Will Apple Pay kill the QR code?

apple pay

An interesting question – and of course Apple Pay will not kill the QR code per se, because the QR code does a lot of different things – most notably allowing a camera on a ‘connected’ device to quickly access material without the need to type into the device, and to effect various instructions.

However, with Apple having just ‘raised the bar’ significantly in its launch of ApplePay it will undoubtedly remove the possibility for the QR code to ever gain any ground – or to make any business case again as a payment enabler. The ApplePay infrastructure is very clear now (well it is not clear at all, but we can draw together the following parts of the infrastructure:

a) The adoption of EMV and a well-practiced security is adopted.

b) NFC enabled transactions (whether you like it or not – whether it has an EU or USA adoption rate) – which ensures that the NFC standard is adopted, and they the EMV Co protocols and encryption is present.

c) Tokenisation – to protect the personal details

d) Two/Three factor authentication – i.e. using the scanned fingerprint (or whatever is scanned to validate the transaction) and then Geo-location and/or device profiling too.

e) A reduced costs (interchange fee) and liability protection for pretty much all parties.

So why not do any of this with a QR code? Technically, this is almost all possible, but of course technical possibility and a good idea in the QR codes won’t make this work. Using a QR code produced by a device (that the consumer has) would look pretty, but would mean that:

– The customer has to enter the transaction details to validate – unless another way of communicating with the merchant was created and standardised globally.

– The protections that are in the chip on a card and in the secure area in the device where the card details are stored including floor limits, counts, rules, service codes and resets would all be bypassed.

– The secure part of the chip used and set-up by Apple would have to be accessible by developers to create QR codes – which Apple should never allow (due to a compromised of that secure element (and probably not allowed by the banks/schemes either); and because they would probably not want others to use their rails – due to commercial protectionism.

– Retailers would have to create new software and protocols for reading the QR codes at the points of sale, and then create EMV CO protocols to be used to secure the transactions – which of course would preclude the retailer validation or a two way dialogue with the card / secure element.

– And ALL vendors would have to build standards for this and compete with their proprietary protocols and add massive costs for retailers.

– 3FA or further authentication validation would be impossible/hard to introduce without the EMV / NFC standards backbone.

This creates the underlying problems in:

a) The EMV Co and NFC standards, which require that there is a 2-way hand-shakes and communication with the device and the secure element and a decryption process would be circumvented.

b) The card schemes, who will have required the NFC to be adopted as the communication vehicle for the transactions to be permitted in Apple Pay would be removed,

c) The issuers to allow the transaction to attract the interchange concession, to be transacted using the EMV Co / NFC standards and a channel that can be used to validate the transaction and ensure closed security would be gone.

Accordingly, the security, payment guarantees, standards and security would all be removed or circumvented. So QR codes in the transactions for payments can now never be progressed – as Apple has surely killed it off in one single stroke by introducing something far superior, far more future proofed and adopting all the latest and global ‘industry standards’ to do this through – in a way that no-one else could have achieved and made to happen.

QR codes were only a transient interim technology, that only had a place in small ways to bridge the gap that has now been theoretically bridged.

We have heard a LOT about the impact of the ApplePay announcement on who/what will be affected, but one thing is sure: It has killed the QR code as a payment vehicle – but of course it will ‘live on’ as a very good ‘informational application’ tool where it has been used thus far – i.e. to stop people needing to type various things into a device.

Adopting QR code developments with access to secure elements in the device CHIP is NOT an option, and it is VERY VERY VERY VERY VERY unlikely that the access to the secure element (i.e. the underlying security) will be accessible to TP developers in this way either.

Author Bill Trueman, is an independent Payments, Fraud & Risk Specialist and Managing Director of UK Fraud and Riskskill

Source: https://www.linkedin.com/pulse/article/20140915153149-6227568-will-apple-pay-kill-the-qr-code

Advertisements

Will The PSR changes work

fraud and risk management specialist

The Payment Services Regulator may make major UK infrastructural changes and legal changes to ‘open up’ the payments industry and access to it in the UK in order to encourage innovation. They have the powers to do many things, but care is certain needed. Caution is most certainly needed.

