Mobile pay hits security speed bump
If you aren’t accepting mobile payments today, it’s likely you’re considering ways to embrace them in the near future. If you haven’t given it serious thought, don’t worry. Mobile payment is still very much in its infancy.
Still, we’ve come a long way since Starbucks introduced its mobile wallet app in 2009. In their case, being an early adopter paid off. That mobile wallet now accounts for 11 percent of Starbucks’ sales. Other businesses are adopting similar mobile technologies to make purchases faster and more convenient for customers.
Here to stay
But not everyone can be an early adopter. While most of us are still learning about the benefits and pitfalls of mobile payment, it’s likely here to stay. The number of people in the U.S. using their phones to pay for goods and services at the point of sale will continue to climb steadily, with 2016 being a year of significant growth for the technology. According to the latest proximity mobile payments forecast from eMarketer, the total value of mobile payment transactions in the United States will grow 210 percent in 2016.
And, it’s easy to see why. Mobile payment adds a layer of convenience for consumers, especially as they learn more and become comfortable with it. At the same time, businesses that want to offer customers this quick and easy option are finding innovative ways to merge mobile payments with incentive and loyalty programs. It seems like a win-win. However, in reality, one thing seems to be holding us back and that speed bump is data security.
For consumers and businesses alike, mobile payments just feel risky. And that risk can be costly. According to IBM, the average consolidated total cost of a data breach is $3.8 million.
Balancing the benefits of mobile payment with its potential vulnerabilities makes many franchisors, and even their customers, a little nervous. Let’s face it, protecting transaction data in the traditional sense is hard enough.
Today, despite growth predictions, many franchisors remain unsure of how to bring mobility into the payment mix while also protecting customer and other sensitive data while maintaining PCI-DSS compliance, as the regulations are known. Many of us are looking to franchises including Taco Bell, Dairy Queen, Dunkin’ Donuts and Burger King that have paved the way and are testing out mobile payments. But, where do you start and how do you do it right?
Most businesses overlook a very simple, yet important first step. That is, you must have a clear understanding of the type of data you are processing and how that data will be transmitted. This is critical.
Regardless of how you accept mobile payments (mobile wallet, brand-specific app or via swipe on a tablet), it all boils down to this: any data touching the local area network (LAN) is subject to PCI-DSS and must be protected. It doesn’t matter if it is encrypted or tokenized. If it is touching your network in any way, you have to secure it.
For example, if your business accepts mobile payments and that payment data is processed over a Wi-Fi network, it is critical that the network is secure and that data is segmented from other traffic. If it isn’t, you’re not only out of compliance, but you’re also extremely vulnerable. To get this level of understanding, start with these key questions:
1. How are customers paying (with a card or cardless)?
2. Are they using a card to pay on a tablet?
3. Are they paying with a proprietary app or with a mobile wallet such as Apple Pay?
4. Does payment data travel over a cellular network or is it transmitted over a Wi-Fi network?
5. What type of data am I transmitting and what are the various touch points for that data within my business?
Answering these questions is a great starting point. Another point to consider is the common misconception that payment information accepted on a device that is not physically hard-wired to the network is automatically secure. This is not true. It may be more difficult for a hacker to get the data, but it isn’t impossible.
Franchisors need to understand that moving to mobile or wireless payments is not a panacea to their security problems.
Mobile payments are not something you can implement overnight. It can be extremely complex and given the fact that one breach can be enough to put you out of business, it is worth taking the time to do right.
For that reason, many businesses turn to the help of a third party with expertise to help navigate the complexity and requirements. The right partner will be able to help you identify risk, secure data and ensure compliance so that you can focus on brand loyalty and growing the business.
Gregory Grant is the senior director of sales and business development at Phoenix Managed Networks, the provider of PhoeniXSentry, a cloud-based network security service. Reach him at email@example.com; or www.phoenixmanagednetworks.com.