Introduction
The advent of the Internet has revolutionalized the way companies and individuals conduct business, and have necessitated the proliferation of processes involved in honoring transactions through diversified payment methods. Mobile wallet denotes mobile technology that functions like a real wallet by facilitating online payments and purchases (Amoroso et al., 2012). The ease and convenience of operating a digital wallet have made the platform to attract wide spread interest. This paper is devoted to the usage of mobile wallets, their advantages and possible problems. The number of users with smartphones grows from year to year. In this case, mobile wallets have quickly become popular technology. Nowadays, more than twelve percentages of users with smartphones make mobile payments.
There are several main players in the mobile wallets arena. These include PayPal, Apple Pay, Goggle Wallet, Android Pay, and Samsung Pay (Voo, 2013). There are some applications, which are available for both traditional and digital platforms, for example, Square Wallet. The operating principle of mobile wallets is that retailers’ merchants and payment providers are not able to track the buying process. It should be noted that all card details are only available to the user and the bank that issued the card (Top Ten Reviews, 2016). The rest of the participants in the transaction chain are only aware of a unique customer number that is provided for reference in the system of mobile payments.
Despite the convenience and simplicity in usage the mobile payments, there are critical concernss in the industry. The most important risks in this area are that mobile devices are more susceptible to loss and theft, mobile devices are more personal and potential hackers can get a lot information about the user. Examples of cases that highlight the possibility of losing information relate to hackers obtaining information on a bank card, access to passwords, and in general the vulnerabilities associated with digital platforms. This serves to justify the chosen thesis statement: security issues prevent widespread use of the mobile wallet technology.
Discussion
Mobile Wallet Applications
The mobile payments are based on the usage the near field communication technology, which allows a high speed data exchange between devices located at a distance of 10 centimeters or less from each other (Comviva, 2015). This requirement makes it impossible to use the digital wallet platform without gadgets that meet certain technical specifications. This particular constrain contributes in making digital wallets operating on this specific platform unpopular, because it is associated with interfering with the simplicity and convenience associated with digital platforms.
On the other hand, some applications allow to pay for products at participating businesses without ever having to pull out wallets or phones. For example, Square Wallet Application allows paying just via user’s name and picture (Wise, 2013). The user is required to provide his or her name. When the presented name is entered, a picture of the person bearing the name appears on the screen and the name is confirmed at the special register. When the cashier taps the picture, the customer is automatically charged. These platforms are popular because of the simplicity and convenience involved, but they present security concerns in that they are said to be easy to hack or manipulate.
The Federal Trade Commission of the United States noted that low-cost or no-cost mobile technologies can have hidden costs and risks. For example, retailers, advertisers, application developers and other market players can use the information collected from mobile devices. It provides them the possibility to build more comprehensive consumer profiles. In this case, the personal life of a customer and confidentialityof his transactions may be threatened. At the same time, customers who pay via prepaid accounts, cannot rely on the federal protections, which are afforded to the bank plastic cards and limit the client’s liability in the case of fraud. This leaves the user of the digital wallet platform unprotected and vulnerable.
Types of Mobile Fraud
The total amount of the global fraud loss in the telecommunication industry is more than $46 billion (Sachin, 2015) or two percent of total revenues. A huge part of this loss falls on Indian market. The susceptibility of the Indian market is as a result of many people taking up mobile wallets without the requisite training and preparation. Research indicates that a significant proportion of the population taking up mobile wallets is unaware of the associated risks, and even when there is existing knowledge about potential risks, the affected are either reluctant to consider remedial measures or are unaware of the existence of such measures (Ellis et al., 2014). These concerns introduce concerns that convenience and simplicity may be negatively affecting consumers’ knowledge regarding the safety measures that are available to users of digital payment platforms. Furthermore, the characteristically reduced or lacking legal control framework may be contributing to making the digital platforms attractive to crime perpetrators since there are loopholes in the current laws and regulations. Countries like the United States have made tremendous advances in enacting laws that govern consumption of Internet based services, including cyberspace regulation and anti money laundering laws. It is worth noting that unless other countries take up measures like the case for United States, it will be impossible to achieve success in this pursuit because of the nature of Internet-based platforms. Just like other digital platforms, mobile security relies on the Internet, which is considered to make the world a global village, and therefore shading some light on the potential security nightmare associated with online transactions.