a) Only yesterday, I received an email telling me that they are not well staffed and resourced; and from my discussion and the stakeholder meetings so far, it appears that they have very little payments industry experience in the team. The objectives of the PSR need to be clear and not driven by a few disgruntled small banks wanting free access to many established infrastructures that are maintained and paid for by all of us.

b) There seems to be a format for these types of regulators who adopt an ‘economic’ regulator agenda. This format of addressing these things has opened up the telecoms networks to new operators, and the water pipe infrastructure in the water business (and Gas and electricity), and the PSR CEO comes straight from one of these. But payments are not the same, and without payment industry knowledge there is a danger that the PRS will regulate in the same way. Some creativity is required by the PSR – to ensure it does not simply act in ‘the same way’.

c) The biggest danger is that because payment systems are global and becoming more global, and as the UK is a leading global payments hub, that action by the PSR will make the UK market something different – uncompetitive, and isolated – so care must be taken NOT to do this.

d) The main restrictions on the payments ‘gateways’ are not competitive or restrictive as they were with water, electricity, gas and telecoms. The payments infrastructure is open to anyone who wants to ‘play’. The bigger restrictions are quite rightly about the governance and controls over money laundering – which requires very tough controls and restrictions to be imposed, managed, and governed. Again, The PSR needs to step carefully.

Author Bill Trueman, is Payments, Fraud & Risk Specialist and Managing Director of UK Fraud and Riskskill

Source: https://www.linkedin.com/pulse/article/20141015091911-6227568-will-the-psr-changes-work

 

UKFraud Mobile Payment SIG Urges Greater Stakeholder Collaboration

business3

Leading corporate risk prevention consultancy and analyst UKFraud (www.ukfraud.co.uk) has released an interim update on their on-going research and market analysis of mobile payments and related mobile initiatives. The findings follow an earlier warning to stakeholders about a ‘cocktail of emerging risks’ as a consequence of rapid growth in the global mobile payments market. Key findings of the interim report are as follows:

The marketplace and market activities continue to be exceptionally fast-moving as regular announcements from many parties herald major changes in available offerings, applications and technologies. These are becoming increasingly complex in a crowded market. New entities join the melee all the time, trying to stake their claim and demonstrate their role in the mobile payments process.

Few of the companies or stakeholders appearing in any one part of the market have a comprehensive view of the whole market (e.g. web developers trying to become payment gateways).

People think, write and discuss this market only in the relative terms of today’s marketplace and as such they are generally constrained by traditional payment models. This ensures that what they write is often out of date reasonably quickly.

Nomenclature is a problem. When industry pundits and stakeholders talk about “mobile wallets”, this can mean many things to different people. Areas can include: Web applications and in particular web-payments, Near Field Communications, online banking services and device loaded payment solutions. However, the term also encompasses ‘ticket’ repositories, loyalty voucher storage, password vaults, club membership passes and password encryption.

The definition of a ‘wallet’ is likely to change too. Initially, stakeholders have thought about a ‘wallet’ solely as a money repository. We should think about it more as somewhere where we put all those other personal items like tickets, coupons, vouchers, payment details and log-on credentials. The market should be  talking not about electronic wallets but about the  new ‘bigger thinking’ i.e. caring about our ‘handbag’ or ‘briefcase’, which might also contain other essential possessions, e.g. a wallet, ticketholder and list of passwords as well as a wide assortment of the other things that we collect and store there.

Technology advances and tech start-up innovations have led to a surge of many innovative products and services for consumers to keep abreast of and surveys show that people are confused. So how do these things all work, and how can they be integrated? Innovation and advances are positive and people are ever-chasing‘first-mover advantage’ – without the tools to deliver sustainable and secure solutions.

But this means that many will fail. They will not meet the challenges of scale, or develop a critical mass in terms of profitability or market presence. Most will be at risk of major fraud attacks as they grow. The legal or other losses could be overbearing once they start to attract the attention of criminals, regulators and other parties that raise the need for payment system compliance enforcement.

Noting the element of competition that exists and despite the flurry of activity to date, there still appears to be a distinct lack of broader collaboration, coordination and vision for where the market is or will be going.

Conversely, larger organisations and participants may have the market and brand presence, the necessary infrastructure and technology platforms, etc., but they suffer from the constraints of their own size and governance. Such players are typically more deliberate and laboured in their innovation development process. Where they are large payment organisations, for example, they often have a reputation to protect and secure infrastructure to maintain, upon which their reputation is founded.

