RiskSkill Warns That Risks Will Grow Together With The Mobile Payments Sector

fraud and risk management specialist

The leading UK corporate risk prevention consultancy and analyst Riskskill is warning that the expected rapid growth of the global mobile payments market will create a potential cocktail of different risks that pose new challenges for risk managers and other stakeholders in the sector.

In its latest research, Riskskill studied developments in the mobile payments (M-Commerce) arena, i.e. all types of mobile payment services including mobile money and mobile wallets, which are subject to financial regulation and performed from or by mobile devices.

Riskskill identified where it feels the key areas of risk lie in the sector, including:

1. The scale of sector growth and technology change

With commentators suggesting that the mobile payments sector will reach US $1 trillion in global transactions by 2015, the Riskskill research highlights that many risk professionals are concerned by the sector’s significant rate of growth. In Riskskill’s view, this rapid growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

Riskskill recognizes that as a consequence of this growth, one of the greatest challenges to the development of plans and strategies that align organizations within the mobile payments sector is not only the diversity of sources of change but also the sheer speed of technology change be this hardware, software or the technology platforms used.

According to Riskskill, the main ‘mobile payment’ players are now extremely keen to produce the next ‘big thing’ and this is reflected in the significant investment being made. Many feel that Apple with its i-infrastructure and significant market presence has the potential to launch something ground-breaking within iOS7. Other market leading names such as PayPal, Google and Amazon are also likely to have a significant and positive market impact with upcoming developments of their own, as will global and EU based telecom infrastructure owners. The international card schemes too, believes Riskskill, have a positive influence on the development route(s) in the sector, as will many other highly innovative and respected third parties including: iZettle and mpowa.

Riskskill believes that it is the technology organizations that act the most responsibly and altruistically now that will help minimize market risks over time. They are concerned though that in the rush to ‘jump on the bandwagon’, smaller players will adopt solutions that are based upon outmoded foundations and infrastructures. If this happens some regulators and stakeholders could struggle to keep up with the pace of technology change. This could mean that they might be unable to introduce the safeguards, protected environments and fraud prevention methodologies that are required at this early stage of market evolution. Fraud is deemed to be the greatest risk here. The fraudster thrives in such fast-paced environments, especially when there is no history, formality, process standards, anti-risk architecture or common IT foundations. Typically, fraudsters just ‘adapt’ and outsmart their targets.

2. Globalization of mobile payments

Riskskill also points to the rapid spread of mobile payments globally, with the explosive growth of M-Commerce in China, India, Latin America and the Far East. Recent data from the ITU (International Telecommunication Union) reveals that global mobile subscriptions are now reaching 6 billion. In some of these newer territories, the mobile payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, whilst the growth figures are impressive, the rate of growth could draw into question whether the existing and on occasion nascent regulatory systems and controls are sufficient to cope. Indeed, Riskskill believes that the most worrying aspect of this global spread is whether the technical and security infrastructures are built and based upon the solid foundations required.

3. Consumer communication and information risks

Riskskill believes, in addition, that in the mobile payments sector there is a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Riskskill is concerned that, alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused, and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems, which will not have been put in place by all the main players at an early stage, as some will only just have kept up with competitive product development.

4. Standards and regulation outpaced?

The impact of such a rapid evolution of technology and financial products could threaten the applicability and implementations of many existing ‘standards’ programs. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change. Riskskill believes that as there is such a broad range of organizations and bodies from which such standards might come, that this in itself could cause confusion for market stakeholders and consumers alike. Once again, the most likely beneficiary of such confusion could well be ‘professional’ fraudsters. The hope is then, says Riskskill, that standards bodies will harmonize with other similar organizations around them, especially those who take a lead.

According to Riskskill there are a number of widely regarded bodies whose intervention could have a major impact in reducing market risk. This includes highly respected organizations such as UK Payments (formerly APACS), the ISO or the European Payments Council, which could potentially, some feel, develop a new SEPA-type regulation for the mobile payment sector. Other widely acclaimed and respected card schemes (such as Visa / MasterCard etc.) might also take a lead as they have a strong commitment to acting responsibly and correctly in the market.

Riskskill believes that if the standards that do emerge could drive the right risk–reduced conditions, it could in turn lead to both an evolution and a revolution in M-commerce practice and risk management. This could then prove to be a facilitator for wider adoption of mobile-based NFC /contactless payments.

