Friday , December 14, 2018

A Financial-Industry Standards Body Releases Rules Aimed at Tightening Mobile Security

Mobile payments are booming in places like China and India, but in the United States, not so much. Year after year, one reason that keeps popping up in surveys is concerns about security, and on Tuesday a major standards body announced a measure aimed squarely at those fears.

The Accredited Standards Committee X9 Inc., an Annapolis, Md.-based organization that develops open standards for the financial-services industry, said its new standard applies to phone manufacturers, app developers, and financial-services providers and addresses a range of security loopholes. These include “customer isolation, the use of merchant-unattended terminals or kiosks, non-financial platforms that may not be trustworthy, and cellular, wireless, and other connections that persist after an action has concluded, as well as the risks inherent in card-not-present transactions,” the organization says in a press release.

The worries don’t stop there. “[A] mobile network infrastructure’s security may not reliably protect data in transmission,” the release continues. As a result, it says, “the continuing growth of the smart-phone market increases the urgency of enabling better security for the mobile device population.”

The standard known as ASC X9.112-3 “Wireless Management and Security—Part 3: Mobile,” addresses a wide range of mobile payments, embracing such specific functions as person-to-person payments, payments to businesses and interactions with terminals, and mobile banking. It also addresses technologies such as browsers, apps, and a variety of mobile channels, from near-field communication to text and video.

“Developers, implementers, service providers, and assessors for the financial industry will welcome the guidance contained in the X9.112-3 requirements and recommendations, and end users will enjoy higher levels of security throughout every phase of a transaction, from initiation to completion,” said Steve Stevens, executive director of ASC X9, in a statement.

Security fears surrounding mobile payments have consistently appeared in industry reports and surveys over the years as a factor dampening mobile-payment usage. Some 51% of banks and credit unions cited security concerns as a “high” barrier to consumer adoption, and an additional 35% rated these fears as a “medium” obstacle, in a Federal Reserve study released in January.  Two top concerns in the study were careless behavior by consumers and the risk of card-not-present fraud. The Fed survey collected responses from 706 financial institutions across seven Fed districts, of which 450 responded to a question about mobile-payment adoption barriers.

But mobile payments are likely to grow, even if slowly in the early going, and expert observers say the new standard will likely play an important role behind the scenes. “The reality is that this announcement won’t really register with the consumer population in and of itself, but hopefully the impact will make itself felt over time,” says Julie Conroy, research director at Boston-based research firm Aite Group, in an email message. “This is critically important, since mobile is not only seeing increased use as a transactional channel, but often the mobile device itself is increasingly used to authenticate customers across all channels of interaction.”

This latest ASC X9 standard follows two others that address so-called wireless communications, including one with requirements for radio-frequency technologies and one aimed at ATMs and point-of-sale devices.

ASC X9 is accredited by the American National Standards Institute and embraces more than 100 member companies. It has issued approximately 100 U.S. standards and 58 for international use.

Check Also

Fast-Growing Merchant Acceptance Could Entice More Acquirers to Look Abroad

A number of U.S. payments providers have expanded overseas in recent years, and now more …