They are typically more aware of risk management concerns plus the implications of regulatory input and feedback on their proposition. Consequently, these participants are unable to move as fast as they would like or as others would expect.

So, for both existing and for new participants in this market, as well as competing, they also need to think about how their product fits into the wider market and customer needs. Whilst speed to market is important, they need to achieve this with a robust, secure, future-proofed product or service. This should use today’s technology but that which is both business-proof, and commercially viable. This is difficult for any one organisation to achieve in isolation of others. The answer lies in collaboration and also in setting appropriate shared standards and governance.

Authentication of an ‘extended’ identity,  including that of devices, will be one of the single most important factors in the evolution of solutions, products and the global direction of standards.

Kevin Smith, Chair of UKFraud’s Mobile Payments & Wallet SIG reports on the state of evolution taking place in the marketplace and key findings. In his view, “There needs to be room for innovation and competition in payment systems, to ensure that the evolution of these new technologies and business-models is combined in ‘life-managing’ value-add solutions.  To be truly effective, this requires sector wide collaboration.

“The technologies, applications and solutions consist of many more components than suppliers can handle; and the solutions that are being evolved often miss the security and risk infrastructures required. Particular areas of weakness include: AML checks on identities and refer-listings, controls over and monitoring of hardware validation and the business being undertaken. Security of the software and the data transmitted is another area that requires greater focus. As the market is growing so rapidly the SIG is concerned that controls and proper infrastructure is often inadequate.”

The SIG sees the on-going challenge as putting in place the basics of proper checking, standards procedures, processes and highlighting the infrastructures needed. It also sees a requirement for setting base security thinking in place; to prevent the inevitable ‘crash’or a series of likely expensive regressions. This will prevent:

Different systems, standards and ‘languages’ that evolve needing to be merged

Big losses from criminal attacks

Abuse of systems for illegal and disreputable activity

Major failings of all of those parties who invest in the ‘wrong direction’

Adverse brand damage for key participants and stakeholders.

Commenting on the findings Bill Trueman CEO of UKFraud commented; “Every boardroom is confused about where this market is going and how to act and direct its efforts. This is because it is so clear that this will be the global future for consumers and suppliers. The big challenge is how to be successful as the landscape changes globally.

“Companies of all sizes face concerns. Many major corporates with strong security and infrastructure are worried that they can’t adapt to the future just as the thousands of smaller entities are trying to ‘create a solution or market’ with only a small piece of the jig-saw and none of the infrastructure or security or standards based upon interoperability required.

“There is no crystal ball for anyone to rely upon and there is still a tremendous amount of bravado with people developing new and ‘sexy’ solutions that will probably not work. Typically there are the 90% that will fail and the 10% that might be successful. The simple truth, from the SIG’s findings, is therefore that those that collaborate will be better positioned for success.”

About UKFraud (www.ukfraud.co.uk)
UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

News Source

UKFraud Seeks To Reduce Mobile Wallet Payment Risks

Following the recent launch of its mobile wallet consultancy practice, risk and fraud prevention consultancy UKFraud (www.ukfraud.co.uk) has launched a range of analytical, consultancy and advisory services aimed at helping businesses in the mobile commerce and payment solutions space to ensure that their products are ‘right’ before they hit the market.

The consultancy practice was established to provide strategic advice and direction to protect mobile solution providers from creating new payment architecture solutions with insufficient protection from data breaches and other risks.  In addition, the new services offered by the practice are designed to deliver a comprehensive  assessment of new wallet product strategies. In particular, the UKFraud services will ensure that wallet providers incorporate the right customer ID and authentication technologies and processes.

In advising producers of future wallet type products, the practice’s services draw upon the research, findings and in-depth analysis of the market by UKFraud’s own Mobile Payment Special Interest Group (SIG). In its findings, the SIG recognised the need for all financial product stakeholders to develop risk reduction strategies capable of matching the projected rapid growth of the global mobile payments sector over the next eighteen months.

The launch of the new range of services  reflects a significant increase in the development and appearance of a range of wallet type products in the market. These include a number of recent, positive and influential developments, such as those from Google with their Wallet, mPowa, Skrill, and Apple with the launch of its well-received iPhone 5S with integral fingerprint reader.

