguably the single biggest change in the risk landscape since the original proliferation of mobile services back in the late 90s and early 00s.

Where there is money, there is fraud. It was therefore inevitable that when mobile phones became a financial instrument, they would immediately become a target for fraud. Mobile phones were already a very popular target for fraudsters and the combining of the 2 is simply irresistible. This has presented Fraud & Security teams with a fresh sets of challenges and opportunities, the first of which is how they are going to monitor the new services.

Many operators are looking to the financial services industry for best practice and whilst this certainly makes sense, I’m not so sure that the purchase of monitoring tools from the financial services environment is as wise. By buying in such systems, mobile operators run the risk of creating a siloed view of their customers, with one system looking at mobile money usage and others looking at calls, SMS etc. Surely the most effective way forward is to have a single view of every customer, assessing risk across all services.

Almost all operators have some form of Fraud Management System (FMS), monitoring their customers’ calls, SMS and data traffic. Mobile money services are relatively simple when compared to those offered by banks and insurers and the same is true of the data that they produce. It is therefore well within the capability of an FMS to take in mobile money and NFC transaction data and present it alongside the calls, SMS and data usage.

To avoid unnecessary expenditure and inefficient use of resource, my advice to mobile operators is to challenge your FMS supplier to provide you with a solution for monitoring your mobile money services. Only if their answer is ‘no can do’ should you be looking elsewhere!!

Follow Us