There are six main types of mobile fraud. Firstly, there is phishing which involves fraudsters using varied methods including telephone calls, short message service (SMS), social media, and emails to trick users in divulging personal information including Personal Identification Numbers (PIN), and the solicited information is either to steal money or making in making malicious advances. Secondly, there is access to wallet through unauthorized or counterfeit SIM swap. This involves a fraudster attempting to assume the possession of another person’s mobile wallet account through pretence. This mean that the fraudster will make use false documents in taking over the identity of the other person they are impersonating. Once the other person’s identity has been taken up, it is possible to process SIM swap and obtain full access to funds and personal information. Thirdly, there is commission fraud by agents, which involves identity theft through unscrupulous agents and employees who abuse privileges and access and exploit mobile wallet customer information, stealing information or funds. Fourthly, this type of fraud may also involve application manipulation and split transaction in that agents illegally increase their earnings through splitting up customer transactions into smaller ones, and thus increased earning through high transaction volume commissions. Fifthly, the use of counterfeit know your customer (KYC) process. This is applied when false documents are presented during the KYC procedure, and it enables fraudsters to gain access to premium mobile wallets that allow for high limits for funds transfer and withdrawal. Once this happens, it opens the doors for money laundering procedures that are characteristically hard to detect. Sixthly, cyber-attack involves any offensive undertakings used by fraudsters to target computer information systems and other device networks to gain access to information or destroy information for malicious reasons.
Mitigating the risk of Mobile Wallet Fraud
Mitigation can be undertaken through implementing both preventive controls and detective controls. There are three preventive controls that are available. The first involves the use of customer awareness campaigns. This can be done through social media, use of websites, and publications. It involves the use of clear communication on security consciousness via multiple channels. The second involves stipulating minimum deposit thresholds. This should be based on research findings and the application of thresholds can be used in controlling transaction splitting. The third preventive control measure involves employee and agent training, and it is accomplished through the provision of training on the roles and responsibilities of the parties. It can be made from the beginning that certain minimum standards regarding conduct and behavior will be enforced and stipulation that fraud will be punishable.
There are three detective controls that can be applied. Firstly, the company involved can choose the implementation of a monitoring system to detect suspicious customer activity. It is expected that continuous monitoring system will help in planning and delivering faster responses to incidents before situations get out of hand. Secondly, the implementation of a management review of high value transactions, through setting of procedures requiring such transactions to be reviewed by management. It is envisioned that this type of control will provide necessary insight in identifying potential money laundering activities. The minimum threshold to trigger reviews can be based on prevailing financial regulations. Thirdly, companies can pursue the option of sending SMS alerts to customers notifying them of completed transactions. These can be specifically targeting certain withdrawal and transaction limits, and it has the potential to involve mobile wallet users in fraud detection. If a customer receives a notification about unrecognized transaction they can respond by alerting the mobile wallet operator to conduct further investigation and take necessary action (Gilman et al., 2012).
Around seventeen millions of Indians use different mobile money platforms, which are offered by banks (Sachin, 2015). On the one hand, it can be a sign of the economic development and significant growth in India, since it can be associated with financial services access by the population. On the other hand, it provides wide opportunities for fraud and hacker attacks in the country. Regular monitoring of controls may be critical in maintaining the risk mitigation strategy for mobile money service providers in India. Thus, the growth of mobile wallet industry entails new trends in fraudulent activity.
Security Issues of Mobile Wallets Industry
The chief investigative officer of Forensics, Andrew Hoog, once said “More of client’s information and purchasing habits will become known and able to be marketed. The ordinal customer has only to be comfortable with it” (Smith, 2011). It allows supposing that the number of fraud will increase due to the bigger openness of mobile wallets services and applications. This is typical of a system that leans more towards providing customers with simplicity and convenience at the expense of entrenching controls that guard the mobile wallet against fraud. The anticipated explosion in mobile wallet services and applications should be accompanied with the security measures that are deemed appropriate for the industry. The starting point can be the lessons learned from the current and past platforms.
Typical fraud starts as a hack of a credit card data from a big company (Home Depot, Target) (Pogue, 2015). Another type of attack is malware. For example, the attacker publishes a malware disguised as a legitimate item in the app store or on any site. The user downloads a virus on his smartphone, which can contain a large amount of sensitive data. The virus tries to take control of the smartphone resources, collecting data. As a result, the device redirects to malicious sites or uses paid services without the user’s knowledge. This model of threats makes to consider a smartphone from three perspectives. One, the industry considers the level of application including social networking clients, e-mail, SMS, and data exchange tools for synchronization. Two, consideration based on communication level including the mobile network, Wi-Fi, Bluetooth, micro USB ports, and a MicroSD slot since malware can spread through any of these channels. Three, the implied resource level which may include flash memory, camera, microphone, and sensors of the smartphone, given that smartphones can contain sensitive data, the virus tries to take control of its resources, and to manipulate the data coming from them.
Such an attack can be considered as a closed loop, starting with the launch of the malware, passing through the application, communication and resource levels, then through the “short” numbers or malicious sites can return to the attacker. Also the possible drawback of the mobile wallet can be a single pin, which unlocks all of the accounts stored in this wallet (Pegueros, 2012, 16). In this case, each customer, if he wants to prevent his phone and his money from fraud, should follow several rules. The main of them are to keep strong passwords, to keep security application in own phone, do not open attachments or upload applications from unknown sources, avoid using public Wi-Fi (Bhansin, 2016). As we can see, there are many limitations related to security issues in the mobile wallet industry. In this case, mobile wallet industry will face a serious matter relating to the increase in transaction security without prejudice to the functionality and battery capacity of the Smartphone. All these considerations illustrate the fact that the adoption of the mobile wallet technology will be dependent upon the associated security risks. If the industry undertakes to address the identified security risks, there is possibility that the technology will experience considerable uptake in the coming years, since there is increased global access to Internet enabled mobile devices.