RiskSkill has also studied whether the effects of the ‘potential standards debacle’ might also have a ‘knock-on’ effect upon government regulation too, as there is always the possibility that more interventionist governments might take the opportunity to play a constructive role. The company feels that with the respected EU Cyber Security Directive, focusing on setting good foundations with the Network and Information Security standards in individual member states, the current thrust seems potentially a long way from specifically addressing mobile payments.

In the UK, Riskskill questions whether the government is likely to drive innovation in this area, as the risk, payments and fraud skills within the leading departments (Cabinet Office, FED and the National Fraud Bureau) might not be those required to lead direction and strategy in the mobile payment sector.

Riskskill’s CEO Bill Trueman believes that whilst the risk in each of these areas can be incorporated into risk strategies, the combined effects are harder to predict. In his view, “It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector. This is a simply enormous issue to address. Organizations, and indeed many governments, are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a ‘tall order’ and only time will tell if it is possible.” 

News Source

Advertisements

Will The PSR(Payment Services Regulator) Changes Work?

fraud and risk management specialist

The Payment Services Regulator may make major UK infrastructural changes and legal changes to ‘open up’ the payments industry and access to it in the UK in order to encourage innovation. They have the powers to do many things, but care is certain needed. Caution is most certainly needed.

a) Only yesterday, I received an email telling me that they are not well staffed and resourced; and from my discussion and the stakeholder meetings so far, it appears that they have very little payments industry experience in the team. The objectives of the PSR need to be clear and not driven by a few disgruntled small banks wanting free access to many established infrastructures that are maintained and paid for by all of us.

b) There seems to be a format for these types of regulators who adopt an ‘economic’ regulator agenda. This format of addressing these things has opened up the telecoms networks to new operators, and the water pipe infrastructure in the water business (and Gas and electricity), and the PSR CEO comes straight from one of these. But payments are not the same, and without payment industry knowledge there is a danger that the PRS will regulate in the same way. Some creativity is required by the PSR – to ensure it does not simply act in ‘the same way’.

c) The biggest danger is that because payment systems are global and becoming more global, and as the UK is a leading global payments hub, that action by the PSR will make the UK market something different – uncompetitive, and isolated – so care must be taken NOT to do this.

d) The main restrictions on the payments ‘gateways’ are not competitive or restrictive as they were with water, electricity, gas and telecoms. The payments infrastructure is open to anyone who wants to ‘play’. The bigger restrictions are quite rightly about the governance and controls over money laundering – which requires very tough controls and restrictions to be imposed, managed, and governed. Again, The PSR needs to step carefully.

Author Bill Trueman, is an independent Payments, Fraud & Risk Specialist and Managing Director of UK Fraud and Riskskill

Originally Published at http://www.prlog.org/12411859-will-the-psrpayment-services-regulator-changes-work.html

.

Top Technology Trends in Payments, Risk and Fraud

fraud and risk management specialist

1. Big-Data – Big-data has become a buzz-word to capture many things, but in finding risks and fraud, the more data that we look at, the better chance we have of finding unusual features and problems that should not be there. The manipulation of data and looking for such anomalies and patterns is getting ever faster and better – and there are generally lots of clues on ways to make better decisions – e.g. merchants looking at their own trading / selling for unusual sales.

2. Sharing Data within the confines of Data Protection laws (In Uk DPA s29) – This might sound complex, but it is not. Data Protection laws vary slightly market to market across Europe, but the principles are the same as they are governed by EU Data Protection law. Organisations cannot share much data between them because of Data Protection laws that protect us as consumers – and quite rightly so. But they can and do share details of fraudsters and confirmed fraud, and without the same constraints, but there are VERY strict rules on how this can be done and what can be shared in order to protect you and me from abuse of this. There are increasingly more people understanding what the rules are and what can be done, which will help stop more cheats. But equally there are many projects that have been going on for a long time that will never work because of the understanding of the restrictions on what can, and what cannot be done.

3. Making greater use of public data / bureau data. More and more, the value and usage of data bureaux data is being expanded, by the development of new products in the market and the need for organisations to use publically available data to better effect. With much better and stronger payments data, voters’’ role and default data (like County Court Judgments etc.), but also more shared databases available and more people using and sharing such information there are many more things that then can be done with the data. Remember, that every time that we get an insurance quote, ask for a loan, request a credit card or a new phone or gas contract, we are leaving ‘footprints’ at the Data Bureaux, that is all making our habits much more accessible.

