Mobile Payment Security, Fraud, and Risk: Breaches, Malware, and the OS Linchpin

Mobile Payment Security, Fraud, and Risk: Breaches, Malware, and the OS Linchpin

New Research from Mercator Advisory Group Explores
Emerging Threats to Mobile Payment Ecosystem

Boston, MA - October 10, 2012 -- Mobile payments have arrived. Driving this revolution is a large collection of technologies, some of which are immature and not fully secure. Nascent solutions are a gilded invitation for criminals to attack at various points within the mobile payments ecosystem. Operating system (OS) developers, payment networks, banks, and even users need to be involved in keeping this evolving environment secure.

The two greatest threats to the mobile payments industry are malware and data breaches. The data breach is well understood and is a universal issue for the payments industry. Standards like PCI have gone a long way toward combating the problem. The malware problem, however, is more focused, initially affecting OS and applications developers, with the effects eventually spreading to the rest of the mobile payments community.

Mercator Advisory Group's new report, Mobile Payment Security, Fraud, and Risk: Breaches, Malware, and the OS Linchpin, examines these threats, explores ways in which fraudsters might exploit them, and indicates how the mobile industry should prepare and respond.

"Criminals are highly motivated to attack mobile payments because they are such a rich target. Historically, these hackers have been loosely organized but effective. They take advantage of the lag between the introduction of a payment technology and its general acceptance by the public. This period provides ample opportunity for the perpetrators to discover vulnerabilities and prepare attack strategies," David Fish, senior analyst in Mercator Advisory Group's Fraud, Risk, and Analytics Advisory Service and author of the report, comments. "Our research has indicated that OS developers are in the best position to limit the spread of mobile malware. They control the OS, they control their own applications, and they are in a position to control the offerings of third-party application vendors."

Highlights of this report include:

Discussion of the two approaches to mobile payments and analysis of the security threats facing them.

Review of traditional forms of payment fraud and explanation of how these forms are evolving as mobile enters the payments ecosystem.

Examination of the methods and vectors that fraudsters use to obtain payment card information and the schemes they exploit to capitalize on stolen data.

Analysis of the drivers of insecurity in the mobile arena, including OS application review processes, time-to-market pressures, vulnerabilities to phishing, WiFi hacks, man-in-the-middle attacks, and others.

Recommendations for tighter mobile payment security for OS developers, corporate and individual mobile users, application developers, and mobile carriers.

One of 10 exhibits in this report:

This report is 27 pages long and has 10 exhibits.

Companies mentioned in this report include: American Express; Apple; Dwolla; First Data; F-Secure; Gemalto; Global Payments; Google; Isis; LevelUp; MasterCard; Microsoft; PayPal; Research In Motion; Starbucks; Symantec; Symbian; Visa; and WebMoney.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access, and other membership benefits. Please visit us online at www.mercatoradvisorygroup.com.

For more information and media inquiries, please call Mercator Advisory Group's main line: (781) 419-1700 or send an email to info@mercatoradvisorygroup.com.

For free industry news, opinions, research, company information and more visit us at www.PaymentsJournal.com.

Follow us on Twitter @ http://twitter.com/MercatorAdvisor.

About Mercator Advisory Group

Mercator Advisory Group is the leading, independent research and advisory services firm exclusively focused on the payments and banking industries. We deliver pragmatic and timely research and advice designed to help our clients uncover the most lucrative opportunities to maximize revenue growth and contain costs. Our clients range from the world's largest payment issuers, acquirers, processors, merchants and associations to leading technology providers and investors. Mercator Advisory Group is also the publisher of the online payments and banking news and information portal PaymentsJournal.com.