Securing Mobile Transactions and Payments in the Age of Connected Devices

When it comes to mobile transactions and payments, consumer expectations are evolving. When a consumer purchases an item or service, he or she naturally expects to receive that service. When a traveler books a hotel room, for example, he or she expects that room to be available upon arrival.

Furthermore, the consumer’s personal information should be used solely for the purpose of completing that transaction, not to solicit future business. Most importantly, the consumer demands robust security around the transaction to protect his or her personal information from fraudsters who may be looking to fund a vacation of their own with stolen credit card data.

These expectations have remained largely unchanged over the past several decades. What has changed, however, is the way vendors, retailers, financial institutions and other service providers process mobile transactions and payments.

Digital Transactions and the IoT

A transaction, financial or otherwise, is an exchange between a source — usually a person using a smart device — and a recipient. The digital ecosystem known as the Internet of Things (IoT) is based on the intelligent integration of billions of devices, all of which are potentially vulnerable to cyberthreats.

Fraudsters can bring down entire systems by compromising just a handful of devices. The Mirai botnet, for example, enslaved millions of connected devices to attack Dyn, a major domain name provider, in October 2016. This unprecedented distributed denial-of-service (DDoS) attack took down many popular websites by sending massive amounts of traffic that Dyn’s servers couldn’t handle. The incident served as a wake-up call for the security industry and demonstrated cybercriminals’ ability to affect large swaths of the internet by hijacking the very devices that initiate a growing portion of transactions around the world.

Best Practices for Securing Mobile Transactions and Payments

Mobile transaction technology is growing more complex and faster as providers endeavor to improve the user experience. This presents myriad challenges related to privacy, monitoring and cybersecurity in general. The fastest and most convenient transaction technologies are often the least secure. For this reason, providers need to see the bigger picture and focus not only on securing their own assets and systems, but also the overall transaction, from the source device to the final recipient of the payment.

Consumers can protect themselves by implementing multifactor authentication on their devices and practicing good password hygiene. Providers should invest in cognitive technologies to monitor user behavior and digest both structured and unstructured threat data that could tip the security team off to specialized malware on the network.

Read the white paper: How digital banking is transforming fraud detection

Share this Article:
Domenico Raguseo

Technical Sales and Solutions Leader in Europe, IBM Security

Domenico Raguseo is currently Manager of Technical Sales in Europe for the Security Systems Division. He has over 15 years of management experience in different areas. Domenico also cooperates with several Universities by teaching Service Management, Cloud Computing. Since 2010 Domenico is member of Educational Scientific Council for the Master in IT Governance at the University of Rome La Sapienza (http://w3.uniroma1.it/mastersicurezza/index.php/master-itgov/direzione). Domenico got in IBM a certification as IBM Master Inventor for the multiple patents and publications in several disciplines (Business Processes, ROI, Messages and Collaborations, Networking). Finally, he is speaker on Information Security Management, Service Management, Cloud computing, Energy Optimization and Smarter Planet in several national and international events.