The UKFraud practice also advise on a broad range of devices, architectures and platforms including smartphones, tablets and app software along with the likely fraud risks of transporting mediums such as the internet and/or mobile carriers, including NFC, Bluetooth or Wi-Fi, and entry into traditional payment gateways.

A key element of this advice is in the areas of ID and authentication. There are a number of different forms of ID and authentication techniques that wallet products can use.  These  combine traditional physical processes and technology checks with increasingly more contemporary ones such as biometrics. UKFraud aims to ensure that all elements of these technologies and processes are developed or evolved to be ‘user-proof’ as well as ‘fraudster-proof’. Key elements of a proper wallet infrastructure should include:

1. Authentication of user identity.
Someone, somewhere must always be able to verify the identity of the individual who owns the device, or at least to have protection against possible identity theft attack in the future. This is as true for any such form of identification, whether it is through a traditional approach or through evolving biometric checks. Currently there are few consistent standards in the methods with which a user’s bank account, payment preferences, or even credit history is  tied into biometric records in order to gain access to such details. This area is especially significant, as there are serious existing layers of legal requirements for identifying customers for all money transmission providers who have to meet Money Laundering, Drug Trafficking and Prevention of Terrorism compliance standards. Future Wallet providers cannot be exempt here if they are involved in the creation or handling of financial ‘events’. Thus the authentication of IDs to meet these current standards must accompany all biometrics validation tools and not be replaced by them. For this reason there must be careful planning to ensure that new identification methods are founded on strong foundations.

2. Validation of the technology architecture.
Emphasis also needs to be placed on any secure repository for the data collected. This includes analysis of where the data is securely held and how accessible such repositories are to others and just how well encrypted the data is. However, equally all transmissions that contain sensitive data need to be ‘looked after’ and protected over time. In addition, the processes, technologies, validation of identity and the transmission of sensitive data must all be based upon a technology and process base that is globally useable, acceptable and safe. UKFraud feels that this explains why so many organisations are baulking at the prospect of taking action in a non-standardised direction which risks everything.

3. Interoperability
As so many solutions are still evolving, ‘wallet events’ especially those where payment occurs, can be very different in nature. Equally where any biometrics or codes and/or passwords are used and transmitted this must also be stored somewhere in the ‘wallet’, in a device or in a cloud based solution. This is a point of risk and the potential target for attack. Further, there is  also other personal user identity data such as  entry tickets, vouchers, discount codes, club memberships, allegiances, contacts and diaries that the market has have not yet contemplated storing electronically on the mobile ‘wallet’.   This all needs to be compatible or interoperable. This interoperability often needs to be global too. The only global operability standards today rest with the major Card Scheme payment solutions which are globally linked, and completely standardised, by virtue of the authentications and controls that have evolved over decades. These are also safe and robust when dealing with criminal attacks and failures.

4. Transferability
Taking it a step further; consumers will most likely require the ability to change ‘wallet’ or data solution provider, so that we can have everything that we need still available to us when our ‘device’ breaks or changes. This facility needs to be built into the wallet and UKFraud will question whether  the new and innovative solutions they examine  follow the same or common standards that enable customers to move their funds, data and information from one provider to another with ease.

5. Reliability
A challenge that some biometric authentication has traditionally had, in addition to the commercial rollout realisation, is how well it actually works. Some of these technologies, through lack of global standards and specifications, have on occasion been the subject of perceptual concerns about some of the systems’ reliability in storing and validating data against biometric records as a consistent form of identity.

UKFraud believes that it is essential that the issues of what is stored, along with where and how it is stored need to be governed well. This includes a wide range of issues around what the fall-back is – i.e. what happens when users get locked out of their smartphones for instance – and where the data is stored and how recoverable / retrievable is it?

According to Bill Trueman the CEO of UKFraud, “Our clients understand these practical ID and authentication issues as part of their ‘wallet’ designs, and we assist them in closing gaps and weaknesses. Once these are ironed out, they can plan for the future in what is a fast and growing market filled with uncertainty and challenge. It is inevitable that many of the growing businesses in this area will fail simply because of criminal attacks or because the consumer, the merchant, the supplier or market simply ‘goes in a completely different direction’. Future-proofing is a prudent course of action and one which UKFraud helps with but of course no-one has a crystal-ball.