4.Greater use of Identity and Authentication Data – almost an extension of the data from the Data Bureaux, but with many more people doing things in the market to ‘know the customer’ better electronically and using data. We have almost gone full circle on this – as we evolved from a) Knowing who we were dealing with, b) Letters of introduction and c) “My word is my bond”. uberrimae fidei through to formal identification through d) the submission of passports and utility bills etc., and now to more and more e) electronic pattern analysis identification and crypto-based authentication services. The Electronic identification methods are becoming more refined and using more sources and more data to check that we are kind-of who we say we are, which in a way is a more complex way of knowing the person that we are dealing with (a) and letters of introduction (b). With government initiatives on identity management setting the ‘gold-standard’ of people identifying themselves through approved data identity bureaux, this can only change things for the better in the next 2-3 years.

5. Device identification / fingerprinting. Whenever we are ‘connected’ to the internet, the connectee can see how we are connected – and knows, with some degree of accuracy, what type of device it is that we are connected to and where it is. They have to know to deliver content to us. There are also companies evolving services that are going to become a lot more important who look at the devices that we are using in much more depth to make sure that when we connect to them, they recognise us. This is why, recently, when I tried to pay quite a large bill with my new iPhone, I was asked by the merchant to wait until I was using my normal computer. It realised that I might not be me, because they did not recognise my device. This technology area has a long way to go.

6. Movement away from ‘profiling types of people’ towards ‘knowing individuals’ – this is again a step towards a time in history when one knew exactly who one was dealing with. Insurance companies and loan providers historically have looked at the ‘groups that we fall into’ to predict the type of repayments or claims history that we might exhibit from the post-code / area that we live in, our age, the type of car/house that we have, how long we have been doing something etc.  This of course assumes that we all act the same as our neighbours, people who drive the same type of car/live in the same type house, or geography, or have the same job or family size.; which of course is not usually the case in today’s faster-moving world.  Whether for targeted marketing purposes or more targeted risk assessment and understanding, technology is helping us to be assessed as individuals and increasingly our behaviours are being used to determine what we can purchase and price what we pay for. For instance, insurance companies can price using telematics – devices attached to our car to assess our driving ‘style’ and thereby determine the potential risks involved to the insurance company.

7. Better use of the technology that we already have. The typical example of this today for me is the way that Apple has seen a commercial opportunity to enter the payments sector with ApplePay in the USA. The USA has not yet adopted EMV (CHIPs on payment cards) like the entire rest of the globe, and is losing more fraud than everywhere else, and has an outdated infrastructure that is causing problems for the financial services industry worldwide. The EMV backbone in the UK and across Europe is 15 years old, but the USA infrastructure dates back nearly 50 years. In one announcement, Apple did nothing new, but pulled together EMV, tokenisation (linking payment details at the point of purchase to the real payment credentials stored securely elsewhere and using a standard that exists today, but not widely used), NFC (again a common ‘tap & go’ technology used by millions on the London underground and more increasingly across the UK, but mandated by MasterCard for all payment terminals by 2020 across Europe; fingerprint identification/authorisation on the phone, and less talked about; geolocation technology to determine that the phone is physically where it is supposed to be when making a transaction.  They packaged this with some clever commercial arrangements to get issuer, acquirer, card scheme and merchant buy-in. This ‘sets a standard’ by using existing technology and ‘pulling it all together’ without inventing anything new. Despite the efforts of others, we should see a lot more of this type of using the current technology more in the year to come.

8. CHIP and PIN –  again in the same arena, the use of EMV Chip and enhanced cardholder verification, e.g. PIN, will evolve quickly in the USA to catch up with the rest of the globe. The losses and the stakes are too high for this not to happen. Despite continuing resistance in parts of the US market, with a desire by some people to stick with signature to verify transactions, or no cardholder verification at all; it must change. Signatures, however captured, take longer, are less secure, cannot be electronically checked, put the onus onto sales staff at every store and generally cause more disputes, chargebacks and fraud.  It is also a market acceptance of payment cards is still seen as expensive and with complex rules – so a major reason why Apple and others are invading this ‘space’. The USA strategy must be to move decisively towards EMV CHIP and PIN – and the recent presidential order for the US government to lead the way in this direction must help with this.  There is no denying that migrating to CHIP and PIN usage and acceptance on debit cards is an easier challenge due the familiarity with PIN usage already, but the real issue will be PIN on credit and charge cards amongst others. There was a co-ordinated national (not just industry) engagement in the UK to drive CHIP and PIN success. It is hard to see the national or industry cohesion across the US market today on these issues.  The final ‘doubters’ must however be persuaded to put aside their own commercial interests in favour of the wider community interests, the answer is not signature.