Conclusion
In conclusion one can say that more and more people will use smartphones and make mobile payments. On the one hand, it can be a great step forward in the modern business world when transactions are easy and convenient. On the other hand, mobile wallet services have enough security issues and may contribute to the spread of cybercrime. As Graylin (chief executive officer of LoopPay) said: “There is no perfect system, it will be always a game of cat and mouse”(ThreatMetrix, 2015). In this case, mobile wallet industry faces a serious obstacle to its further growth. It is possible to navigate the growth challenges by considering investments in security infrastructure. As it is evidenced by the fight against cybercrime, the efforts and resources involved are enormous. The starting point can be participatory campaigns by the mobile wallet services providers relating to the advantages and disadvantages of investing in the provision of security. This can be followed by an elaborate process of enlisting other stakeholders including banking and financial institutions in implementing joint security strategies. There can be increased participation that is paired up with the relevant information such that each additional consumer receives information regarding their responsibilities in making the mobile wallet platform friendly and secure. All these efforts can be cemented together by the operation of a responsive legal framework that aims to highlight the seriousness of the crimes identified by the industry. Recommended punishments can be illustrated as serious deterrent strategies, and efforts can be made to ensure that all perpetrators receive commensurate legal treatment. Licensing and registration of mobile devices can contribute to the monitoring and control database that will be useful in identifying fraudsters.
References
Amoroso, D. L., & Magnier-Watanabe, R. (2012). Building a research model for mobile wallet consumer adoption: the case of mobile Suica in Japan. Journal of theoretical and applied electronic commerce research, 7(1), 94-110.
Bhasin, T. (2016, January 24). Wallet frauds on the rise. Retrieved March 23, 2016, from http://wap.business-standard.com/article/pf/wallet-frauds-on-the-rise-116012400764_1.html
Comviva, M. (2015, July 16). How is Security Ensured in Mobile Wallets? Retrieved March 23, 2016, from http://blog.mahindracomviva.com/what-is-mobile-wallet-security/
Ellis, S. M., Kennedy, M. J., Kurani, A. B., Lowry, M., Meyyappan, U., Sahni, B., & Stroke, N. (2014). U.S. Patent No. 8,639,621. Washington, DC: U.S. Patent and Trademark Office.
Gilman, L., & Joyce, M. (2012). Managing the Risk of Fraud in Mobile Money. GSMA: Mobile Money for Unbanked (MMU).
Kawa, L. (2016, March 11). Money Is Flooding Back Into One of Wall Street's Most Popular 2016 Trades. Retrieved March 23, 2016, from http://www.bloomberg.com/news/articles/2016-03-11/money-is-flooding-back-into-one-of-wall-street-s-most-popular-2016-trades
Pegueros, V. (2012, November 1).Security of Mobile Banking and Payments. Retrieved March 23, 2016, from http://www.sans.org/reading-room/whitepapers/ecommerce/security-mobile-banking-payments-34062
Pogue, D. (2015, February 1). How Mobile Payments Are Failing-and Credit Cards Are Getting Better. Retrieved March 23, 2016, from http://www.scientificamerican.com/article/pogue-how-mobile-payments-are-failing-and-credit-cards-are-getting-better/
Sachin, D. (2015, August 12). Mobile wallet fraud set to rise in India: Deloitte. Retrieved March 23, 2016, from http://articles.economictimes.indiatimes.com/2015-08-12/news/65490451_1_fraud-risks-deloitte-india-money
Smith, G. (2011, September 20). Mobile Wallets: Security and Privacy Questions Raised By New Google App. Retrieved March 24, 2016, from http://www.huffingtonpost.com/2011/09/20/mobile-wallet-security-privacy_n_972192.html
ThreatMetrix,. (2015). What’s Happening with Mobile Device Payments Is Criminal - ThreatMetrix. ThreatMetrix. Retrieved 31 March 2016, from https://www.threatmetrix.com/whats-happening-with-mobile-device-payments-is-criminal/
Top Ten Reviews,. (2016). The Best Mobile Wallets of 2016. Top Ten Reviews. TopTenREVIEWS. Retrieved 31 March 2016, from http://mobile-wallets-review.toptenreviews.com/
Voo, B. (2013, March 28). Digital Wallets – 10 Mobile Payment Systems To Take You There.Hongkiat.com. Retrieved 31 March 2016, from http://www.hongkiat.com/blog/digital-wallets/
Wise, L. (2013, March 18). Mobile wallet technology raises privacy, security concerns. Retrieved March 23, 2016, from http://www.mcclatchydc.com/news/politics-government/article24746851.html