“As there are already so many new technology developments in mobile payments and m-commerce in general, we still haven’t seen a ‘full-on’ response from some of the main traditional ‘payment’ organisations yet. Equally, outside of  the excellent steps being taken by the European Payments Council, there is not enough heard from governments and regulators relating to governance of the sector, controls and requirements for eMoney, enforcement direction or  strengthening of the Money Laundering requirements to cover the sector. We are confident though that The European Payments Council will take a strong lead here soon.

“Fortunately, the recent launches by sector leaders such as Google and Apple have had extremely positive impact and have influenced the market greatly for the better. Our aim in recognising both the beneficial impact of recent market developments and the prospect of announcements from Europe will help other organisations navigate the best route forward for their products, thereby helping them reduce the risks of their own solutions within the broader mobile solutions and mobile ‘wallet’ space.”

News Source

UKFraud Launches New Mobile Wallet Consultancy Practice

Against a backdrop of recent developments in the mobile wallet and mobile payment device technology sectors, risk and fraud prevention specialist UKFraud (www.ukfraud.co.uk) has launched a new mobile wallet consultancy practice. The move reflects recent positive and influential developments from Google with their Wallet and more recently from Apple with the launch of its latest iPhone with an integral fingerprint reader. The announcement also reflects the in-depth analysis of the market by UKFraud’s own Mobile Payment Special Interest Group (SIG), which has recognised the need for all financial product stakeholders to develop risk reduction strategies capable of matching the projected rapid growth of the global mobile payments sector over the next eighteen months.

The new consultancy practice will provide strategic advice and direction to a wide range of mobile payment sector organisations that aim to reduce the risk of moving their products and services to an emerging wallet architecture. This could apply to new devices (including phones, PDAs and tablets), software (including Apps and browsers) and most importantly to the authentication systems that are to be considered, validated and used. The consultancy also advises on the fraud risks of transporting mediums such as the internet and/or mobile carriers, including NFC, Bluetooth or Wi-Fi. The service will also aim to ensure that money and time invested is not wasted by developing superfluous wallet based products that will not ‘fly’.

Kevin Smith, the Chair of UKFraud’s Mobile Payment SIG, can see a role for the provision of detailed guidance to mobile wallet and mobile payment organisations whilst key sector bodies grapple with how the markets need European wide codes of practice. In his view, “The European Payments Council is just one leading body that is working hard and well to evolve a common understanding and nomenclature for this complex and fast changing  environment. We are keen to see both their vision and the on-going fruits of their labour. However, in the meantime, the global mobile payment market and other key stakeholders have recently been influenced in a very positive and promising way by a series technological launches by market leaders such as Apple, Google and locally by mpowa.

“Those who choose to hone their products around these technologies need urgently now to ensure that there are clear technical rules and constraints, understandable principles and frameworks around what they develop. This includes the related requirements of authentication, reliability, interoperability and transferability. There is therefore clearly a role for advisors to deliver defining guidance to such organisations as how they can minimise the risks involved to both their organisations and their customers. This guidance should also point to the likelihood of emerging standards both at a European and indeed global level.”

Bill Trueman, CEO of UKFraud acknowledged Kevin Smith‘s view and commenting on the launch of the new practice added, “There are already so many new technology developments in mobile payments and we still haven’t heard from many of the main traditional players yet, probably because they are still gathering their thoughts or formulating business cases. Fortunately, the recent launches by sector leaders such as Google, PayPal and Apple have had an extremely positive impact and have influenced the market greatly for the better. Our aim in recognising both the beneficial impact of these recent developments and the prospect of announcements from Europe is to help organisations navigate the best route forward for their products and to help them reduce the risks of their own solutions within the broader mobile wallet ‘space’. Consequently, we hope to make a number of major announcements shortly regarding the specific areas of help related to particular mobile wallet and payment device products and propositions.”

News Source

 

UKFraud Launches New Mobile Wallet Consultancy Practice

Against a backdrop of recent developments in the mobile wallet and mobile payment device technology sectors, risk and fraud prevention specialist UKFraud (www.ukfraud.co.uk) has launched a new mobile wallet consultancy practice. The move reflects recent positive and influential developments from Google with their Wallet and more recently from Apple with the launch of its latest iPhone with an integral fingerprint reader. The announcement also reflects the in-depth analysis of the market by UKFraud’s own Mobile Payment Special Interest Group (SIG), which has recognised the need for all financial product stakeholders to develop risk reduction strategies capable of matching the projected rapid growth of the global mobile payments sector over the next eighteen months.