9. Large-Scale thefts of data – not a month, not a week in many cases goes by without us learning that clever IT hacks have caused another major retailer to lose the card details (and much more) of millions of cardholders and customers. Home Depot lost 56million earlier this year, but similar lost data sizes have been seen at TKMaxx, Target, JP Morgan and more recently at Kmart and Staples.  The attacks exploit technical and procedural weaknesses in the management of systems holding sensitive data as well as the POS terminals and systems. The data would not be so valuable or costly to deal with if there was an EMV payments infrastructure (see above). Misuse of card data would be more easily identifiable in an EMV-compliant set-up, but this type of attack will continue to happen until the data security technology is in place to stop it from happening or being worth stealing the data.

10. Data ‘in flight’ or data ‘at rest’ – whether sensitive data is being stored, temporarily or longer, or if transmitted between various endpoints, it is always at risk of being ‘snooped-upon’, captured, deleted, redirected, or amended – generally for financial or nuisance. Further to point 9 above, the data security issues that we hear more and more about can be prevented or significantly  reduced through proper controls and monitoring, whether PCI DSS, ISO, POS terminal estate management, Point-to-Point Encryption (P2PE), or just by using a little common sense. ‘Cyber security’ is another new ‘buzzword’ but an old problem. It challenges our current thinking on making things secure, regular monitoring, mitigation, proper management, plus real ownership and accountability – from the CxO level down.  ‘Cyber criminals’ seeking financial gain, test systems either to prove a point, or just for their own entertainment because they can. It is no longer called hacking or theft of data and money, but now it is called cyber crime.

11. Increasing IT skills of the global fraudster – Probably the weakest bullet point here to be described as a ‘trend’ – because this is not new; it has been happening for 2,000 years, where the crook always uses his slightly better knowledge or technology than the good guys. Dick Turpin used an alibi that he was somewhere else because the horses and roads available at the time were not developed enough to place him at the scene of the crime and at that time. On this occasion law enforcement matched his guile; but this rarely happens this quickly today as the crooks develop the attacks with new methods and technology quicker than we can implement the counter-measures.  The only thing that we can do, is ‘stay awake’, look out for the issues, ensure the controls and procedures are ‘fit for purpose’, and stay ahead of the market. We should worry that many attacks start with inside information, knowledge and access. Staying awake means constantly looking internally as well as externally. Bat note too that sometimes, if you are being chased by a hungry bear,  you do not have to outrun him, you just have to out-run the rest of the crowd!

12. The answer is mobile – what’s the question? – Industry pundits challenge the traditional card payment brands as ‘dinosaurs’, particularly now that we all transact, bank and shop more online than face-to-face. The mobile, PDA, tablet, watch or similar devices are now seen as the place to transact with customers.  Traditional card payments are being tested, alternative payment methods and new authentication solutions that are more flexible and more adaptable to the virtual space are entering the marketplace every DAY and  with a real vengeance. But how security-enabled are the devices, the new ‘apps’ and gateways. Leaving aside concerns about interoperability, commercial success, etc., the biggest challenges rest with sensitive data being stored or accessed by personal devices with uncontrolled hardware/software security standards, questionable accreditation, payment/security apps with potential weaknesses and users who believe that if there is a problem – that someone else will deal with it.

Author Bill Trueman, is an independent Payments, Fraud & Risk Specialist and Managing Director of UK Fraud and Riskskill

Other Posts Which You Would Also Find Useful:

25 FAQs on Risk Review, Risk Management, Compliance, Due Diligence and Fraud Prevention

Is EMV ‘A Colossal Waste of Time’ for Retailers?

