Today's consumers want to pay where they like, how they like and when they like. And thanks to recent advances in mobile wallet and point-of-sale technology, they have a growing range of options to do so. But with more flexibility and choice comes potential extra cyber risk for your business. This has made mobile payment security a key requirement for driving customer trust and commercial success.
The answer lies with a multi-layered approach to cyber risk mitigation using the detailed Payment Card Industry Data Security Standard (PCI DSS) requirements as your guide.
The big picture of mobile payment security
Driven by e-commerce, smartphone penetration and emerging markets, the global mobile payments market is set to grow at a compound annual growth rate of 24.5% over the coming years to reach nearly $5.4 trillion by 2026. In this context, it would seem like a no-brainer for merchants to double down on cyber security to keep cardholder data and payment systems secure. Yet, unfortunately, data security practices are worsening.
In 2019, less than 28% of organizations achieved 100% PCI DSS compliance. This was a dip of nearly 9% from 2018 figures, according to Verizon's 2020 Payment Security Report. The impact could be severe—ranging from noncompliance fines to lasting financial and reputational damage that can result from major breaches.
Secure mobile payments: Trends to watch
The unfortunate news is that the mobile payment security landscape is becoming increasingly volatile and exposed to risk. Threats to your organization can come from a variety of places today, including:
Inadequately secured digital transformation
The advent of the pandemic has accelerated efforts to support remote working, streamline business processes and drive new revenue streams. But new technology investments can also expose your organization to extra cyber risk, such as online fraud, digital card skimming attacks and the phishing of remote workers. Your business needs to first perform a thorough risk assessment to gain visibility into key IT assets and threats, before taking action.
Ransomware
The volume of ransomware attacks surged last year. A serious outage could down your mobile payment security systems, impacting the brand and forcing customers to competitors. Any business that relies on secure mobile payments needs effective anti-malware, phishing awareness training for staff, and a focus on securing web applications and remote servers to stop attacks in their tracks.
Web applications
Within retail, web apps rather than POS devices are the main vector for breaches, according to Verizon's 2020 Data Breach Investigations Report. In the retail and hospitality sector, three-quarters (76%) of apps contain vulnerabilities and 26% of these are high severity—one of the worst rates of any industry. Integrating enhanced code scanning into DevOps processes is a must, as are web application firewalls.
Supply chain
As recent events have shown, cyber attackers are increasingly looking to compromise suppliers as a stepping stone to breach higher-value targets. This may pose a major headache for your business if it has an extensive supply chain network, as most do today. The National Institute of Standards and Technology has some useful advice on how to mitigate risk in this area. To start with, you'll need to answer the following: Who are your suppliers? What's their security maturity? What data can they access? And how are they using it?
The PCI DSS has been designed specifically with payment card data security in mind. Complying with its requirements will not only enhance best practices in this space and reassure customers but also neutralize the risk of regulatory fines in the event of a breach.
Learn more about how Verizon's secure mobile payments offerings can help give your customers the experience they want.