The new consultancy practice will provide strategic advice and direction to a wide range of mobile payment sector organisations that aim to reduce the risk of moving their products and services to an emerging wallet architecture. This could apply to new devices (including phones, PDAs and tablets), software (including Apps and browsers) and most importantly to the authentication systems that are to be considered, validated and used. The consultancy also advises on the fraud risks of transporting mediums such as the internet and/or mobile carriers, including NFC, Bluetooth or Wi-Fi. The service will also aim to ensure that money and time invested is not wasted by developing superfluous wallet based products that will not ‘fly’.

Kevin Smith, the Chair of UKFraud’s Mobile Payment SIG, can see a role for the provision of detailed guidance to mobile wallet and mobile payment organisations whilst key sector bodies grapple with how the markets need European wide codes of practice. In his view, “The European Payments Council is just one leading body that is working hard and well to evolve a common understanding and nomenclature for this complex and fast changing  environment. We are keen to see both their vision and the on-going fruits of their labour. However, in the meantime, the global mobile payment market and other key stakeholders have recently been influenced in a very positive and promising way by a series technological launches by market leaders such as Apple, Google and locally by mpowa.

“Those who choose to hone their products around these technologies need urgently now to ensure that there are clear technical rules and constraints, understandable principles and frameworks around what they develop. This includes the related requirements of authentication, reliability, interoperability and transferability. There is therefore clearly a role for advisors to deliver defining guidance to such organisations as how they can minimise the risks involved to both their organisations and their customers. This guidance should also point to the likelihood of emerging standards both at a European and indeed global level.”

Bill Trueman, CEO of RiskSkill and UKFraud acknowledged Kevin Smith‘s view and commenting on the launch of the new practice added, “There are already so many new technology developments in mobile payments and we still haven’t heard from many of the main traditional players yet, probably because they are still gathering their thoughts or formulating business cases. Fortunately, the recent launches by sector leaders such as Google, PayPal and Apple have had an extremely positive impact and have influenced the market greatly for the better. Our aim in recognising both the beneficial impact of these recent developments and the prospect of announcements from Europe is to help organisations navigate the best route forward for their products and to help them reduce the risks of their own solutions within the broader mobile wallet ‘space’. Consequently, we hope to make a number of major announcements shortly regarding the specific areas of help related to particular mobile wallet and payment device products and propositions.”

News Source

4 Reasons Why Mobile Payments Are Risky

Mobile Payments Challenges, Risks, and Solutions

The expected rapid growth of the mobile-payments market will create a potential “cocktail” of different risks that pose new challenges for risk managers and other players in the sector.

That’s one finding in new research from RiskSkill, a corporate risk prevention consultancy, and a division of UKFraud.

Riskskill studied developments in the mobile-payments arena, including all types of mobile payment services – mobile money and mobile wallets – which are subject to financial regulation and performed from or by mobile devices. The consultancy has identified some key risk areas:

1. The scale of sector growth and technology change. Riskskill says many risk professionals are concerned about projections that the mobile-payments business will reach $1 trillion in global transactions by 2015. That growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

2. The globalization of mobile payments. The explosive growth of m-commerce in China, India, Latin America and the Far East are a concern, Riskskill says. Recent data from the ITU (International Telecommunication Union) points to global mobile subscriptions now reaching 6 billion. In some of these newer areas, the mobile-payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, while the growth figures are impressive, the rate of growth could draw into question whether the existing and, on occasion, young nascent regulatory systems and controls are sufficient to cope.

3. Consumer communication and information risks. Riskskill says the sector consists of a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused, and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems which will not have been put in place by all the main players, at an early stage, as some will only just have kept up with competitive product development, Riskskill advises.

4. Are standards and regulation outpaced? The impact of this rapid technology evolution could threaten the applicability and implementations of many existing standards programs. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change.

“It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector,” said Riskskill CEO Bill Trueman. “This is a simply enormous issue to address. Organizations and indeed many governments are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a tall order and only time will tell if it is possible.”