Riskskill Appointed by Visa Inc. as an Approved GARS Reviewer

11 FAQs on EMV Chip & Card Technology

10 Mistakes to Avoid on Your Management Plans to Prevent Losses

 

UKFraud Mobile Payment SIG Urges Greater Stakeholder Collaboration

business3

Leading corporate risk prevention consultancy and analyst UKFraud (www.ukfraud.co.uk) has released an interim update on their on-going research and market analysis of mobile payments and related mobile initiatives. The findings follow an earlier warning to stakeholders about a ‘cocktail of emerging risks’ as a consequence of rapid growth in the global mobile payments market. Key findings of the interim report are as follows:

The marketplace and market activities continue to be exceptionally fast-moving as regular announcements from many parties herald major changes in available offerings, applications and technologies. These are becoming increasingly complex in a crowded market. New entities join the melee all the time, trying to stake their claim and demonstrate their role in the mobile payments process.

Few of the companies or stakeholders appearing in any one part of the market have a comprehensive view of the whole market (e.g. web developers trying to become payment gateways).

People think, write and discuss this market only in the relative terms of today’s marketplace and as such they are generally constrained by traditional payment models. This ensures that what they write is often out of date reasonably quickly.

Nomenclature is a problem. When industry pundits and stakeholders talk about “mobile wallets”, this can mean many things to different people. Areas can include: Web applications and in particular web-payments, Near Field Communications, online banking services and device loaded payment solutions. However, the term also encompasses ‘ticket’ repositories, loyalty voucher storage, password vaults, club membership passes and password encryption.

The definition of a ‘wallet’ is likely to change too. Initially, stakeholders have thought about a ‘wallet’ solely as a money repository. We should think about it more as somewhere where we put all those other personal items like tickets, coupons, vouchers, payment details and log-on credentials. The market should be  talking not about electronic wallets but about the  new ‘bigger thinking’ i.e. caring about our ‘handbag’ or ‘briefcase’, which might also contain other essential possessions, e.g. a wallet, ticketholder and list of passwords as well as a wide assortment of the other things that we collect and store there.

Technology advances and tech start-up innovations have led to a surge of many innovative products and services for consumers to keep abreast of and surveys show that people are confused. So how do these things all work, and how can they be integrated? Innovation and advances are positive and people are ever-chasing‘first-mover advantage’ – without the tools to deliver sustainable and secure solutions.

But this means that many will fail. They will not meet the challenges of scale, or develop a critical mass in terms of profitability or market presence. Most will be at risk of major fraud attacks as they grow. The legal or other losses could be overbearing once they start to attract the attention of criminals, regulators and other parties that raise the need for payment system compliance enforcement.

Noting the element of competition that exists and despite the flurry of activity to date, there still appears to be a distinct lack of broader collaboration, coordination and vision for where the market is or will be going.

Conversely, larger organisations and participants may have the market and brand presence, the necessary infrastructure and technology platforms, etc., but they suffer from the constraints of their own size and governance. Such players are typically more deliberate and laboured in their innovation development process. Where they are large payment organisations, for example, they often have a reputation to protect and secure infrastructure to maintain, upon which their reputation is founded.

They are typically more aware of risk management concerns plus the implications of regulatory input and feedback on their proposition. Consequently, these participants are unable to move as fast as they would like or as others would expect.

So, for both existing and for new participants in this market, as well as competing, they also need to think about how their product fits into the wider market and customer needs. Whilst speed to market is important, they need to achieve this with a robust, secure, future-proofed product or service. This should use today’s technology but that which is both business-proof, and commercially viable. This is difficult for any one organisation to achieve in isolation of others. The answer lies in collaboration and also in setting appropriate shared standards and governance.

Authentication of an ‘extended’ identity,  including that of devices, will be one of the single most important factors in the evolution of solutions, products and the global direction of standards.

Kevin Smith, Chair of UKFraud’s Mobile Payments & Wallet SIG reports on the state of evolution taking place in the marketplace and key findings. In his view, “There needs to be room for innovation and competition in payment systems, to ensure that the evolution of these new technologies and business-models is combined in ‘life-managing’ value-add solutions.  To be truly effective, this requires sector wide collaboration.

“The technologies, applications and solutions consist of many more components than suppliers can handle; and the solutions that are being evolved often miss the security and risk infrastructures required. Particular areas of weakness include: AML checks on identities and refer-listings, controls over and monitoring of hardware validation and the business being undertaken. Security of the software and the data transmitted is another area that requires greater focus. As the market is growing so rapidly the SIG is concerned that controls and proper infrastructure is often inadequate.”

