April 3, 2011

Social Network Payments - Are we ready?

The next level in payment methods currently being used around the world is on its way. The emergence of social networking sites has led to establishment of a full fledged money exchange system for goods online. It means, real goods can be bought with real money using just your social networking identity, with a single click.

However, while some of the worlds largest social networking sites are busy preparing themselves for a big step into the payments industry, there are a few niggles that still need to be fixed.

Problem areas:
Personal information is loosely available
Getting hold of any sensitive cardholder data is not a tough job for hackers nowadays due to rise in consumer "unawareness" on the internet. Sensitive data like birthdays, last School/University attended, favourite people in the world or favourite books etc. All these information are loosely available on the internet. The problem lies where the Banks and Financial institutions use the exact same information for their account holders to authenticate themselves.

Fraud Market
Its a real market out there. Thieves are making huge earnings by just selling the customer sensitive data online to the fraudsters who use it for their benefit. Users continue to freely post their personal information in the so called private online space. With social networking gathers more pace day-by-day, as far as such frauds groups are concerned, they not only do benefit gathering end user data but can also directly put it to use on the same sites now to steal even more money.

Apps or Trojan?
Free apps are available online in numbers, while end users (tempted to make their lives even more easier) download and install such apps without thinking twice. More often then not the apps are trojans which requests basic user information. These rogue pieces of softwares are nothing but malicious codes that continuously gathers the end user data and transmits them back to the criminals. With the Social media payments becoming more lucrative for such gangs to operate, further rise in crimes involving such groups may become hard to avoid.

User Trust
Companies will have to work towards setting up the most robust security service possible to keep the fraudsters away and gain that priceless trust factor. More attention in terms of security of end users might cost them a little extra bucks, but making the end user feel secured in their payments world would be a battle won for the several players who are trying to earn their way into Social media payments market.

Users acceptance
The end user, should not be underestimated at all while the right payment system is being created. If the payment technique integration does not gel with the applications online, it will quickly put the users off. The companies might want to keep users transition from games/shopping online to a completely different mode for payments as smooth as possible. Any deviation from their purpose online may well create an unhappy mood on the web.

Identity theft
Identity thefts result as more and more consumer details are made public. Consumer buying patterns will have visibility on social networking world with little privacy. As users willingly expose their identities on social networking sites, they are also likely to trust the sites with their card numbers and bank details too. Making it more easy for a fraudster to impersonate as a genuine person online.

Rise in phishing attacks
Phishing attacks may rise as fraudsters try the new avenue to lure the consumers into buying their legitimate ideas. With bank account identity directly linked to a person's social network identity, one ID theft can open several other fraud avenues for hackers.

Experience
Financial institutions worldwide have been trying hard for years now to detect fraud early. That, alongside several other issues involving the whole payment services infrastructure, demands quite a bit of experience in this industry. While social networks might have expertise around consumer behaviour patterns and preferences, charge-backs, reversals, fraud payments and various payments processing overheads are on completely different tracks.

Counteractions:
- Limit the amount allowed to be spent. By setting a clear limit might atleast avoid huge monetary losses to the consumers and financial institutions overall.

- The responsibility also lies with the end user by offering as much less personal details online as possible. The users can definitely play a very important role in industry's surge towards cutting down online fraud. If detecting fraud cannot get any simpler, making it easier for fraudsters is something that atleast can be avoided. No one can be de-linked from the social networking world if he/she does not provide minute by minute details of themselves on the internet.

- A trick can be used by the users themselves by presenting a vague picture rather than precise personal information. Instead of using Mothers maiden name, a pet name can be provided. Authors name can be provided instead of favourite books. Favourite teachers initials can be used instead of exact full name. Using information like which color wallpaper you used on your very first mobile phone is not something that hackers can find out easily online.

- Consumers need to be educated more by the companies on downloading and using apps to their benefit as its clearly not the developers responsibility to do that.

- Regularly checking all the movements on personal accounts. This can definitely help the users to better know their spending patterns while allowing the financial institutions to monitor any suspicious behavior too.

January 30, 2011

To NFC or not to NFC?

Incorporating NFC technology with mobile phones has resulted in a new alternative payment method which is considered a revolution by some industry analysts. The NFC technology is to be adopted by financial institutions and mobile phone companies together. But many fear being a victims of new wave in payments fraud. While 'Flash phone to pay' idea sounds to be the easiest and the most convenient method till date, there are still a few things to consider from the technology and infrastructure point of view.

Technological considerations:
Near Field Communication (NFC), a wireless technology which allows devices to transfer data from within a short distance, is considered a revolution since it takes just a touch on the reading device to complete the whole payment process. But not everything it touches provides ease and convenience. What if the reader is brought closer to the NFC enabled device to 'steal' data.

- Imagine a small portable skimming device which can fit in a pocket. The fraudsters can steal data by simply brushing past people in crowded places. Sensitive user information can be captured from hundreds and thousands of such compatible devices out there. Any acknowledgment signals like a beep or vibration can easily be worked around by small time hackers.

- Another problem area where a constant threat remains, as with all wireless communications, is exposure to data leakage. Hackers, by means of sniffing the airwaves can track stored cookies and can then easily disguise as a genuine user to steal bank details. Payments fraud cases may rise to a much higher level then what Credit/Debit cards offer at present. A score of customer sensitive information could be available for hackers to misuse them.

- A well known denial of service attack can directly impact the service providers and mobile companies alike. As the end user's lose the trust and patience with the service. Once the NFC enabled device is hacked into, calls or texts can be made unknowingly for the victim. In a variation the calls can also be made to divert from their original destinations. The consumer again, ends up losing from all fronts.

Infrastructural considerations:
Device manufacturers and the financial institutions are well aware that payments with NFC demands a highly secure environment. NFC does offer endless possibilities though. But questions still remain in terms of end user and merchant acceptance alongside many possibilities for  technological glitches and criminal intent.

- For Merchants, its the burden of extra cost involved for deploying compatible cash registers in addition within the current infrastructure built upon Pay by cash and Pay by card systems.

- The consumers are not actually looking for any alternative payment method as such and neither do every single shopper has access to a smart phone.

Considering how many merchants and a few consumers readily adopt mobile payments, the transaction volume will be too low, in turn raising the transaction fees for the merchants and retailers. So, as for the Merchants and Consumers, its a "Who goes first?" situation.

From the payment industry point of view, educating the merchant and consumer communities is a top priority as their behavior is highly susceptible to concerns of security. At present, plastic cards have been working well and NFC is not actually replacing an ineffective system in first place.

The 'Flash phone to pay' idea has enormous market potential, but the payments eco system demands huge developments by the involved parties to be better able to add this incentive into already effective payment infrastructure.