The SIG sees the on-going challenge as putting in place the basics of proper checking, standards procedures, processes and highlighting the infrastructures needed. It also sees a requirement for setting base security thinking in place; to prevent the inevitable ‘crash’or a series of likely expensive regressions. This will prevent:

Different systems, standards and ‘languages’ that evolve needing to be merged

Big losses from criminal attacks

Abuse of systems for illegal and disreputable activity

Major failings of all of those parties who invest in the ‘wrong direction’

Adverse brand damage for key participants and stakeholders.

Commenting on the findings Bill Trueman CEO of UKFraud commented; “Every boardroom is confused about where this market is going and how to act and direct its efforts. This is because it is so clear that this will be the global future for consumers and suppliers. The big challenge is how to be successful as the landscape changes globally.

“Companies of all sizes face concerns. Many major corporates with strong security and infrastructure are worried that they can’t adapt to the future just as the thousands of smaller entities are trying to ‘create a solution or market’ with only a small piece of the jig-saw and none of the infrastructure or security or standards based upon interoperability required.

“There is no crystal ball for anyone to rely upon and there is still a tremendous amount of bravado with people developing new and ‘sexy’ solutions that will probably not work. Typically there are the 90% that will fail and the 10% that might be successful. The simple truth, from the SIG’s findings, is therefore that those that collaborate will be better positioned for success.”

About UKFraud (www.ukfraud.co.uk)
UKFraud is a leading UK based consultancy, with an impressive international track record of eliminating the risk of fraud. Its founder Bill Trueman is widely accepted as one of Europe’s leading fraud experts and a frequent commentator and writer on the issues involved. Trueman has extensive experience of the banking, insurance and the financial services sectors and is a thought leader at the forefront of many industry wide and international debates.

News Source

4 Reasons Why Mobile Payments Are Risky

Mobile Payments Challenges, Risks, and Solutions

The expected rapid growth of the mobile-payments market will create a potential “cocktail” of different risks that pose new challenges for risk managers and other players in the sector.

That’s one finding in new research from RiskSkill, a corporate risk prevention consultancy, and a division of UKFraud.

Riskskill studied developments in the mobile-payments arena, including all types of mobile payment services – mobile money and mobile wallets – which are subject to financial regulation and performed from or by mobile devices. The consultancy has identified some key risk areas:

1. The scale of sector growth and technology change. Riskskill says many risk professionals are concerned about projections that the mobile-payments business will reach $1 trillion in global transactions by 2015. That growth could mean that many proven risk strategies, once thought of as realistic and elastic, could be left out of touch in the medium term and lack the solid infrastructure required to be able to accommodate such growth.

2. The globalization of mobile payments. The explosive growth of m-commerce in China, India, Latin America and the Far East are a concern, Riskskill says. Recent data from the ITU (International Telecommunication Union) points to global mobile subscriptions now reaching 6 billion. In some of these newer areas, the mobile-payments sector is compensating for the lack of a physical and sufficiently robust banking structure and therefore proves extremely popular. Consequently, while the growth figures are impressive, the rate of growth could draw into question whether the existing and, on occasion, young nascent regulatory systems and controls are sufficient to cope.

3. Consumer communication and information risks. Riskskill says the sector consists of a continuous stream of new financial products that are all seeking to outdo each other in the eyes of providers and consumers. Alongside other areas of rapid market change, a fast churn of product lifecycles and the sheer variety of product nomenclature might cause consumers to become confused, and thus more vulnerable to fraudsters exploiting their confusion. This will also be compounded by the absence of adequate fraud systems which will not have been put in place by all the main players, at an early stage, as some will only just have kept up with competitive product development, Riskskill advises.

4. Are standards and regulation outpaced? The impact of this rapid technology evolution could threaten the applicability and implementations of many existing standards programs. Other newer standards will need to be evolved, although these too might still struggle to keep up with the rate of change.

“It is easy to plan for many risks individually – however, the wide and varied nature of the risks associated with the changing and rapidly growing mobile payments sector creates a whole array of risks that will challenge even the best of plans and strategies for addressing problems within the mobile payments sector,” said Riskskill CEO Bill Trueman. “This is a simply enormous issue to address. Organizations and indeed many governments are often now too ‘silo based’ to evolve direction and protection from the attacks in a market that is so rapidly evolving. The ideal solution for leading sector stakeholders should be to drive proper standards through appropriate bodies that will in turn drive both a governmental and a business response globally. It’s a tall order and only time will tell if it is possible.”